Re: LAN(ADSL) to LAN(ADSL) VPN Router Config [7:47085]

Thu, 20 Jun 2002 18:31:32 -0700 

Here is a "in production" example of a 2610 one static Internet IP
using a split-tunnel to a dynamic IP 1720 with basically
the same config; except the ip on the dialer is "ip address negotiated".

-TV

hostname 2610
!
!
!
clock timezone EST -5
clock summer-time EST recurring
ip subnet-zero
no ip source-route
no ip rcmd domain-lookup
!
!
!
no ip bootp server
ip ssh time-out 120
ip ssh authentication-retries 3
vpdn enable
!
vpdn-group pppoe
 request-dialin
  protocol pppoe
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key whatever address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set dynamictunnel esp-des esp-md5-hmac
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto dynamic-map br1map 10
 set transform-set dynamictunnel
 match address 125
!
!
crypto map maptrans 10 ipsec-isakmp dynamic br1map
!
!
interface ATM0/0
 description dsl interface
 no ip address
 atm vc-per-vp 256
 no atm ilmi-keepalive
 atm voice aal2 aggregate-svc upspeed-number 0
 bundle-enable
 dsl operating-mode auto
 no fair-queue
 hold-queue 224 in
!
interface ATM0/0.1 point-to-point
 pvc 0/35
 pppoe-client dial-pool-number 1
 !
!
interface Ethernet0/0
 description inside Main Network
 ip address 192.168.28.1 255.255.255.0
 no ip redirects
 ip nat inside
 half-duplex
 no cdp enable
!
interface Dialer0
 description Internet IP via pppoe and dsl
 ip address Inetaddress 255.255.255.0
 ip access-group 180 in
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 dialer pool 1
 no cdp enable
 ppp authentication pap callin
 ppp chap password 7 blahblah
 ppp pap sent-username blah password 7 blalalla
 crypto map maptrans
!
ip nat inside source route-map nonat interface Dialer0 overload
ip nat inside source static tcp 192.168.28.250 25 Inetaddress 25 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip pim bidir-enable
!
access-list 125 permit ip 192.168.28.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 130 deny   ip 192.168.28.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 130 permit ip 192.168.28.0 0.0.0.255 any
access-list 180 permit ip 192.168.30.0 0.0.1.255 any log
access-list 180 deny   ip 192.168.0.0 0.0.255.255 any log
access-list 180 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 180 deny   ip 10.0.0.0 0.255.255.255 any log
access-list 180 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 180 deny   ip 255.0.0.0 0.255.255.255 any log
access-list 180 deny   ip 224.0.0.0 7.255.255.255 any log
access-list 180 deny   tcp any any eq ident log
access-list 180 deny   tcp any any eq 135 log
access-list 180 deny   tcp any any eq 137 log
access-list 180 deny   tcp any any eq 138 log
access-list 180 deny   tcp any any eq 139 log
access-list 180 deny   udp any any eq 135 log
access-list 180 deny   udp any any eq netbios-ns log
access-list 180 deny   udp any any eq netbios-dgm log
access-list 180 deny   udp any any eq netbios-ss log
access-list 180 deny   tcp any any eq 161 log
access-list 180 deny   udp any any eq snmp log
access-list 180 deny   tcp any any eq 162 log
access-list 180 deny   udp any any eq snmptrap log
access-list 180 permit udp host 128.118.25.3 eq ntp any log
access-list 180 deny   udp any any eq ntp log
access-list 180 permit ip any any log
no cdp run
!
route-map nonat permit 10
 match ip address 130
!

""KM Reynolds""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I have been trying to search CCO and the archives( think the links are
down
> at the moment) for a IpSec VPN LAN (1720 with ADSL) to LAN (1720 with
ADSL)
> router configuration using Pre-share keys.  Can someone post or point
where
> I can find this specfic configuration.  I have not configured a ADSL
> interface and would like to understand this better.
>
> K Reynolds
>
> _________________________________________________________________
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=47108&t=47085
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to