DSL VPN

Answered Question
Mar 4th, 2007

Dears;

I have 2811 router connected to the internet using ADSL connection;

i successfully configured the router to access the internet.

the image which router gas is c2800nm-ipbasek9-mz.124-4.

I need to configure the router to establish VPN tunnel.

which image should i installed .

I have this problem too.
0 votes
Correct Answer by Danilo Dy about 9 years 7 months ago

Your HWIC-1ADSL is in the show diagnostics. According to this link it first support in 12.4(4)T http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd80394b7e.html

Use ADVANCED SECURITY 12.4(11)T with the filename c2800nm-advsecurityk9-mz.124-11.T1.bin (ED) instead

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Danilo Dy Sun, 03/04/2007 - 04:47

You mean IPSEC VPN?

Here are the IOS that supports IPSEC VPN for 2811, all of them requires 256MB DRAM and 64MB FLASH

Advance IP Services c2800nm-advipservicesk9-mz.124-13.bin

Advance Enterprise Services c2800nm-adventerprisek9-mz.124-13.bin

Advance Security c2800nm-advsecurityk9-mz.124-13.bin

ahmednaas Sun, 03/04/2007 - 07:52

I think the image you have now supports IPSEC VPN. The K9 in the image name indicates that it supports IPSEC/3DES. Did you try configuring a VPN on it?

w_basheer Sun, 03/04/2007 - 12:51

Dear;

i installed the image :

c2800nm-advsecurityk9-mz.124-13.

But i can't configure the ATM interface in my router?

i can't find the interface ATM command.

can you help me please.

ahmednaas Sun, 03/04/2007 - 13:13

when you do a "sh ver", can you see the interface listed?

Can you post your config?

w_basheer Sun, 03/04/2007 - 14:08

Dear Sir;

previously i had the image:c2800nm-ipbasek9-mz.124-4.T.bin.

and successfully configured the ATM and dialer interface and connected to the internet.

but now i have to configured VPN Connection.

so i need to upgrade the image to security image so i can applied the commands.

but when i upgrade the image to c2800nm-advsecurityk9-mz.124-13.bin.

i can't find the ATM interface configuration.

I will send to you my run configurations.

ahmednaas Sun, 03/04/2007 - 14:32

Please check the following first:

-show version

Your ATM interface should be listed among the found interfaces.

-show interface

Your atm interface should be listed along with the ethernet interfaces.

If the ATM interface does not show up in either situation, you should check to the see if the card is correctly seated.

If it shows up in both commands, then you should be able to configure it.

Danilo Dy Sun, 03/04/2007 - 21:39

Can you post the "show version" and "show diagnostic" output here?

w_basheer Sun, 03/04/2007 - 22:23

ITS-BAH-OFFICE#sh ver

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(13), )

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Thu 22-Feb-07 15:39 by prod_rel_team

ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)

ITS-BAH-OFFICE uptime is 9 hours, 40 minutes

System returned to ROM by reload at 20:57:15 UTC Sun Mar 4 2007

System image file is "flash:c2800nm-advsecurityk9-mz.124-13.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

[email protected].

Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory.

Processor board ID FTX0925A5RP

2 FastEthernet interfaces

2 Virtual Private Network (VPN) Modules

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Danilo Dy Sun, 03/04/2007 - 22:34

Yeeesh, your ATM interface is not in the "show version". an you post the "show diagnostic" as well?

ahmednaas Sun, 03/04/2007 - 22:52

I thought you needed 12.4 T release to support HWIC-1ADSL Card. Your previous software must have been a 12.4(4T) or greater:

http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd80394b7e.html

WIC Slot 1:

Unknown WAN daughter card

WIC module not supported/disabled in this slot

Hardware Revision : 7.0

Top Assy. Part Number : 800-26247-01

Part Number : 73-9932-05

Board Revision : B0

Deviation Number : 0

Fab Version : 07

PCB Serial Number : FOC102207TV

RMA Test History : 00

RMA Number : 0-0-0-0

RMA History : 00

Product (FRU) Number : HWIC-1ADSL

Version Identifier : V01

CLEI Code : COUIADECAA

EEPROM format version 4

ahmednaas Sun, 03/04/2007 - 23:04

Please note the in your first post you did not mention the T. You had "c2800nm-ipbasek9-mz.124-4". I just went through the thread again and noticed that in a later post you added the T: "c2800nm-ipbasek9-mz.124-4T".

You need a T train release to support your HWIC-1ADSL card.

w_basheer Sun, 03/04/2007 - 21:45

------------------------------------------------

===============================================

THIS CONFIGURATION for advsecurityk9

===============================================

Building configuration...

Current configuration : 5089 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ITS-BAH-OFFICE

!

boot-start-marker

boot system flash c2800nm-advsecurityk9-mz.124-13.bin

boot-end-marker

!

enable secret 5 $1$1elu$VxanwUgYjKXI3DC7V8L4G.

!

aaa new-model

!

!

aaa authentication login default group tacacs+ local

!

aaa session-id common

!

!

ip cef

ip dhcp excluded-address 10.0.0.138

ip dhcp excluded-address 10.0.0.90

ip dhcp excluded-address 10.0.0.213

ip dhcp excluded-address 10.0.0.200

ip dhcp excluded-address 10.0.0.50

ip dhcp excluded-address 10.0.0.52

ip dhcp excluded-address 10.0.0.100

ip dhcp excluded-address 10.0.0.111

ip dhcp excluded-address 10.0.0.145

ip dhcp excluded-address 10.0.0.220

ip dhcp excluded-address 10.0.0.244

ip dhcp excluded-address 10.0.0.11

ip dhcp excluded-address 10.0.0.17 255.255.255.0

!

!

ip name-server 217.17.233.101

ip name-server 217.17.233.49

!

username admin privilege 15 secret 5 $1$JDJY$sEU32UxRvVqmmLZV3JWSX.

interface FastEthernet0/0

ip address 10.0.0.96 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Dialer0

ip address 89.148.43.29 255.255.255.252

ip nat outside

ip virtual-reassembly

encapsulation ppp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname itsbah1

ppp chap password 7 111D0C081013055D56

ppp pap sent-username itsbah1 password 7 03104E06010E2F1D1C

!

ip route 0.0.0.0 0.0.0.0 89.148.43.1

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http secure-server

ip nat pool pool 89.148.43.29 89.148.43.29 netmask 255.255.255.255

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 10.0.0.209 23 89.148.43.29 23 extendable

ip nat inside source static tcp 10.0.0.209 21 89.148.43.29 211 extendable

ip nat inside source static tcp 10.0.0.213 3389 89.148.43.29 1111 extendable

ip nat inside source static tcp 10.0.0.209 1156 89.148.43.29 1156 extendable

ip nat inside source static tcp 10.0.0.209 1521 89.148.43.29 1521 extendable

ip nat inside source static tcp 10.0.0.220 1720 89.148.43.29 1720 extendable

ip nat inside source static tcp 10.0.0.220 1907 89.148.43.29 1907 extendable

ip nat inside source static tcp 10.0.0.244 3001 89.148.43.29 3001 extendable

ip nat inside source static tcp 10.0.0.90 3389 89.148.43.29 5555 extendable

ip nat inside source static tcp 10.0.0.209 7710 89.148.43.29 7710 extendable

ip nat inside source static tcp 10.0.0.209 7720 89.148.43.29 7720 extendable

ip nat inside source static tcp 10.0.0.209 7730 89.148.43.29 7730 extendable

ip nat inside source static tcp 10.0.0.209 7740 89.148.43.29 7740 extendable

ip nat inside source static tcp 10.0.0.209 7777 89.148.43.29 7777 extendable

ip nat inside source static tcp 10.0.0.244 9999 89.148.43.29 9999 extendable

!

access-list 1 permit 10.0.0.0 0.0.0.255

dialer-list 1 protocol ip permit

!

end

------------------------------------------------

===============================================

w_basheer Sun, 03/04/2007 - 21:47

============================================

============================================

This configuration for c2800nm-ipbasek9-mz.124-4.T.bin

I have ATM Interface

===========================================

Current configuration : 3405 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ITS-BAH-OFFICE

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

ip subnet-zero

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.0.0.138

ip dhcp excluded-address 10.0.0.90

ip dhcp excluded-address 10.0.0.213

ip dhcp excluded-address 10.0.0.200

ip dhcp excluded-address 10.0.0.50

ip dhcp excluded-address 10.0.0.52

ip dhcp excluded-address 10.0.0.100

ip dhcp excluded-address 10.0.0.111

ip dhcp excluded-address 10.0.0.145

ip dhcp excluded-address 10.0.0.220

ip dhcp excluded-address 10.0.0.244

ip dhcp excluded-address 10.0.0.11

!

ip dhcp pool office-pool

import all

network 10.0.0.0 255.255.255.0

dns-server 217.17.233.49

default-router 10.0.0.138

!

!

ip name-server 217.17.233.101

ip name-server 217.17.233.49

!

!

!

username admin privilege 15 secret 5 $1$JDJY$sEU32UxRvVqmmLZV3JWSX.

!

!

!

!

interface FastEthernet0/0

ip address 10.0.0.138 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface Dialer0

ip address 89.148.43.29 255.255.255.252

ip nat outside

encapsulation ppp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname itsbah1

ppp chap password 7 111D0C081013055D56

!

ip classless

ip route 0.0.0.0 0.0.0.0 89.148.43.1

ip route 0.0.0.0 0.0.0.0 Dialer0

!

no ip http server

no ip http secure-server

ip nat pool pool 89.148.43.29 89.148.43.29 netmask 255.255.255.255

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 10.0.0.209 23 89.148.43.29 23 extendable

ip nat inside source static tcp 10.0.0.209 21 89.148.43.29 211 extendable

ip nat inside source static tcp 10.0.0.213 3389 89.148.43.29 1111 extendable

ip nat inside source static tcp 10.0.0.209 1156 89.148.43.29 1156 extendable

ip nat inside source static tcp 10.0.0.209 1521 89.148.43.29 1521 extendable

ip nat inside source static tcp 10.0.0.220 1720 89.148.43.29 1720 extendable

ip nat inside source static tcp 10.0.0.220 1907 89.148.43.29 1907 extendable

ip nat inside source static tcp 10.0.0.244 3001 89.148.43.29 3001 extendable

ip nat inside source static tcp 10.0.0.90 3389 89.148.43.29 5555 extendable

ip nat inside source static tcp 10.0.0.209 7710 89.148.43.29 7710 extendable

ip nat inside source static tcp 10.0.0.209 7720 89.148.43.29 7720 extendable

ip nat inside source static tcp 10.0.0.209 7730 89.148.43.29 7730 extendable

ip nat inside source static tcp 10.0.0.209 7740 89.148.43.29 7740 extendable

ip nat inside source static tcp 10.0.0.209 7777 89.148.43.29 7777 extendable

ip nat inside source static tcp 10.0.0.244 9999 89.148.43.29 9999 extendable

!

access-list 1 permit 10.0.0.0 0.0.0.255

dialer-list 1 protocol ip permit

!

control-plane

!

!

end

Actions

This Discussion