Router on a stick IPSec with external DSL

Unanswered Question
Mar 2nd, 2009
User Badges:

I need to connect remote site with 2 local LANs to our hub site. Internet is Telmex with 2wire 2701. My solution was router on a stick with 3 trunked VLANs to a switch. 2 local LANs and 1 VLAN that I connect to the DSL modem. Try as I might, no joy on getting ISAKMP to make an offer to hub. Anyone see the errors of my ways :< ! Here is the info for remote:

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key xxxxxx address 65.xxx.yyy.aaa (my hub)


crypto ipsec transform-set 3desmd5_xform1 esp-3des esp-md5-hmac

crypto map curta_1 1 ipsec-isakmp

description HQ VPN Router to remote VPN

set peer 65.xxx.yyy.aaa

set transform-set 3desmd5_xform1

match address 100

! Local Lan #1

interface FastEthernet0/0.128

encapsulation dot1Q 128 native

ip address 10.30.128.1 255.255.255.0

! Local Lan #2

interface FastEthernet0/0.130

encapsulation dot1Q 130

ip address 10.30.130.1 255.255.255.0

! Segment facing DSL inside

interface FastEthernet0/0.1000

encapsulation dot1Q 1000

ip address 201.122.21.143 255.255.255.224 ******

crypto map curta_1

access-list 100 remark Set interesting traffic for crypto map to traverse VPN

access-list 100 permit ip 10.30.128.0 0.0.7.255 10.15.0.0 0.0.255.255 (hub site)

access-list 100 permit ip 10.30.128.0 0.0.7.255 192.168.125.0 0.0.0.255 (hub site)


ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1000

ip route 10.15.0.0 255.255.0.0 FastEthernet0/0.1000

ip route 192.168.125.0 255.255.255.0 FastEthernet0/0.1000


****** ISP gave 1 static IP this example shows this, this is a point of brain damage as ISP can not give clear examples using this setup, but claims it will work :(.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion