Hi there,
I have two remote sites which I need to connect point-to-point. I have an ADSL connection, Cisco 877 ADSL router and a public IP on each end. No luck so far.
I have OK, CD and PPP lights switched on, RXD, TXD blink occasionally, VPN light is permanently off.
Can't ping dest public IP from one router as VPN tunnel does not appear to be up.
This is the result of sh crypto isakmp sa, sh crypto ipsec sa commands on one of the routers, followed by router configs on each end:
==================================================
==================================================
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
<dest public IP> <source public IP> MM_NO_STATE 0 0 ACTIVE (deleted)
IPv6 Crypto ISAKMP SA
==================================================
==================================================
sh crypto ipsec sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 121.213.242.200
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer <dest public IP> port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: <source public IP>, remote crypto endpt.: <dest public IP>
path mtu 1460, ip mtu 1460, ip mtu idb Dialer0
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
==================================================
==================================================
sh run
Building configuration...
Current configuration : 4639 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <hostname>
!
boot-start-marker
boot-end-marker
!
logging buffered 65535
logging console informational
enable secret 5 **************
!
no aaa new-model
clock timezone ACST 9 30
clock summer-time ACST recurring 1 Sun Oct 2:00 last Sun Mar 2:00
!
crypto pki trustpoint TP-self-signed-469671228
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-469671228
revocation-check none
rsakeypair TP-self-signed-469671228
!
!
crypto pki certificate chain TP-self-signed-469671228
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363936 37313232 38301E17 0D303230 33303130 30303731
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3436 39363731
32323830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C46ED6FA AAB5D063 70E8479E 4CE0D46B 160FD4DB E9625CFA 740DE302 14EC9409
ABAF4A52 0855D440 A88B498E 90F5686E 2E5E1194 2FC734BE 70EEF290 B48BE90B
1280F385 9F14202D 6FC2C316 60859D4C C894EF61 9C787338 10D30E64 86DFC6D9
8902EF30 69E93669 37352904 6EF6EF97 9940D961 04F435BB 0774F06B 641B97C7
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 16801473 8119C16F 8D1246FE D8F10702 5881C10B 8EF9A230
1D060355 1D0E0416 04147381 19C16F8D 1246FED8 F1070258 81C10B8E F9A2300D
06092A86 4886F70D 01010405 00038181 0005A700 51CFDF78 D56703E1 ADA03131
B5C8FD38 5860F6DE A284F40E 04FF259F 92D13D80 2CA4DA00 BBD14A51 373EF78F
9A64FCAA A4363CF6 791ECF77 5B9C7A12 D4DF3FEE 9F05B6EF 1A514258 B5522DE7
79598002 8FB6976B 2D7FEF87 BE3B10B2 DE091864 DB7C591D 125F1ABF 5D15F83A
044E8A89 3B97AB60 592675D6 9C945208 04
quit
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.100
!
ip dhcp pool lan
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 61.9.133.193 61.9.134.49
lease infinite
!
!
no ip bootp server
ip domain name bigpond.net.au
!
multilink bundle-name authenticated
!
!
username ********* privilege 15 secret 5 *************
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key <pre-shared key> address <dest public IP> no-xauth
!
!
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto ipsec profile IPSEC-VPN
set transform-set 3DESSHA
!
!
archive
log config
hidekeys
!
!
ip ssh time-out 90
ip ssh authentication-retries 2
!
!
!
interface Tunnel0
description --- IPSec Tunnel to Site A ---
ip address 172.16.10.1 255.255.255.252
ip ospf mtu-ignore
load-interval 30
tunnel source Dialer0
tunnel destination <dest public IP>
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-VPN
!
interface ATM0
description --- ADSL ---
no ip address
no atm ilmi-keepalive
pvc 8/35
tx-ring-limit 3
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description --- Ethernet LAN ---
ip address 192.168.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
description --- ADSL ---
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname **********@bigpond.net.au
ppp chap password 7 15181C1B1E3B3D3C7A
ppp pap sent-username **********@bigpond.net.au password 7 *********
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 Tunnel0
!
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list nat_to_internet interface Dialer0 overload
!
ip access-list extended nat_to_internet
deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 1 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
====================================================
====================================================
Current configuration : 4697 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <hostname>
!
boot-start-marker
boot-end-marker
!
logging buffered 65535
logging console informational
enable secret 5 **************
!
no aaa new-model
clock timezone ACST 9 30
clock summer-time ACST recurring 1 Sun Oct 2:00 last Sun Mar 2:00
!
crypto pki trustpoint TP-self-signed-469671228
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-469671228
revocation-check none
rsakeypair TP-self-signed-469671228
!
!
crypto pki certificate chain TP-self-signed-469671228
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363936 37313232 38301E17 0D303230 33303130 30303731
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3436 39363731
32323830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C46ED6FA AAB5D063 70E8479E 4CE0D46B 160FD4DB E9625CFA 740DE302 14EC9409
ABAF4A52 0855D440 A88B498E 90F5686E 2E5E1194 2FC734BE 70EEF290 B48BE90B
1280F385 9F14202D 6FC2C316 60859D4C C894EF61 9C787338 10D30E64 86DFC6D9
8902EF30 69E93669 37352904 6EF6EF97 9940D961 04F435BB 0774F06B 641B97C7
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 16801473 8119C16F 8D1246FE D8F10702 5881C10B 8EF9A230
1D060355 1D0E0416 04147381 19C16F8D 1246FED8 F1070258 81C10B8E F9A2300D
06092A86 4886F70D 01010405 00038181 0005A700 51CFDF78 D56703E1 ADA03131
B5C8FD38 5860F6DE A284F40E 04FF259F 92D13D80 2CA4DA00 BBD14A51 373EF78F
9A64FCAA A4363CF6 791ECF77 5B9C7A12 D4DF3FEE 9F05B6EF 1A514258 B5522DE7
79598002 8FB6976B 2D7FEF87 BE3B10B2 DE091864 DB7C591D 125F1ABF 5D15F83A
044E8A89 3B97AB60 592675D6 9C945208 04
quit
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool lan
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 61.9.133.193 61.9.134.49
lease infinite
!
!
no ip bootp server
ip domain name vic.bigpond.net.au
!
multilink bundle-name authenticated
!
!
username ********* privilege 15 secret 5 *********************
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key <pre-shared key> address <destination public IP> no-
xauth
!
!
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto ipsec profile IPSEC-VPN
set transform-set 3DESSHA
!
!
archive
log config
hidekeys
!
!
ip ssh time-out 90
ip ssh authentication-retries 2
!
!
!
interface Tunnel0
description --- IPSec Tunnel to Site A ---
ip address 172.16.10.2 255.255.255.252
ip ospf mtu-ignore
load-interval 30
tunnel source Dialer0
tunnel destination <destination public IP>
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-VPN
!
interface ATM0
description --- ADSL ---
no ip address
no atm ilmi-keepalive
pvc 8/35
tx-ring-limit 3
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description --- Ethernet LAN ---
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
description --- ADSL ---
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname ********@bigpond.com
ppp chap password 7 ********
ppp pap sent-username ********@bigpond.com password 7 ********
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Tunnel0
!
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list nat_to_internet interface Dialer0 overload
!
ip access-list extended nat_to_internet
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 1 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
I have two remote sites which I need to connect point-to-point. I have an ADSL connection, Cisco 877 ADSL router and a public IP on each end. No luck so far.
I have OK, CD and PPP lights switched on, RXD, TXD blink occasionally, VPN light is permanently off.
Can't ping dest public IP from one router as VPN tunnel does not appear to be up.
This is the result of sh crypto isakmp sa, sh crypto ipsec sa commands on one of the routers, followed by router configs on each end:
==================================================
==================================================
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
<dest public IP> <source public IP> MM_NO_STATE 0 0 ACTIVE (deleted)
IPv6 Crypto ISAKMP SA
==================================================
==================================================
sh crypto ipsec sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 121.213.242.200
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer <dest public IP> port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: <source public IP>, remote crypto endpt.: <dest public IP>
path mtu 1460, ip mtu 1460, ip mtu idb Dialer0
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
==================================================
==================================================
sh run
Building configuration...
Current configuration : 4639 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <hostname>
!
boot-start-marker
boot-end-marker
!
logging buffered 65535
logging console informational
enable secret 5 **************
!
no aaa new-model
clock timezone ACST 9 30
clock summer-time ACST recurring 1 Sun Oct 2:00 last Sun Mar 2:00
!
crypto pki trustpoint TP-self-signed-469671228
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-469671228
revocation-check none
rsakeypair TP-self-signed-469671228
!
!
crypto pki certificate chain TP-self-signed-469671228
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363936 37313232 38301E17 0D303230 33303130 30303731
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3436 39363731
32323830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C46ED6FA AAB5D063 70E8479E 4CE0D46B 160FD4DB E9625CFA 740DE302 14EC9409
ABAF4A52 0855D440 A88B498E 90F5686E 2E5E1194 2FC734BE 70EEF290 B48BE90B
1280F385 9F14202D 6FC2C316 60859D4C C894EF61 9C787338 10D30E64 86DFC6D9
8902EF30 69E93669 37352904 6EF6EF97 9940D961 04F435BB 0774F06B 641B97C7
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 16801473 8119C16F 8D1246FE D8F10702 5881C10B 8EF9A230
1D060355 1D0E0416 04147381 19C16F8D 1246FED8 F1070258 81C10B8E F9A2300D
06092A86 4886F70D 01010405 00038181 0005A700 51CFDF78 D56703E1 ADA03131
B5C8FD38 5860F6DE A284F40E 04FF259F 92D13D80 2CA4DA00 BBD14A51 373EF78F
9A64FCAA A4363CF6 791ECF77 5B9C7A12 D4DF3FEE 9F05B6EF 1A514258 B5522DE7
79598002 8FB6976B 2D7FEF87 BE3B10B2 DE091864 DB7C591D 125F1ABF 5D15F83A
044E8A89 3B97AB60 592675D6 9C945208 04
quit
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.100
!
ip dhcp pool lan
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 61.9.133.193 61.9.134.49
lease infinite
!
!
no ip bootp server
ip domain name bigpond.net.au
!
multilink bundle-name authenticated
!
!
username ********* privilege 15 secret 5 *************
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key <pre-shared key> address <dest public IP> no-xauth
!
!
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto ipsec profile IPSEC-VPN
set transform-set 3DESSHA
!
!
archive
log config
hidekeys
!
!
ip ssh time-out 90
ip ssh authentication-retries 2
!
!
!
interface Tunnel0
description --- IPSec Tunnel to Site A ---
ip address 172.16.10.1 255.255.255.252
ip ospf mtu-ignore
load-interval 30
tunnel source Dialer0
tunnel destination <dest public IP>
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-VPN
!
interface ATM0
description --- ADSL ---
no ip address
no atm ilmi-keepalive
pvc 8/35
tx-ring-limit 3
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description --- Ethernet LAN ---
ip address 192.168.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
description --- ADSL ---
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname **********@bigpond.net.au
ppp chap password 7 15181C1B1E3B3D3C7A
ppp pap sent-username **********@bigpond.net.au password 7 *********
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 Tunnel0
!
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list nat_to_internet interface Dialer0 overload
!
ip access-list extended nat_to_internet
deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 1 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
====================================================
====================================================
Current configuration : 4697 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname <hostname>
!
boot-start-marker
boot-end-marker
!
logging buffered 65535
logging console informational
enable secret 5 **************
!
no aaa new-model
clock timezone ACST 9 30
clock summer-time ACST recurring 1 Sun Oct 2:00 last Sun Mar 2:00
!
crypto pki trustpoint TP-self-signed-469671228
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-469671228
revocation-check none
rsakeypair TP-self-signed-469671228
!
!
crypto pki certificate chain TP-self-signed-469671228
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34363936 37313232 38301E17 0D303230 33303130 30303731
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3436 39363731
32323830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C46ED6FA AAB5D063 70E8479E 4CE0D46B 160FD4DB E9625CFA 740DE302 14EC9409
ABAF4A52 0855D440 A88B498E 90F5686E 2E5E1194 2FC734BE 70EEF290 B48BE90B
1280F385 9F14202D 6FC2C316 60859D4C C894EF61 9C787338 10D30E64 86DFC6D9
8902EF30 69E93669 37352904 6EF6EF97 9940D961 04F435BB 0774F06B 641B97C7
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 16801473 8119C16F 8D1246FE D8F10702 5881C10B 8EF9A230
1D060355 1D0E0416 04147381 19C16F8D 1246FED8 F1070258 81C10B8E F9A2300D
06092A86 4886F70D 01010405 00038181 0005A700 51CFDF78 D56703E1 ADA03131
B5C8FD38 5860F6DE A284F40E 04FF259F 92D13D80 2CA4DA00 BBD14A51 373EF78F
9A64FCAA A4363CF6 791ECF77 5B9C7A12 D4DF3FEE 9F05B6EF 1A514258 B5522DE7
79598002 8FB6976B 2D7FEF87 BE3B10B2 DE091864 DB7C591D 125F1ABF 5D15F83A
044E8A89 3B97AB60 592675D6 9C945208 04
quit
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool lan
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 61.9.133.193 61.9.134.49
lease infinite
!
!
no ip bootp server
ip domain name vic.bigpond.net.au
!
multilink bundle-name authenticated
!
!
username ********* privilege 15 secret 5 *********************
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key <pre-shared key> address <destination public IP> no-
xauth
!
!
crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac
!
crypto ipsec profile IPSEC-VPN
set transform-set 3DESSHA
!
!
archive
log config
hidekeys
!
!
ip ssh time-out 90
ip ssh authentication-retries 2
!
!
!
interface Tunnel0
description --- IPSec Tunnel to Site A ---
ip address 172.16.10.2 255.255.255.252
ip ospf mtu-ignore
load-interval 30
tunnel source Dialer0
tunnel destination <destination public IP>
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSEC-VPN
!
interface ATM0
description --- ADSL ---
no ip address
no atm ilmi-keepalive
pvc 8/35
tx-ring-limit 3
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description --- Ethernet LAN ---
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
description --- ADSL ---
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname ********@bigpond.com
ppp chap password 7 ********
ppp pap sent-username ********@bigpond.com password 7 ********
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Tunnel0
!
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list nat_to_internet interface Dialer0 overload
!
ip access-list extended nat_to_internet
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 1 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
