Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
3
Replies

Problem bringing up tunnel

rahulawati
Level 1
Level 1

‎03-13-2007 05:56 PM - edited ‎03-09-2019 05:35 PM

Hi guyz, i have a couple of queries regarding this technology and how they usually implement.. I may sound stupid but i have no other option but to ask... :-) first of all, i'd like to mention that its our org's best practice that we use two cisco 831 routers at the customer premises and then terminate this at the headend 7206 router in the data centre. we have been sent the bootstrap config to tftp to the 2 c831 routers.

the initial configs for these 2 routers are keyed into the ISC server in data centre. The first C831 acts as a internet screening router and blocks internet attacks. the second router is the router that connects to the LAN segment of the customer network and also acts ad a VPN router. so last night, we tried bringing up the tunnel. first we turned on the screening router. this connected back thru our adsl line to the ISC server in the data centre and downloaded its initial config. then we turned on the vpn router and even this router pulled its initial config from the ISC server. but the certification process failed on vpn router. so a couple of steps were used to figure out what the problem is.

Like checking the clock synchronization. then did a debug crypto pki trans and messages. debug ip http server etc. frm wat we got to knw was dat ip packets r generated from the vpn router, reaches the isc server and on its way back goes to another IP that we r not aware of. does dis hav anything to do with Natting from the ISP side. we r using dynamic addressing from the ISP.

another question i have is, that the configs i was sent includes ip addresses for E0 interface. but there's no E0 interface physicall present on the router. but when i do a sh ip int brief, it shows me E0,E1 and four fast eth interfaces. But physically, only E1 and 4 fast eth's exist. Is this a common thing in this series of routers. could this hav something to do with the problem we r facing? oh im soo confused...

Labels:
0 Helpful
3 Replies 3

vkapoor5
Level 5
Level 5

‎03-19-2007 11:35 AM

I think you should check the router at customer premises for physical ports because as per document of c831 it has one ethernet for WAN connectivity with DSL or cable modem and 4 ethernet ports for LAN. The config for E0 could be for first LAN port being used for some different purpose. However if the same config is working in other sites, it should work properly for this also except if there is some change in hardware, IOS or the config itself.

0 Helpful

rahulawati
Level 1
Level 1
In response to vkapoor5

‎03-19-2007 06:36 PM

yea, as u said, the E1 which is used for wan connectivity is configured for DHCP. and E0 is actually a master interface for the four subinterfaces that are used for lan. the E0 has been assigned an IP address which is used as default gateway for the nodes in the Lan.

0 Helpful

rahulawati
Level 1
Level 1
In response to rahulawati

‎03-19-2007 06:38 PM

i was initially confused with those interfaces but juz got it cleared wid my seniors and dats how i got to know that E0 doesnt exist physically but is a logical master interface.. Thanks dude... I'm still looking for the answer to my other question... any idea u think this could relate to or something to do with Natting at the ISP side?

0 Helpful
Customers Also Viewed These Support Documents