NettableWalker
IS-IT--Management
I've been trying to get this to work for ages but have drawn a blank.
Here's my config, it works brilliantly to connect to a VPN on a Cisco 1721 across a serial WAN, but using an equivalent config on another 837 and going ADSL to ADSL just will not work.
any thoughts?
Ray837#sh run
Building configuration...
Current configuration : 4527 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ray837
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
enable secret 5 $xzczxczxczxc6e91
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
ip cef
no ip domain lookup
ip domain name local
no ip bootp server
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
no ip ips deny-action ips-interface
ip ssh time-out 60
ip ssh authentication-retries 2
!
username xxxxx privilege 15 password 7 xxxxxxxxxxxxxxx
!
crypto isakmp policy 1
authentication pre-share
group 2
lifetime 7200
crypto isakmp key xxxxxxxxx address 195.xx.xx.xx
!
crypto ipsec security-association lifetime kilobytes 5242880
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set ray esp-3des esp-sha-hmac
!
crypto map pdcvpn 15 ipsec-isakmp
set peer 195.xx.xx.xx
set transform-set ray
set pfs group2
match address 125
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description Connected to Local Network
ip address 10.5.0.203 255.255.0.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
description Connected to ADSL Wan Circuit
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
description Connected to ADSL Circuit
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname xxxxxxx
ppp chap password xxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxx password 7 xxxxxxxx2
ppp ipcp dns request
ppp ipcp wins request
crypto map pdcvpn
hold-queue 224 in
!
router eigrp 1
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
!
access-list 10 remark Telnet Access
access-list 10 permit 11.11.11.11 0.0.0.15
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 100 remark ----- Inbound ACL -----
access-list 100 permit ahp host 195.xx.xx.xx 0.0.0.14 yy.yy.yy.yy
access-list 100 permit esp host 195.xx.xx.xx 0.0.0.14 yy.yy.yy.yy
access-list 100 permit udp host 195.xx.xx.xx 0.0.0.14 yy.yy.yy.yy eq isakmp
access-list 100 permit udp host 195.xx.xx.xx 0.0.0.14 yy.yy.yy.yy eq non500-isakmp
access-list 100 permit ip 195.xx.xx.xx 0.0.0.14 any
access-list 100 deny ip any any log
access-list 102 deny ip 10.5.0.0 0.0.255.255 10.0.0.0 0.0.255.255
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 125 remark VPN Access
access-list 125 permit ip 10.5.0.0 0.0.255.255 10.0.0.0 0.0.255.255
dialer-list 1 protocol ip permit
!
!
control-plane
!
banner login ^CAuthorised users only, all access is logged.^C
!
line con 0
exec-timeout 300 0
login local
no modem enable
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
stopbits 1
line vty 0 4
session-timeout 15 output
access-class 10 in
exec-timeout 300 0
password 7 xxxxxxxxxxxx
login local
transport input telnet ssh
!
no scheduler max-task-time
scheduler interval 500
end
Thanks for your help.....
Here's my config, it works brilliantly to connect to a VPN on a Cisco 1721 across a serial WAN, but using an equivalent config on another 837 and going ADSL to ADSL just will not work.
any thoughts?
Ray837#sh run
Building configuration...
Current configuration : 4527 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Ray837
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
enable secret 5 $xzczxczxczxc6e91
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
ip cef
no ip domain lookup
ip domain name local
no ip bootp server
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
no ip ips deny-action ips-interface
ip ssh time-out 60
ip ssh authentication-retries 2
!
username xxxxx privilege 15 password 7 xxxxxxxxxxxxxxx
!
crypto isakmp policy 1
authentication pre-share
group 2
lifetime 7200
crypto isakmp key xxxxxxxxx address 195.xx.xx.xx
!
crypto ipsec security-association lifetime kilobytes 5242880
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set ray esp-3des esp-sha-hmac
!
crypto map pdcvpn 15 ipsec-isakmp
set peer 195.xx.xx.xx
set transform-set ray
set pfs group2
match address 125
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description Connected to Local Network
ip address 10.5.0.203 255.255.0.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
description Connected to ADSL Wan Circuit
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
description Connected to ADSL Circuit
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname xxxxxxx
ppp chap password xxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxx password 7 xxxxxxxx2
ppp ipcp dns request
ppp ipcp wins request
crypto map pdcvpn
hold-queue 224 in
!
router eigrp 1
network 10.0.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
!
access-list 10 remark Telnet Access
access-list 10 permit 11.11.11.11 0.0.0.15
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 100 remark ----- Inbound ACL -----
access-list 100 permit ahp host 195.xx.xx.xx 0.0.0.14 yy.yy.yy.yy
access-list 100 permit esp host 195.xx.xx.xx 0.0.0.14 yy.yy.yy.yy
access-list 100 permit udp host 195.xx.xx.xx 0.0.0.14 yy.yy.yy.yy eq isakmp
access-list 100 permit udp host 195.xx.xx.xx 0.0.0.14 yy.yy.yy.yy eq non500-isakmp
access-list 100 permit ip 195.xx.xx.xx 0.0.0.14 any
access-list 100 deny ip any any log
access-list 102 deny ip 10.5.0.0 0.0.255.255 10.0.0.0 0.0.255.255
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 125 remark VPN Access
access-list 125 permit ip 10.5.0.0 0.0.255.255 10.0.0.0 0.0.255.255
dialer-list 1 protocol ip permit
!
!
control-plane
!
banner login ^CAuthorised users only, all access is logged.^C
!
line con 0
exec-timeout 300 0
login local
no modem enable
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
stopbits 1
line vty 0 4
session-timeout 15 output
access-class 10 in
exec-timeout 300 0
password 7 xxxxxxxxxxxx
login local
transport input telnet ssh
!
no scheduler max-task-time
scheduler interval 500
end
Thanks for your help.....
