From: kevin gannon (kevin@gannons.net)
Date: Wed Oct 19 2005 - 14:55:47 GMT-3
Looks fairly good, is it not working ?
Regards
Kevin
On 10/19/05, Harri Makela <harri_makela@yahoo.com> wrote:
> Hi,
>
> I have to configure a router (837) at remote end to establish connectivity with a VPN concentrator (3005) on main site. Could any one please advice if the configuration seems to be fine or I need to make some adjustments. Its my first configuration and I`ll highly appreciate any advice from this forum.
> _______________________________________________________________
>
>
>
> CL#sh running-config
> Building configuration...
>
> Current configuration : 2514 bytes
> !
> ! Last configuration change at 23:50:55 UTC Mon Oct 10 2005
> ! NVRAM config last updated at 23:59:08 UTC Mon Oct 10 2005
> !
> version 12.3
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname CL
> !
> boot-start-marker
> boot-end-marker
> !
> enable password 7 07843281A4B
> !
> no aaa new-model
> ip subnet-zero
> !
> !
> !
> !
> ip name-server x.x.x.x
> ip cef
> ip inspect name ethernetin udp
> ip inspect name ethernetin tcp timeout 3600
> ip inspect name ethernetin http java-list 50
> ip ips po max-events 100
> vpdn enable
> !
> vpdn-group pppoe
> request-dialin
> protocol pppoe
> !
> no ftp-server write-enable
> !
> crypto isakmp policy 1
> encr 3des
> hash md5
> authentication pre-share
> group 2
> crypto isakmp key 6 cisco123 address (x.x.x.x VPN Concentrator 3005)
> !
> !
> crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
> !
> crypto map to_vpn 10 ipsec-isakmp
> set peer (X.x.x.x VPN Concentrator 3005)
> set transform-set to_vpn
> match address 101
> !
> !
> !
> interface Ethernet0
> ip address 192.168.4.0 255.255.255.0
> ip nat inside
> ip inspect ethernetin in
> ip virtual-reassembly ip tcp adjust-mss 1350
> load-interval 30
> hold-queue 100 out
> !
> interface ATM0
> no ip address
> shutdown
> no atm ilmi-keepalive
> dsl operating-mode auto
> !
> interface \r\nATM0.1 point-to-point
> crypto map to_vpn
> pvc 8/35
> pppoe-client dial-pool-number 1
> !
> !
> interface FastEthernet1
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet2
> no ip address\r\n
> duplex auto
> speed auto
> !
> interface FastEthernet3
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet4
> no ip address
> duplex auto
> speed auto
> !
> interface Dialer1
> \r\n mtu 1492
> ip address negotiated
> ip access-group 100 in
> ip nat outside
> ip virtual-reassembly
> encapsulation pppoe
> ip tcp adjust-mss 1400
> load-interval 30
> dialer pool 1
> dialer-group 1
> \r\n no cdp enable
> ppp authentication chap callin
> ppp chap hostname xxxxx
> ppp chap password 0 xxxxx
> crypto map to_vpn
> !
> ip classless
> ip route 0.0.0.0 \r\n0.0.0.0 X.X.X.X (Pointing to the router as default gateway)
> !
> ip http server
> no ip http secure-server
> ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.255 (address assigned by the service provider)\r\n
> ip nat inside source route-map nonat pool mypool overload
> !
> !
> access-list 101 permit ip 192.168.4.0 0.0.0.255 10.1.0.0\r\n ",1]);//-->
> ip tcp adjust-mss 1350
> load-interval 30
> hold-queue 100 out
> !
> interface ATM0
> no ip address
> shutdown
> no atm ilmi-keepalive
> dsl operating-mode auto
> !
> interface ATM0.1 point-to-point
> crypto map to_vpn
> pvc 8/35
> pppoe-client dial-pool-number 1
> !
> !
> interface FastEthernet1
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet2
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet3
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet4
> no ip address
> duplex auto
> speed auto
> !
> interface Dialer1
> mtu 1492
> ip address negotiated
> ip access-group 100 in
> ip nat outside
> ip virtual-reassembly
> encapsulation pppoe
> ip tcp adjust-mss 1400
> load-interval 30
> dialer pool 1
> dialer-group 1
> no cdp enable
> ppp authentication chap callin
> ppp chap hostname xxxxx
> ppp chap password 0 xxxxx
> crypto map to_vpn
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 X.X.X.X (Pointing to the router as default gateway)
> !
> ip http server
> no ip http secure-server
> ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.255 (address assigned by the service provider)
> ip nat inside source route-map nonat pool mypool overload
> !
> !
> access-list 101 permit ip 192.168.4.0 0.0.0.255 10.1.0.0 (192.168 Privte address range on remote end, 10.1. private address range on main site)
> access-list 110 deny ip 192.168.4.0 \r\n0.0.0.255 10.1.0.0 0.0.0.255
> access-list 110 permit ip 192.168.4.0 0.0.0.255 any
> route-map nonat permit 10\r\n
> match ip address 110
> !
> !
> control-plane
> !
> !
> line con 0
> no modem enable
> line aux 0
> line vty 0 4
> login
> !
> scheduler max-task-time 5000
> end
>
> \r\n\r\n",0]);//-->0.0.0.255 (192.168 Privte address range on remote end, 10.1. private address range on main site)
> access-list 110 deny ip 192.168.4.0 0.0.0.255 10.1.0.0 0.0.0.255
> access-list 110 permit ip 192.168.4.0 0.0.0.255 any
> route-map nonat permit 10
> match ip address 110
> !
> !
> control-plane
> !
> !
> line con 0
> no modem enable
> line aux 0
> line vty 0 4
> login
> !
> scheduler max-task-time 5000
> end
>
>
>
>
>
> ---------------------------------
> Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
>
> ---------------------------------
> Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3