Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CISCO VPN QUESTION

Status
Not open for further replies.
GWeeble

GWeeble

Technical User
Oct 6, 2004
22
0
0
GB
Hi am having a problem with connecting a VPN between 2 routers and am not sure what I have done wrong. I have 2 3725's with WIC1 ADSL cards. Please help!

A end.

Building configuration...

Current configuration : 2927 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MAXIMS1-R66
!
boot-start-marker
boot system flash c3725-ik9s-mz.123-10a.bin
boot-end-marker
!
enable secret 5 $1$hIiZ$hC1HdUsLQDC5aH6rJP9Wq/
enable password XXXXX
!
no aaa new-model
ip subnet-zero
!
!
ip cef
ip domain name maxims.maximsclub.com
ip name-server 213.120.62.97
!
vpdn enable
!
vpdn-group pppoa
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key maximsclub address xxx.xxx.59.160
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set 3desmd5 esp-3des esp-md5-hmac
!
crypto map palacegate 1 ipsec-isakmp
set peer xxx.xxx.59.160
set transform-set 3desmd5
set pfs group2
match address 110
!
!
!
!
interface ATM0/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0/0
ip address XXX.XXX.66.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clockrate 2000000
no fair-queue
!
interface Serial0/2
no ip address
shutdown
clockrate 2000000
!
interface Dialer1
ip address XXX.XXX.59.162 255.255.255.0
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname Axxx.xxx@hg7.btclick.com
ppp chap password 0 xxx.xxx
ppp pap sent-username AXXXXX@hg7.btclick.com password 0 XXXXX
crypto map palacegate
!
ip nat inside source list 1 interface Dialer1 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route xxx.xxx.62.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.64.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.101.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.102.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.103.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.104.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.105.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.106.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.204.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.223.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.224.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.233.0 255.255.255.0 xxx.xxx.59.160
ip route xxx.xxx.243.0 255.255.255.0 xxx.xxx.59.160
!
!
access-list 1 permit xxx.xxx.62.0 0.0.0.255
access-list 110 permit ip xxx.xxx.66.0 0.0.0.255 xxx.xxx.0.0 0.0.255.255
!
!
!
!
!
!
!
!
line con 0
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password XXXXXXX
login
transport preferred all
transport input all
transport output all
!
end

B end

show run
Building configuration...

Current configuration : 2973 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MAXIMS1-R62
!
boot-start-marker
boot system flash c3725-ik9s-mz.123-10a.bin
boot-end-marker
!
enable password xxx.xxx
!
no aaa new-model
ip subnet-zero
!
!
ip cef
ip domain name maxims.maximsclub.com
ip name-server 213.120.62.97
!
vpdn enable
!
vpdn-group pppoa
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key maximsclub address xxx.xxx.59.162
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set 3desmd5 esp-3des esp-md5-hmac
!
crypto map derrystreet 1 ipsec-isakmp
set peer xxx.xxx.59.162
set transform-set 3desmd5
set pfs group2
match address 110
!
!
!
!
interface ATM0/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0/0
ip address xxx.xxx.62.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clockrate 2000000
!
interface Serial0/2
no ip address
shutdown
clockrate 2000000
!
interface Dialer1
ip address xxx.xxx.59.160 255.255.255.0
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname Axxx.xxx@hg7.btclick.com
ppp chap password 0 xxx.xxx
ppp pap sent-username Axxx.xxx@hg7.btclick.com password 0 xxx.xxx
crypto map derrystreet
!
ip nat inside source list 1 interface Dialer1 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route xxx.xxx.64.0 255.255.255.0 xxx.xxx.62.27
ip route xxx.xxx.64.0 255.255.255.0 xxx.xxx.62.21
ip route xxx.xxx.66.0 255.255.255.0 xxx.xxx.59.162
ip route xxx.xxx.101.0 255.255.255.0 xxx.xxx.62.21
ip route xxx.xxx.102.0 255.255.255.0 xxx.xxx.62.21
ip route xxx.xxx.103.0 255.255.255.0 xxx.xxx.62.21
ip route xxx.xxx.204.0 255.255.255.0 xxx.xxx.62.21
ip route xxx.xxx.223.0 255.255.255.0 xxx.xxx.62.21
ip route xxx.xxx.224.0 255.255.255.0 xxx.xxx.62.21
ip route xxx.xxx.233.0 255.255.255.0 xxx.xxx.62.21
ip route xxx.xxx.243.0 255.255.255.0 xxx.xxx.62.21
!
!
access-list 1 permit xxx.xxx.62.0 0.0.0.255
access-list 1 permit xxx.xxx.63.0 0.0.0.255
access-list 1 permit xxx.xxx.0.0 0.0.255.255
access-list 1 permit xxx.xxx.66.0 0.0.0.255
access-list 110 permit ip xxx.xxx.62.0 0.0.0.255 xxx.xxx.0.0 0.0.255.255
access-list 110 permit ip xxx.xxx.63.0 0.0.0.255 xxx.xxx.0.0 0.0.255.255
!
!
!
!
!
!
!
!
!
line con 0
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password xxx.xxx
login
transport preferred all
transport input all
transport output all
!
end

MAXIMS1-R62#
 
Sort by date Sort by votes
What doyou get when you do a

sh crypto isa sa
?

Why are you using the option

set pfs group2
?

Have you tried assigning the crypto map to the ATM interface?


It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)
 
Upvote 0 Downvote
try adding: dialer-group 1
to your dialer 1 intrface this will reference the access list for interesting traffic

Steve Lindley
CCNA
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
203
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
176
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
191
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
182
Hayden09
Hayden09
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
107
Zero6
Zero6

Part and Inventory Search

Sponsor

Back
Top