Re: OT: L2TP Dialer help from Ahmed Ejaz on 2010-05-20 (Ccielab archives 05/2010)

From: Ahmed Ejaz <aahmedejaz_at_gmail.com>
Date: Thu, 20 May 2010 16:19:48 +0500

Hi,

Here is the config for one of our old 837 router through which we used to
vpn to our main site (pix firewall).

HTH

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ADSL-837
!
boot-start-marker
boot-end-marker
!
no logging on
enable secret 5 xxxxxxxxxx
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip domain retry 5
ip domain timeout 10
ip name-server 213.42.20.20
ip name-server 195.229.241.222
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp key xxxxxxxxx hostname ditpix.dita.ae no-xauth
crypto isakmp keepalive 10 10
crypto isakmp nat keepalive 10
!
crypto ipsec security-association lifetime kilobytes 500000000
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set setA esp-3des esp-md5-hmac
!
crypto map mapA 10 ipsec-isakmp
set peer 213.132.48.162
set transform-set setA
match address 165
!
!
!
interface Ethernet0
ip address 10.10.23.254 255.255.255.0
ip access-group 180 in
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/50
encapsulation aal5mux ppp dialer
dialer pool-member 5
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 5
dialer remote-name etisalat
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp pap sent-username xxxxxxxx password 7 xxxxxxxxx
crypto map mapA
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
!
ip nat inside source list 120 interface Dialer0 overload
!
access-list 120 deny ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
access-list 120 deny ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
access-list 120 deny ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
access-list 120 permit ip 10.10.23.0 0.0.0.255 any
access-list 165 permit ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
access-list 165 permit ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
access-list 165 permit ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
access-list 180 permit ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
access-list 180 permit ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
access-list 180 permit ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq www
access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 8080
access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq domain
access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 443
access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 1863
access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 5050
access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq ftp
access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq telnet
access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq isakmp
access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq non500-isakmp
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password 7 01435F1C521B5656
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end

On Thu, May 20, 2010 at 3:50 PM, Asif Gul Khan <nockhi_at_gmail.com> wrote:

> Dear friends
>
> my requirement is to dial L2TP VPN from a Cisco Router (preferably low end
> like 837,28xx). Can someone suggest me how can i achieve it??
>
> Some link or template will be appreciated
>
>
> --
> Regards,
>
> Asif Khan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu May 20 2010 - 16:19:48 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART