Hello,
Very new to Cisco IOS, but am trying to link two ADSL sites via a simple VPN - config is below.
First site is 192.168.200.x. Second Site is 192.168.0.x
Both sites have a fixed IP - but when I do a show crypto session, it says 'down' - any ideas appreciated... cheers.
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname gw.croydon
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$GiE3$7dJojtbJ0jnxvFmrFDXDy/
!
username hauc privilege 15 secret 5 $1$a3.P$xp7iuFYeRZR9oxZAf1THk.
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name haucltd.co.uk
ip name-server 158.43.128.1
ip name-server 158.43.192.1
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key xxxx address x.x.x.x
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map MAP-TO-CHARLTON 10 ipsec-isakmp
set peer x.x.x.x
set transform-set myset
match address 101
!
!
!
interface ATM0
description Connected to ADSL WAN Circuit
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
pvc 0/38
dialer pool-member 1
protocol ppp dialer
!
dsl operating-mode auto
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Vlan1
description Connected to the Croydon LAN
ip address 192.168.200.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname croydon@dsl.keme.net
ppp chap password 0 ksqq2112
crypto map MAP-TO-CHARLTON
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 101 permit ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport preferred all
transport output telnet
line aux 0
login local
transport preferred all
transport output telnet
line vty 0 4
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Very new to Cisco IOS, but am trying to link two ADSL sites via a simple VPN - config is below.
First site is 192.168.200.x. Second Site is 192.168.0.x
Both sites have a fixed IP - but when I do a show crypto session, it says 'down' - any ideas appreciated... cheers.
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname gw.croydon
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$GiE3$7dJojtbJ0jnxvFmrFDXDy/
!
username hauc privilege 15 secret 5 $1$a3.P$xp7iuFYeRZR9oxZAf1THk.
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name haucltd.co.uk
ip name-server 158.43.128.1
ip name-server 158.43.192.1
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key xxxx address x.x.x.x
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map MAP-TO-CHARLTON 10 ipsec-isakmp
set peer x.x.x.x
set transform-set myset
match address 101
!
!
!
interface ATM0
description Connected to ADSL WAN Circuit
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
pvc 0/38
dialer pool-member 1
protocol ppp dialer
!
dsl operating-mode auto
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Vlan1
description Connected to the Croydon LAN
ip address 192.168.200.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname croydon@dsl.keme.net
ppp chap password 0 ksqq2112
crypto map MAP-TO-CHARLTON
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 101 permit ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport preferred all
transport output telnet
line aux 0
login local
transport preferred all
transport output telnet
line vty 0 4
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
