From: Bolcer, Matt (matt.bolcer@xxxxxxx)
Date: Tue Jan 09 2001 - 13:44:54 GMT-3
Can this be done with a cable (straight-thru, cross-over) directly between
the ports or does it require modems and business lines?
-----Original Message-----
From: Sandy Turnage [mailto:sturnage@netdoor.com]
Sent: Monday, January 08, 2001 10:03 PM
To: Chuck Church; ccielab@groupstudy.com
Subject: Re: back to back AUX - Any way to do simulated dialup, dialer
lists?
Here is a config that I'm working on for async dial backup for an IPSEC VPN.
I
converted it to dialer profiles (from legacy dialer) late last night but it
seemed to working. I haven't tried it with snapshot routing, but it seems to
work with dialer watch (w/eigrp) and ospf demand-circuit.
============= IPSEC VPN between R1 and R5
R1 ------ R2 ------- R5
-------------------- Async dial backup
**** R1 ****
R1#
R1#show run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
enable secret 5 $1$Qlme$GesMXE2DG/x9StzSZ55B/1
!
username R5 password 0 cisco
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
chat-script modem "" "ATDT\T" TIMEOUT 60 CONNECT \c
chat-script rstusr "" "AT&FS0=1E0&R2&D2&C1&B1&H1M4&K1Q0&W" "OK"
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200.100.25.5
!
!
crypto ipsec transform-set myvpnset esp-des esp-md5-hmac
!
!
crypto map vpnmap 10 ipsec-isakmp
description ** connection to R5 **
set peer 200.100.25.5
set transform-set myvpnset
match address 110
!
!
!
interface Loopback10
ip address 220.1.1.1 255.255.255.0
no ip directed-broadcast
!
interface Tunnel0
bandwidth 1000000
ip address 192.168.15.1 255.255.255.0
no ip directed-broadcast
tunnel source 200.100.12.1
tunnel destination 200.100.25.5
crypto map vpnmap
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
!
interface Serial0
ip address 200.100.12.1 255.255.255.0
no ip directed-broadcast
crypto map vpnmap
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
interface Async1
no ip address
no ip directed-broadcast
encapsulation ppp
dialer in-band
dialer pool-member 1
async default routing
async dynamic routing
async mode dedicated
ppp authentication chap
!
interface Dialer1
ip address 192.168.25.1 255.255.255.0
no ip directed-broadcast
encapsulation ppp
ip ospf demand-circuit
dialer remote-name R5
dialer pool 1
dialer string 8925522
dialer-group 1
ppp authentication chap
!
router ospf 100
network 192.168.1.1 0.0.0.0 area 0
network 192.168.15.1 0.0.0.0 area 0
network 192.168.25.1 0.0.0.0 area 0
network 220.1.1.1 0.0.0.0 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 200.100.12.2
no ip http server
!
access-list 100 deny eigrp any any
access-list 100 permit ip any any
access-list 110 permit gre host 200.100.12.1 host 200.100.25.5
dialer watch-list 1 ip 192.168.161.0 255.255.255.0
dialer-list 1 protocol ip list 100
!
line con 0
exec-timeout 0 0
privilege level 15
transport input none
line aux 0
script reset rstusr
modem InOut
transport input all
stopbits 1
speed 38400
flowcontrol hardware
line vty 0 4
password cisco
login
!
end
**** R5 ****
R5#shw o run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R5
!
enable secret 5 $1$XXz3$rc3WkhAcC5RNFJe18X.QY1
!
username R1 password 0 cisco
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
chat-script modem "" "ATDT\T" TIMEOUT 60 CONNECT \c
chat-script rstusr "" "AT&FS0=1E0&R2&D2&C1&B1&H1M4&K1Q0&W" "OK"
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200.100.12.1
!
!
crypto ipsec transform-set myvpnset esp-des esp-md5-hmac
!
!
crypto map vpnmap 10 ipsec-isakmp
set peer 200.100.12.1
set transform-set myvpnset
match address 110
!
!
!
interface Loopback10
ip address 220.5.5.5 255.255.255.0
no ip directed-broadcast
!
interface Tunnel0
bandwidth 1000000
ip address 192.168.15.5 255.255.255.0
no ip directed-broadcast
tunnel source 200.100.25.5
tunnel destination 200.100.12.1
crypto map vpnmap
!
interface Ethernet0
ip address 192.168.161.5 255.255.255.0
no ip directed-broadcast
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1
ip address 200.100.25.5 255.255.255.0
no ip directed-broadcast
crypto map vpnmap
!
interface Async1
no ip address
no ip directed-broadcast
encapsulation ppp
dialer in-band
dialer pool-member 1
async default routing
async dynamic routing
async mode dedicated
ppp authentication chap
!
interface Dialer1
ip address 192.168.25.5 255.255.255.0
no ip directed-broadcast
encapsulation ppp
dialer remote-name R1
dialer pool 1
dialer-group 1
ppp authentication chap
!
router ospf 100
network 192.168.15.5 0.0.0.0 area 0
network 192.168.25.5 0.0.0.0 area 0
network 192.168.161.5 0.0.0.0 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 200.100.25.2
no ip http server
!
access-list 100 permit ip any any
access-list 110 permit gre host 200.100.25.5 host 200.100.12.1
dialer-list 1 protocol ip list 100
!
line con 0
exec-timeout 0 0
privilege level 15
transport input none
line aux 0
script reset rstusr
modem InOut
transport input all
stopbits 1
speed 38400
flowcontrol hardware
line vty 0 4
password cisco
login
!
end
***************
Hope this helps,
ST
Chuck Church wrote:
> All,
>
> I've been using this URL:
>
>
http://www.cisco.com/warp/customer/793/access_dial/auxback.html#async_aux_po
> rt
>
> and got back to back connectivity, but it acts like a serial connection.
Is
> there any way to make it act like a dial up interface, so I can test
> snapshot routing, and dialer lists? I played around changing the
dedicated
> async mode to interactive, but snapshot won't bring it back up. Any
ideas?
>
> Thanks,
>
> Chuck Church
> CCNP, CCDP, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000 x218
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:25 GMT-3