Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
2
Helpful
6
Replies

Site-to-Site DSL

w_basheer
Level 1
Level 1

‎03-05-2007 07:20 AM

Dear;

I have ADSL connection with 2800 Router.

I configured the following:

--------------------------

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key 123456 address 213.x.x.202

!

!

crypto ipsec transform-set MySet esp-des esp-md5-hmac

!

crypto map ITSBAH 10 ipsec-isakmp

set peer 213.x.x.202

set security-association lifetime seconds 28800

set transform-set MySet

match address VPN_DXB

!

!

!

!

!

interface FastEthernet0/1

description " Office LAN"

ip address 172.x.x.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

crypto map ITSBAH

!

!

interface Dialer0

ip address 89.x.x.29 255.255.255.252

ip nat outside

ip virtual-reassembly

encapsulation ppp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname itsbah1

ppp chap password xxx

ppp pap sent-username itsbah1 password xxx

crypto map ITSBAH

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip nat pool pool 89.x.x.29 89.148.43.29 netmask 255.255.255.255

ip nat inside source list 1 interface Dialer0 overload

!

ip access-list extended VPN_DXB

permit ip host 172.18.1.250 host 10.40.7.4

permit ip host 172.18.1.1 host 10.40.7.4

!

access-list 1 permit 172.18.1.0 0.0.0.255

dialer-list 1 protocol ip permit

!

!

------------------------------

==============================

but the tunnel is not established.

Labels:
0 Helpful
6 Replies 6

spremkumar
Level 9
Level 9

‎03-05-2007 09:53 PM

Hi

Can you post the output of show crypto isakmp sa and show crypto ipsec sa ?

regds

0 Helpful

w_basheer
Level 1
Level 1
In response to spremkumar

‎03-05-2007 10:35 PM

Dear ;

Please see the attached.

Preview file
6 KB
0 Helpful

spremkumar
Level 9
Level 9

‎03-05-2007 10:44 PM

Hi Basheer

Would suggest to check out the connectivity between your router and the remote peer.

You can verify the same using normal ICMP Ping.

Also on NAT statements you need to modify so that your VPN access doesnt get Natted..

You can verify the below link to configure up the same..

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml

Also are you seeing any error logs in your router related to IPSEC Tunnel establishment..

regds

0 Helpful

w_basheer
Level 1
Level 1
In response to spremkumar

‎03-06-2007 12:51 AM

Dear;

I updated my config;

please see the attached.

Preview file
4 KB
0 Helpful

w_basheer
Level 1
Level 1
In response to w_basheer

‎03-06-2007 02:03 AM

Dear;

do you thnk that the problem in the ADSL?

.

0 Helpful

spremkumar
Level 9
Level 9
In response to w_basheer

‎03-06-2007 02:21 AM

Hi Basheer

Can you try this and check ?

ip route 89.148.43.1 255.255.255.255 Dialer0

ip route 0.0.0.0 0.0.0.0 89.148.43.1

regds

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents