P2P VPN with Internet connection sharing

Unanswered Question
Apr 8th, 2008

I have 2 Cisco 857w's currently running a basic Site to Site VPN configured successfully through SDM.

Site 1 LAN = 10.10.10.0 /24

Site 2 LAN = 10.10.20.0 /24

The client would now like all users to access the Internet only through Site 2's Internet connection.. ie Site 1 must gain access through the VPN tunnel and out to the internet through Site 2's Router.

Can this be Done? What needs to be changed on both the Router's configs?

CURRENT CONFIG SITE 1 (relevant parts)

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxx address 111.222.333.444

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to 111.222.333.444

set peer 111.222.333.444

set transform-set ESP-3DES-SHA

match address 100

!

!

!

interface ATM0

no shut

no ip address

no ip route-cache cef

no ip route-cache

load-interval 30

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

interface FastEthernet0

spanning-tree portfast

!

interface FastEthernet1

spanning-tree portfast

!

interface FastEthernet2

spanning-tree portfast

!

interface FastEthernet3

spanning-tree portfast

!

interface Dot11Radio0

no ip address

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

description LOCAL_LAN

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache cef

!

interface Dialer0

description ADSL Link FNN xxxxxxx

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

no cdp enable

ppp authentication chap callin

ppp chap hostname [email protected]

ppp chap password xxxxxx

crypto map SDM_CMAP_1

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http access-class 20

ip http authentication local

ip http secure-server

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

!

access-list 22 remark SDM_ACL Category=17

access-list 22 permit 10.10.10.0 0.0.0.255

access-list 100 remark SDM_ACL Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

access-list 101 remark SDM_ACL Category=2

access-list 101 remark IPSec Rule

access-list 101 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

no cdp run

route-map SDM_RMAP_1 permit 1

match ip address 101

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion