Router on a stick IPSec with external DSL

Unanswered Question
Mar 2nd, 2009
User Badges:

I need to connect remote site with 2 local LANs to our hub site. Internet is Telmex with 2wire 2701. My solution was router on a stick with 3 trunked VLANs to a switch. 2 local LANs and 1 VLAN that I connect to the DSL modem. Try as I might, no joy on getting ISAKMP to make an offer to hub. Anyone see the errors of my ways :< ! Here is the info for remote:

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key xxxxxx address (my hub)

crypto ipsec transform-set 3desmd5_xform1 esp-3des esp-md5-hmac

crypto map curta_1 1 ipsec-isakmp

description HQ VPN Router to remote VPN

set peer

set transform-set 3desmd5_xform1

match address 100

! Local Lan #1

interface FastEthernet0/0.128

encapsulation dot1Q 128 native

ip address

! Local Lan #2

interface FastEthernet0/0.130

encapsulation dot1Q 130

ip address

! Segment facing DSL inside

interface FastEthernet0/0.1000

encapsulation dot1Q 1000

ip address ******

crypto map curta_1

access-list 100 remark Set interesting traffic for crypto map to traverse VPN

access-list 100 permit ip (hub site)

access-list 100 permit ip (hub site)

ip route FastEthernet0/0.1000

ip route FastEthernet0/0.1000

ip route FastEthernet0/0.1000

****** ISP gave 1 static IP this example shows this, this is a point of brain damage as ISP can not give clear examples using this setup, but claims it will work :(.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion