Site-to-Site DSL

Unanswered Question
Mar 5th, 2007

Dear;

I have ADSL connection with 2800 Router.

I configured the following:

--------------------------

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key 123456 address 213.x.x.202

!

!

crypto ipsec transform-set MySet esp-des esp-md5-hmac

!

crypto map ITSBAH 10 ipsec-isakmp

set peer 213.x.x.202

set security-association lifetime seconds 28800

set transform-set MySet

match address VPN_DXB

!

!

!

!

!

interface FastEthernet0/1

description " Office LAN"

ip address 172.x.x.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

crypto map ITSBAH

!

!

interface Dialer0

ip address 89.x.x.29 255.255.255.252

ip nat outside

ip virtual-reassembly

encapsulation ppp

no ip route-cache cef

no ip route-cache

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp chap hostname itsbah1

ppp chap password xxx

ppp pap sent-username itsbah1 password xxx

crypto map ITSBAH

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip nat pool pool 89.x.x.29 89.148.43.29 netmask 255.255.255.255

ip nat inside source list 1 interface Dialer0 overload

!

ip access-list extended VPN_DXB

permit ip host 172.18.1.250 host 10.40.7.4

permit ip host 172.18.1.1 host 10.40.7.4

!

access-list 1 permit 172.18.1.0 0.0.0.255

dialer-list 1 protocol ip permit

!

!

------------------------------

==============================

but the tunnel is not established.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
spremkumar Mon, 03/05/2007 - 21:53

Hi

Can you post the output of show crypto isakmp sa and show crypto ipsec sa ?

regds

spremkumar Mon, 03/05/2007 - 22:44

Hi Basheer

Would suggest to check out the connectivity between your router and the remote peer.

You can verify the same using normal ICMP Ping.

Also on NAT statements you need to modify so that your VPN access doesnt get Natted..

You can verify the below link to configure up the same..

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml

Also are you seeing any error logs in your router related to IPSEC Tunnel establishment..

regds

spremkumar Tue, 03/06/2007 - 02:21

Hi Basheer

Can you try this and check ?

ip route 89.148.43.1 255.255.255.255 Dialer0

ip route 0.0.0.0 0.0.0.0 89.148.43.1

regds

Actions

This Discussion