Something for you all to get your teeth into here.. :)
I have a problem with IPSEC Lan-Lan VPN's in conjunction with BT's new ADSL MAX service in the uk...
I have set up vpns many times on standard adsl connections.Very simple, Example: NONADSLMAX.txt attached.
The problem is BT adsl max works differantly, BT route down a public IP subnet(loopback0 on my config) via a dhcp allocated public address which always changes(dialer1 on my config).
BT assume that you will use they're supplied cheap "2wire" router in a no-nat configuration and connect your firewall's/P.C's directly to that with a public IP address.
The problem is I need to use the vpn for voice/data traffic. Firewalls are a no go because I need to use QoS-pre classify inside my vpn tunnels.
And I dont want to use a Cisco router with two ethernet interfaces because it bumps the cost right up!. I need to get this working with just one Cisco 877 for each site.
Im so close so far... BT supply the "ADSL Fusion" service with upto 512k upstream and 8meg down. It's very desirable for IPSEC VPN's...
Im having trouble with my interesting traffic for the vpn's. I cant encrypt any traffic unless I apply the interesting traffic access list(120 in my config below) to the vlan1 interface. If I only had one vpn to terminate on my routers that would be fine.. But on some routers I have more than one. I cant put all the interesting traffic access lists on the vlan1 interface! :(
ADSL MAX config attached: ADSLMAX.txt
Any ideas why the access list 120 needs to be on my vlan 1 interface for the router to bring up the tunnel and encrypt traffic? I've never had to do this before? It's really strange....
The VPN conncts and I can ping from the router con0 but not from vlan1 without acl 120 applied to vlan1?.
Thanks for your help guys. I look forward to hearing from you.