Hi guyz, i have a couple of queries regarding this technology and how they usually implement.. I may sound stupid but i have no other option but to ask... :-) first of all, i'd like to mention that its our org's best practice that we use two cisco 831 routers at the customer premises and then terminate this at the headend 7206 router in the data centre. we have been sent the bootstrap config to tftp to the 2 c831 routers.
the initial configs for these 2 routers are keyed into the ISC server in data centre. The first C831 acts as a internet screening router and blocks internet attacks. the second router is the router that connects to the LAN segment of the customer network and also acts ad a VPN router. so last night, we tried bringing up the tunnel. first we turned on the screening router. this connected back thru our adsl line to the ISC server in the data centre and downloaded its initial config. then we turned on the vpn router and even this router pulled its initial config from the ISC server. but the certification process failed on vpn router. so a couple of steps were used to figure out what the problem is.
Like checking the clock synchronization. then did a debug crypto pki trans and messages. debug ip http server etc. frm wat we got to knw was dat ip packets r generated from the vpn router, reaches the isc server and on its way back goes to another IP that we r not aware of. does dis hav anything to do with Natting from the ISP side. we r using dynamic addressing from the ISP.
another question i have is, that the configs i was sent includes ip addresses for E0 interface. but there's no E0 interface physicall present on the router. but when i do a sh ip int brief, it shows me E0,E1 and four fast eth interfaces. But physically, only E1 and 4 fast eth's exist. Is this a common thing in this series of routers. could this hav something to do with the problem we r facing? oh im soo confused...