Can anyone help me.
I've configured a Cisco 2621 with a WIC-ADSL1 card to create a VPN back to my main site. The VPN comes up and encrypts the data fine. However, the line seems to randomly disconnect. It comes back when I remote the crypto map commands from the dialer and reinstate them??! Very strange. Can someone take a look at my config and see if they can spot the problem?
Obviously I've changed the IP addresses in this config. However, the psuedo addresses are in the correct places.
!
! Last configuration change at 15:12:25 UTC Sat Jul 3 2004
! NVRAM config last updated at 15:35:14 UTC Sat Jul 3 2004
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname race-vpn
!
logging queue-limit 100
logging buffered 51200 warnings
enable secret 5 $1$Rno0$kgeHn07fubotE7EcjK10e.
!
no ip subnet-zero
ip finger
!
!
ip domain name wanadoo.fr
ip name-server 193.234.234.2
ip name-server 193.234.234.1
!
ip audit notify log
ip audit po max-events 100
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key <sharedkey> address 66.66.66.66
!
!
crypto ipsec transform-set race-vpn esp-3des esp-md5-hmac
!
crypto map race-vpn 10 ipsec-isakmp
set peer 66.66.66.66
set transform-set race-vpn
match address 101
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface ATM0/0
no ip address
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl operating-mode auto
!
interface ATM0/0.1 point-to-point
pvc 8/35
dialer pool-member 1
protocol ppp dialer
!
crypto map race-vpn
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$
ip address 77.77.77.2 255.255.240.0
no ip proxy-arp
ip nat inside
duplex auto
speed auto
!
interface ATM0/1
no ip address
shutdown
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex A
dsl linerate AUTO
!
interface ATM0/1.1 point-to-point
!
interface FastEthernet0/1
no ip address
ip nat inside
shutdown
duplex auto
speed auto
!
interface BRI1/0
no ip address
shutdown
!
interface BRI1/1
no ip address
shutdown
!
interface BRI1/2
no ip address
shutdown
!
interface BRI1/3
no ip address
shutdown
!
interface Dialer1
ip address 66.66.66.75 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname <username.
ppp chap password 7 0215055704085D
ppp pap sent-username <username> password 7 <password>
crypto map race-vpn
!
ip nat pool mypool 66.66.66.75 66.66.66.75 netmask 255.255.255.0
ip nat inside source route-map nonat pool mypool overload
ip http server
ip http authentication local
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
route-map nonat permit 10
match ip address 110
!
snmp-server community mclaren_mrtg RO 90
snmp-server enable traps tty
no call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password 7 01165251511B07
logging synchronous
login
transport input telnet ssh
line vty 5 15
privilege level 15
password 7 01165251511B07
login
transport input telnet ssh
!
ntp clock-period 17179874
!
end
I've configured a Cisco 2621 with a WIC-ADSL1 card to create a VPN back to my main site. The VPN comes up and encrypts the data fine. However, the line seems to randomly disconnect. It comes back when I remote the crypto map commands from the dialer and reinstate them??! Very strange. Can someone take a look at my config and see if they can spot the problem?
Obviously I've changed the IP addresses in this config. However, the psuedo addresses are in the correct places.
!
! Last configuration change at 15:12:25 UTC Sat Jul 3 2004
! NVRAM config last updated at 15:35:14 UTC Sat Jul 3 2004
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname race-vpn
!
logging queue-limit 100
logging buffered 51200 warnings
enable secret 5 $1$Rno0$kgeHn07fubotE7EcjK10e.
!
no ip subnet-zero
ip finger
!
!
ip domain name wanadoo.fr
ip name-server 193.234.234.2
ip name-server 193.234.234.1
!
ip audit notify log
ip audit po max-events 100
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key <sharedkey> address 66.66.66.66
!
!
crypto ipsec transform-set race-vpn esp-3des esp-md5-hmac
!
crypto map race-vpn 10 ipsec-isakmp
set peer 66.66.66.66
set transform-set race-vpn
match address 101
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface ATM0/0
no ip address
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl operating-mode auto
!
interface ATM0/0.1 point-to-point
pvc 8/35
dialer pool-member 1
protocol ppp dialer
!
crypto map race-vpn
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$
ip address 77.77.77.2 255.255.240.0
no ip proxy-arp
ip nat inside
duplex auto
speed auto
!
interface ATM0/1
no ip address
shutdown
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex A
dsl linerate AUTO
!
interface ATM0/1.1 point-to-point
!
interface FastEthernet0/1
no ip address
ip nat inside
shutdown
duplex auto
speed auto
!
interface BRI1/0
no ip address
shutdown
!
interface BRI1/1
no ip address
shutdown
!
interface BRI1/2
no ip address
shutdown
!
interface BRI1/3
no ip address
shutdown
!
interface Dialer1
ip address 66.66.66.75 255.255.255.0
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname <username.
ppp chap password 7 0215055704085D
ppp pap sent-username <username> password 7 <password>
crypto map race-vpn
!
ip nat pool mypool 66.66.66.75 66.66.66.75 netmask 255.255.255.0
ip nat inside source route-map nonat pool mypool overload
ip http server
ip http authentication local
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
!
route-map nonat permit 10
match ip address 110
!
snmp-server community mclaren_mrtg RO 90
snmp-server enable traps tty
no call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password 7 01165251511B07
logging synchronous
login
transport input telnet ssh
line vty 5 15
privilege level 15
password 7 01165251511B07
login
transport input telnet ssh
!
ntp clock-period 17179874
!
end
