VPN 3005 connectivity with 837

• Previous message: Rock: "Re: Can't access certain sites"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 19 Oct 2005 03:14:02 -0700

Hi,

I have to configure a router (837) at remote end to establish
connectivity with a VPN concentrator (3005) on main site. Could any one
please advice if the configuration seems to be fine or I need to make
some adjustments. Its my first configuration and I`ll highly appreciate
any advice from this forum.
_______________________________________________________________
CL#sh running-config
Building configuration...

Current configuration : 2514 bytes
!
! Last configuration change at 23:50:55 UTC Mon Oct 10 2005
! NVRAM config last updated at 23:59:08 UTC Mon Oct 10 2005
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CL
!
boot-start-marker
boot-end-marker
!
enable password 7 07843281A4B
!
no aaa new-model
ip subnet-zero
!
ip name-server x.x.x.x
ip cef
ip inspect name ethernetin udp
ip inspect name ethernetin tcp timeout 3600
ip inspect name ethernetin http java-list 50
ip ips po max-events 100
vpdn enable
!
vpdn-group pppoe
 request-dialin
  protocol pppoe
!
no ftp-server write-enable
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 cisco123 address (x.x.x.x VPN Concentrator 3005)
!
crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
!
crypto map to_vpn 10 ipsec-isakmp
 set peer (X.x.x.x VPN Concentrator 3005)
 set transform-set to_vpn
 match address 101
!
interface Ethernet0
 ip address 192.168.4.0 255.255.255.0
 ip nat inside
 ip inspect ethernetin in
 ip virtual-reassembly
 ip tcp adjust-mss 1350
 load-interval 30
 hold-queue 100 out
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 crypto map to_vpn
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet3
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip access-group 100 in
 ip nat outside
 ip virtual-reassembly
 encapsulation pppoe
 ip tcp adjust-mss 1400
 load-interval 30
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname xxxxx
 ppp chap password 0 xxxxx
 crypto map to_vpn
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X (Pointing to the router as default
gateway)
!
ip http server
no ip http secure-server
ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.255 (address
assigned by the service provider)
ip nat inside source route-map nonat pool mypool overload
!
!
access-list 101 permit ip 192.168.4.0 0.0.0.255 10.1.0.0 0.0.0.255
(192.168 Privte address range on remote end, 10.1. private address
range on main site)
access-list 110 deny ip 192.168.4.0 0.0.0.255 10.1.0.0 0.0.0.255
access-list 110 permit ip 192.168.4.0 0.0.0.255 any
route-map nonat permit 10
 match ip address 110
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login
!
scheduler max-task-time 5000
end

• Previous message: Rock: "Re: Can't access certain sites"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]