MSCHAPv2 from 800 series router to remote VPN gateway

Kjetil Fleten · ‎03-29-2007

I have a scenario as shown in the attachment "lifeline_routning.jpg". Two sites with several VLAN's is connected over a wireless bridge. The green VLAN is for administration of network devices. If the wireless bridge breakes down, I would like the Cisco 851 router to establish a VPN through a GPRS unit to the main site for the administrative VLAN.

The SnapGear VPN router at the main site uses MSCHAPv2 authentication.

I have enabled PPPoE on the 851, and I have configured a dialer interface with MSCHAPv2 authentication.

What I dont know, is how I configure the dialer interface to connect to the remote public WAN ip address of the Snapgear ? Should I configure a dialer map ? Is this acheived through a access list ? Or maybe VPDN ? Is there any documentation with examples on this kind of setup ?

Network layout and running-config is attached.

carenas123 · ‎04-04-2007

Unique to EAP-FAST, phase zero is a tunnel-secured means of providing an EAP-FAST end-user client with a PAC for the user requesting network access.Providing a PAC to the end-user client is the sole purpose of phase zero. The tunnel is established based on an anonymous Diffie-Hellman key exchange. If EAP-MSCHAPv2 authentication succeeds, CiscoSecure ACS provides the user a PAC.