Re: back to back AUX - Any way to do simulated dialup, dialer lists?

From: Sandy Turnage (sturnage@xxxxxxxxxxx)
Date: Tue Jan 09 2001 - 00:02:31 GMT-3

   
Here is a config that I'm working on for async dial backup for an IPSEC VPN. I
converted it to dialer profiles (from legacy dialer) late last night but it
seemed to working. I haven't tried it with snapshot routing, but it seems to
work with dialer watch (w/eigrp) and ospf demand-circuit.

   ============= IPSEC VPN between R1 and R5
R1 ------ R2 ------- R5
  -------------------- Async dial backup

**** R1 ****

R1#
R1#show run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
enable secret 5 $1$Qlme$GesMXE2DG/x9StzSZ55B/1
!
username R5 password 0 cisco
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
chat-script modem "" "ATDT\T" TIMEOUT 60 CONNECT \c
chat-script rstusr "" "AT&FS0=1E0&R2&D2&C1&B1&H1M4&K1Q0&W" "OK"
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key cisco123 address 200.100.25.5
!
!
crypto ipsec transform-set myvpnset esp-des esp-md5-hmac
!
!
crypto map vpnmap 10 ipsec-isakmp
 description ** connection to R5 **
 set peer 200.100.25.5
 set transform-set myvpnset
 match address 110
!
!
!
interface Loopback10
 ip address 220.1.1.1 255.255.255.0
 no ip directed-broadcast
!
interface Tunnel0
 bandwidth 1000000
 ip address 192.168.15.1 255.255.255.0
 no ip directed-broadcast
 tunnel source 200.100.12.1
 tunnel destination 200.100.25.5
 crypto map vpnmap
!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 no ip directed-broadcast
!
interface Serial0
 ip address 200.100.12.1 255.255.255.0
 no ip directed-broadcast
 crypto map vpnmap
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Async1
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer in-band
 dialer pool-member 1
 async default routing
 async dynamic routing
 async mode dedicated
 ppp authentication chap
!
interface Dialer1
 ip address 192.168.25.1 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 ip ospf demand-circuit
 dialer remote-name R5
 dialer pool 1
 dialer string 8925522
 dialer-group 1
 ppp authentication chap
!
router ospf 100
 network 192.168.1.1 0.0.0.0 area 0
 network 192.168.15.1 0.0.0.0 area 0
 network 192.168.25.1 0.0.0.0 area 0
 network 220.1.1.1 0.0.0.0 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 200.100.12.2
no ip http server
!
access-list 100 deny eigrp any any
access-list 100 permit ip any any
access-list 110 permit gre host 200.100.12.1 host 200.100.25.5
dialer watch-list 1 ip 192.168.161.0 255.255.255.0
dialer-list 1 protocol ip list 100
!
line con 0
 exec-timeout 0 0
 privilege level 15
 transport input none
line aux 0
 script reset rstusr
 modem InOut
 transport input all
 stopbits 1
 speed 38400
 flowcontrol hardware
line vty 0 4
 password cisco
 login
!
end

**** R5 ****

R5#shw o run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R5
!
enable secret 5 $1$XXz3$rc3WkhAcC5RNFJe18X.QY1
!
username R1 password 0 cisco
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
chat-script modem "" "ATDT\T" TIMEOUT 60 CONNECT \c
chat-script rstusr "" "AT&FS0=1E0&R2&D2&C1&B1&H1M4&K1Q0&W" "OK"
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key cisco123 address 200.100.12.1
!
!
crypto ipsec transform-set myvpnset esp-des esp-md5-hmac
!
!
crypto map vpnmap 10 ipsec-isakmp
 set peer 200.100.12.1
 set transform-set myvpnset
 match address 110
!
!
!
interface Loopback10
 ip address 220.5.5.5 255.255.255.0
 no ip directed-broadcast
!
interface Tunnel0
 bandwidth 1000000
 ip address 192.168.15.5 255.255.255.0
 no ip directed-broadcast
 tunnel source 200.100.25.5
 tunnel destination 200.100.12.1
 crypto map vpnmap
!
interface Ethernet0
 ip address 192.168.161.5 255.255.255.0
 no ip directed-broadcast
!
interface Serial0
 no ip address
 no ip directed-broadcast
 shutdown
!
interface Serial1
 ip address 200.100.25.5 255.255.255.0
 no ip directed-broadcast
 crypto map vpnmap
!
interface Async1
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 dialer in-band
 dialer pool-member 1
 async default routing
 async dynamic routing
 async mode dedicated
 ppp authentication chap
!
interface Dialer1
 ip address 192.168.25.5 255.255.255.0
 no ip directed-broadcast
 encapsulation ppp
 dialer remote-name R1
 dialer pool 1
 dialer-group 1
 ppp authentication chap
!
router ospf 100
 network 192.168.15.5 0.0.0.0 area 0
 network 192.168.25.5 0.0.0.0 area 0
 network 192.168.161.5 0.0.0.0 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 200.100.25.2
no ip http server
!
access-list 100 permit ip any any
access-list 110 permit gre host 200.100.25.5 host 200.100.12.1
dialer-list 1 protocol ip list 100
!
line con 0
 exec-timeout 0 0
 privilege level 15
 transport input none
line aux 0
 script reset rstusr
 modem InOut
 transport input all
 stopbits 1
 speed 38400
 flowcontrol hardware
line vty 0 4
 password cisco
 login
!
end

***************

Hope this helps,
ST

Chuck Church wrote:

> All,
>
> I've been using this URL:
>
> http://www.cisco.com/warp/customer/793/access_dial/auxback.html#async_aux_po
> rt
>
> and got back to back connectivity, but it acts like a serial connection. Is
> there any way to make it act like a dial up interface, so I can test
> snapshot routing, and dialer lists? I played around changing the dedicated
> async mode to interactive, but snapshot won't bring it back up. Any ideas?
>
> Thanks,
>
> Chuck Church
> CCNP, CCDP, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000 x218
>

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:25 GMT-3