06-15-2010 09:15 AM - edited 03-04-2019 08:47 AM
Hi to all,
I have three router 887 I have to configure it in VPN using ADSL, but I want use the isdn interface as backup when ADSL fail to transport tunnel traffic. I have CCME and I have to ensure the voice traffic between offices also when adsl fails.
Anybody have a working example configuration, or suggestions?
Thank you very much
Augusto
06-16-2010 07:03 AM
Do you already have the ISDN in place and Working?
06-16-2010 07:12 AM
Yes now there are 2511 with HDSL and ISDN backup, but not VPN.
06-16-2010 07:20 AM
So you are going to install the 887 routers, and keep the existing ISDN setup?
Do you run a dynamic routing protocol over the ISDN?
Are the ISDN lines always up, or are they activated with interesting traffic?
06-16-2010 07:37 AM
Thanks Andrew,
>So you are going to install the 887 routers, and keep the existing ISDN setup?
No, really I can change the existing ISDN setup, is not a must maintain it, now isdn backup is used only to ensure a web/mail, but then I have to ensure VoIP.
>Do you run a dynamic routing protocol over the ISDN?
What do you it mean?
>Are the ISDN lines always up, or are they activated with interesting traffic?
No not alway up, I need isdn backup start with all type of traffic only if ADSL goes down.
I made a config but I'm not sure it works:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
group 2
crypto isakmp key pwdVPN address 222.222.222.222
!
!
crypto ipsec transform-set ESP-AES128-SHA ah-sha-hmac esp-aes esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 222.222.222.222
set peer 222.222.222.222
set transform-set ESP-AES128-SHA
match address 103
!
!
interface BRI0
no ip address
encapsulation ppp
no ip route-cache
dialer pool-member 1
isdn switch-type basic-net3
isdn termination multidrop
isdn point-to-point-setup
!
interface ATM0
backup delay 10 30
backup interface Dialer0
no ip address
no ip route-cache
no atm ilmi-keepalive
service-policy output CCP-QoS-Policy-1
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$
ip address 88.88.88.88 255.255.255.252
ip access-group 100 in
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly
no ip route-cache
crypto map SDM_CMAP_1
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
switchport access vlan 100
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.20.254 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface Vlan100
ip address 10.0.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 100 in
ip nat outside
ip inspect CCP_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 180
dialer string 0000000000
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user1
ppp chap password pwduser1
ppp pap sent-username user1 password pwduser1
no cdp enable
crypto map SDM_CMAP_1
service-policy output CCP-QoS-Policy-1
!
!
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 0.0.0.0 0.0.0.0 Dialer0 100
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip any any
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 10.0.20.0 0.0.0.255 10.0.10.0 0.0.0.255
access-list 104 remark CCP_ACL Category=2
access-list 104 deny ip 10.0.20.0 0.0.0.255 10.0.10.0 0.0.0.255
access-list 104 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 104 permit ip 192.168.20.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
route-map SDM_RMAP_1 permit 1
match ip address 104
!
route-map SDM_RMAP_2 permit 1
match ip address 104
Thank a lot
Augusto
06-16-2010 08:04 AM
Looks OK - try it out and test it.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide