Cisco router can be used as VPN server, using PPTP, for client from internet accesing private network. Below are steps for configuring PPTP on Cisco router, 1. Enable aaa authentication and create user,
aaa new-model
aaa authentication login default local aaa authentication ppp default local aaa authorization exec default local
interface Virtual-Template2 ip unnumbered FastEthernet0/0 peer default ip address pool poolipnetconfig ppp encrypt mppe auto required ppp authentication ms-chap ms-chap-v2
4. Create IP Pool for user
ip local pool poolipnetconfig 172.31.1.1 172.31.1.6
5. Test your configuration
Complete configuration on Cisco router:
PPTP-Server#sh run Building configuration...
Current configuration : 5669 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PPTP-Server ! boot-start-marker boot-end-marker ! enable secret 5 $1$WMq0$BZpIxsWnzmEI0fCvWADGd0 ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default local aaa authorization exec default local ! aaa session-id common ! resource policy ! ip cef ! ! ! ! ip domain name ipnetconfig.com ip name-server 192.168.0.1 ip ssh version 2 vpdn enable ! ! vpdn-group PPTP ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 2 ! ! ! username root privilege 15 secret 5 $1$E1t3$.GKaPz1xFuph9r/fRqxTO. ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.254 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto ! ! ! interface Virtual-Template2 ip unnumbered FastEthernet0/0 peer default ip address pool poolipnetconfig ppp encrypt mppe auto required ppp authentication ms-chap ms-chap-v2 ! ip local pool poolipnetconfig 172.31.1.1 172.31.1.6 ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! ! ip http server ip http secure-server ! ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 ! scheduler allocate 20000 1000 end
As using route reflector is a way simplifying and scaling iBGP configuration, it is recommended to use if you have many routers in your AS. To configure route reflector in Cisco router is really simple. 1. Add command
On the client side, BGP configuration will be as usual.
Example
Router 1 is route reflector, and will peer with router 2, route reflector client, and router 3, non client router. The BGP configuration will be like this.
IBGP require all BGP systems within the AS are a fully meshed, so that any external routing information is redistributed among all routers within the AS. This implementation can present scalling issue when an AS have a large number of internal BGP system because of the amount of identical information that BGP systems must share with each other. Imagine if an AS, for example, have 50 routers, administrator needs to create n(n - 1) / 2 = 50(50-1)/2=1225 BGP sessions. Imagine the complexity to create and maintain 1225 connections.
Route reflector is used to simplify this. Using a route reflector, routers are grouped into clusters, with a router in a cluster act as route reflector, and others as route reflector client. In a cluster, sessions occur between all clients and route reflector server. Full mesh IBGP sessions occur between all route reflector in the network. With this configuration, the IBGP full-mesh requirement is met. This will simplify configuration than create full mesh session between all routers.
When the route reflector receives a route, it selects the best path. Then, if the route came from a nonclient peer, the route reflector sends the route to all client peers within the cluster. If the route came from a client peer, the route reflector sends it to all nonclient peers and to all client peers except the originator. In this process, none of the client peers send routes to other client peers.
To configure route reflector, you specify a cluster identifier only on the BGP systems that are to be the route reflectors. These systems then determine, from the network reachability information they receive, which BGP systems are part of its cluster and are client peers, and which BGP systems are outside the cluster and are nonclient peers.
To configure a router to be a route reflector, you must do the following:
Configure multiple IBGP groups.
Configure a cluster identifier (using the cluster statement) for groups that are members of the cluster.
Configure all the groups with the same IBGP AS number.
To configure the route reflector, include the following statements in the configuration:
group group-name {
type internal;
peer-as autonomous-system;
neighbor address1;
neighbor address2;
}
group group-name {
type internal;
peer-as autonomous-system;
cluster cluster-identifier;
neighbor address3;
neighbor address4;
}
By default, the BGP route reflector performs intracluster reflector because it assumes that all the client peers are not fully meshed. However, if the client peers are fully meshed, intracluster reflector results in the sending of redundant route advertisements. In this case, you can disable intracluster reflector by including the no-client-reflect statement within the group statement:
group group-name {
type internal;
peer-as autonomous-system;
cluster cluster-identifier;
no-client-reflect;
neighbor address3;
neighbor address4;
}
Examples: Configuring BGP Route Reflector This example shows how to configure a simple route reflector. The configuration shown in Figure contains three routes: Router 1, which is the route reflector; Router 2, which is a client; and Router 3, which is a nonclient. The routers have the following loopback addresses:
Router 1—10.1.2.3
Router 2—10.1.2.4
Router 3—10.1.2.5
You must configure all routers to run a common IGP or to have static configuration, so that they learn each other’s loopback addresses.
Configure Router 1 to be a route reflector for Router 2 and a regular IBGP neighbor for Router 3:
[edit] routing-options { autonomous-system 65534; } protocols { bgp { group 13 { type internal; local-address 10.1.2.3; neighbor 10.1.2.5; } group 12 { type internal; local-address 10.1.2.3; cluster 1.2.3.4; neighbor 10.1.2.4; } } }
Configure Router 2 to be an IBGP neighbor to Router 1 and announce 16.0.0.0/8 to Router 1. Configure route 16.0.0.0/8 as a static route on Router 2.
