01-31-2008 07:35 PM - edited 03-03-2019 08:31 PM
Hello everyone,
Try to setup two VLNANs, one 192.168.2.0/24 goes out for internet service, and 10.76.10/24 goes fro crypto map via site to site tunnel. Please help to verify the configuration:
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
crypto isakmp key
!
!
crypto ipsec transform-set lga esp-3des esp-sha-hmac
!
crypto map virginblue 10 ipsec-isakmp
set peer 66.109.80.19
set transform-set lga
match address 102
!
!
!
ip cef
!
!
no ip domain lookup
!
ip inspect name firewall tcp
ip inspect name firewall dns
ip inspect name firewall ftp
ip inspect name firewall h323
ip inspect name firewall http
ip inspect name firewall rtsp
ip inspect name firewall sip
ip inspect name firewall skinny
ip inspect name firewall smtp
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall udp
ip domain name Flightsafety.com
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool Savannah
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name
dns-server 192.231.203.132 192.231.203.3
lease 0 8
!
multilink bundle-name authenticated
!
!
username cisco privilege 7 password xxx
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
ip address 10.76.1.254 255.255.255.0
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface vlan2
ip address 192.168.2.1 255.255.255.0
ip nat inside
full-duplex
!
interface Dialer1
ip address negotiated
ip access-group 161 in
ip inspect firewall out
encapsulation ppp
ip nat outside
dialer pool 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname 5270086@bzn
ppp chap password 7
ppp pap sent-username
crypto map virginblue
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip nat inside source list 7 interface dialer1 overload
!
no ip http server
no ip http secure-server
access-list 7 remark Access to Internet
access-list 7 permit 192.168.20 0.0.0.255
!
access-list 101 deny ip 10.76.1.0 0.0.0.255 10.253.0.0 0.0.255.255
access-list 101 deny ip 10.76.1.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 101 deny ip 10.76.1.0 0.0.0.255 192.168.32.0 0.0.0.255
access-list 101 permit ip 10.76.1.0 0.0.0.255 any
access-list 102 remark IPSec-Interesting-Traffic
access-list 102 permit ip 10.76.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 10.76.1.0 0.0.0.255 10.253.0.0 0.0.255.255
access-list 102 permit ip 10.76.1.0 0.0.0.255 192.83.226.0 0.0.0.255
access-list 102 permit ip 10.76.1.0 0.0.0.255 192.83.227.0 0.0.0.255
access-list 102 permit ip 10.76.1.0 0.0.0.255 198.51.24.0 0.0.7.255
01-31-2008 07:50 PM
I do not know what happened, but, look at the configuration about interface Dialer 1 plz:
interface Dialer1
ip address negotiated
ip access-group 161 in
where is the acl 161 ?
01-31-2008 07:57 PM
161 acl for incoming traffci. i just took it off.
01-31-2008 08:08 PM
did you try to establish IPSec vpn with 66.109.80.19 ? It was working well ?
01-31-2008 08:50 PM
where is your command for shared key like this
(crypto isakmp key
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide