07-28-2009 07:12 PM
I am trying to Run Two Internet connections on my cisco 1811 router, one with live ip will be using for VPN,, VPN users will connect with servers in DMZ,, this link will be dedicated for it...
The second one will be using for general Internet surfing,
Please see below configuration and attached network diagram.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MTL-1811
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1xxxxxxxxxxxxxxxxxI/
aaa new-model
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
!
resource policy
ip cef
!
ip domain name millat.com.pk
ip name-server 10.16.6.11
ip name-server 10.16.7.12
ip name-server 203.99.163.240
!
username Junaid privilege 15 secret 5 $1xxxxxxxxxxxxxxxxxxx0
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 58.27.233.210 no-xauth
!
crypto isakmp client configuration group vpnclient
key cisco123
dns 192.168.1.17
wins 192.168.1.17
domain millat.com.pk
pool ippool
acl 111
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set myset
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 1 ipsec-isakmp
! Incomplete
set peer 58.27.233.210
set transform-set myset
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0
ip address 192.168.95.65 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
ip address 58.27.232.18 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map clientmap
interface FastEthernet2
!
interface FastEthernet9
!
interface Vlan1
ip address 192.168.74.1 255.255.255.0
ip access-group Internet in
ip nat inside
ip virtual-reassembly
ip policy route-map send_vpn
!
interface Async1
no ip address
encapsulation slip
!
ip local pool ippool 192.168.55.100 192.168.55.200
ip route 0.0.0.0 0.0.0.0 192.168.95.1
ip route 58.27.232.16 255.255.255.248 192.168.55.0
ip route 192.168.1.0 255.255.255.0 192.168.74.2
ip route 192.168.2.0 255.255.255.0 192.168.74.2
ip route 192.168.10.0 255.255.255.0 192.168.74.2
ip route 192.168.11.0 255.255.255.0 192.168.74.2
ip route 192.168.12.0 255.255.255.0 192.168.74.2
!
no ip http server
no ip http secure-server
ip nat inside source list deny_vpn_go_nat interface FastEthernet0 overload
ip nat inside source route-map send_vpn interface FastEthernet1 overload
ip nat inside source static tcp 192.168.74.1 23 interface FastEthernet1 23
!
ip access-list extended Internet
permit ip host 10.16.6.11 any
permit ip host 10.16.7.12 any
permit ip any host 66.241.216.167
permit ip 192.168.74.0 0.0.0.255 any
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.11.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit ip 192.168.2.0 0.0.0.255 any
permit ip any host 203.215.177.36
permit ip 192.168.12.0 0.0.0.255 any
permit ip host 192.168.5.10 host 67.59.144.177
ip access-list extended deny_vpn_go_nat
deny ip 192.168.74.0 0.0.0.255 192.168.20.0 0.0.3.255
deny ip 192.168.74.0 0.0.0.255 192.168.55.0 0.0.0.255
deny ip 192.168.1.0 0.0.0.255 any
permit ip any any
ip access-list extended id_vpn
permit ip 192.168.74.0 0.0.0.255 192.168.55.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
!
access-list 111 permit ip 192.168.1.0 0.0.0.255 192.168.55.0 0.0.0.255
access-list 111 permit ip 192.168.74.0 0.0.0.255 192.168.55.0 0.0.0.255
route-map send_vpn permit 10
match ip address id_vpn
set ip next-hop 58.27.232.17
webvpn context Default_context
ssl authenticate verify all
07-29-2009 11:44 PM
What is the subject of your thread ?
Richard
07-30-2009 12:27 AM
What do you mean???
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide