Re: OT: L2TP Dialer help from Asif Gul Khan on 2010-05-20 (Ccielab archives 05/2010)

From: Asif Gul Khan <nockhi_at_gmail.com>
Date: Thu, 20 May 2010 16:29:53 +0500

Dear EjaZ!

I am talking about L2TP tunnel Specifically here. Your configuration seems
to be simple IPSec VPN only.

Regards

On Thu, May 20, 2010 at 4:19 PM, Ahmed Ejaz <aahmedejaz_at_gmail.com> wrote:

> Hi,
>
> Here is the config for one of our old 837 router through which we used to
> vpn to our main site (pix firewall).
>
> HTH
>
>
> version 12.3
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> service password-encryption
> !
> hostname ADSL-837
> !
> boot-start-marker
> boot-end-marker
> !
> no logging on
> enable secret 5 xxxxxxxxxx
> !
> no aaa new-model
> ip subnet-zero
> !
> !
> !
> !
> ip domain retry 5
> ip domain timeout 10
> ip name-server 213.42.20.20
> ip name-server 195.229.241.222
> ip ips po max-events 100
> no ftp-server write-enable
> !
> !
> !
> !
> !
> crypto isakmp policy 1
> encr 3des
> hash md5
> authentication pre-share
> group 2
> crypto isakmp key xxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth
> crypto isakmp key xxxxxxxxx hostname ditpix.dita.ae no-xauth
> crypto isakmp keepalive 10 10
> crypto isakmp nat keepalive 10
> !
> crypto ipsec security-association lifetime kilobytes 500000000
> crypto ipsec security-association lifetime seconds 86400
> !
> crypto ipsec transform-set setA esp-3des esp-md5-hmac
> !
> crypto map mapA 10 ipsec-isakmp
> set peer 213.132.48.162
> set transform-set setA
> match address 165
> !
> !
> !
> interface Ethernet0
> ip address 10.10.23.254 255.255.255.0
> ip access-group 180 in
> ip nat inside
> ip virtual-reassembly
> hold-queue 100 out
> !
> interface ATM0
> no ip address
> no atm ilmi-keepalive
> dsl operating-mode auto
> pvc 0/50
> encapsulation aal5mux ppp dialer
> dialer pool-member 5
> !
> !
> interface FastEthernet1
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet2
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet3
> no ip address
> duplex auto
> speed auto
> !
> interface FastEthernet4
> no ip address
> duplex auto
> speed auto
> !
> interface Dialer0
> ip address negotiated
> ip nat outside
> ip virtual-reassembly
> encapsulation ppp
> dialer pool 5
> dialer remote-name etisalat
> dialer idle-timeout 0
> dialer persistent
> dialer-group 1
> ppp pap sent-username xxxxxxxx password 7 xxxxxxxxx
> crypto map mapA
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer0
> !
> ip http server
> no ip http secure-server
> !
> ip nat inside source list 120 interface Dialer0 overload
> !
> access-list 120 deny ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
> access-list 120 deny ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
> access-list 120 deny ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
> access-list 120 permit ip 10.10.23.0 0.0.0.255 any
> access-list 165 permit ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
> access-list 165 permit ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
> access-list 165 permit ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
> access-list 180 permit ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
> access-list 180 permit ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
> access-list 180 permit ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq www
> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 8080
> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq domain
> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 443
> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 1863
> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 5050
> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq ftp
> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq telnet
> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq isakmp
> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq non500-isakmp
> dialer-list 1 protocol ip permit
> !
> !
> control-plane
> !
> !
> line con 0
> no modem enable
> transport preferred all
> transport output all
> line aux 0
> transport preferred all
> transport output all
> line vty 0 4
> password 7 01435F1C521B5656
> login
> transport preferred all
> transport input all
> transport output all
> !
> scheduler max-task-time 5000
> end
>
>
>
>
>
>
>
>
>
>
>
> On Thu, May 20, 2010 at 3:50 PM, Asif Gul Khan <nockhi_at_gmail.com> wrote:
>
>> Dear friends
>>
>> my requirement is to dial L2TP VPN from a Cisco Router (preferably low end
>> like 837,28xx). Can someone suggest me how can i achieve it??
>>
>> Some link or template will be appreciated
>>
>>
>> --
>> Regards,
>>
>> Asif Khan
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>

-- 
Regards,
Asif Khan
Blogs and organic groups at http://www.ccie.net

Received on Thu May 20 2010 - 16:29:53 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:53 ART