Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

RAS and VPN

Hello,

if I use the following config to build a vpn tunnel to a cisco 3640 I have a problem.

The router don't dial. If I delete the line "crypto map rtp" in the area dialer 1 the router dials without problems into the internet.

Why don't the router dial with this config?

Thanks for your help.

Peer

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname "Frankfurt"

!

boot system flash flash:/c800-k9osy6-mw.122-13.T.bin

logging buffered 20000 debugging

enable password 7 094F

!

ip subnet-zero

!

no ip domain lookup

isdn switch-type basic-net3

!

crypto isakmp policy 1

authentication pre-share

crypto isakmp key cisco123 address 200.200.200.1

!

!

crypto ipsec transform-set rtpset esp-3des esp-sha-hmac

!

crypto map rtp 1 ipsec-isakmp

set peer 200.200.200.1

set transform-set rtpset

match address 115

!

!

!

!

interface Ethernet0

description connected to EthernetLAN

ip address 10.100.100.1 255.255.255.0

!

interface BRI0

description connected to Internet

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type basic-net3

crypto map rtp

!

interface Dialer1

description connected to Internet

ip address negotiated

ip nat outside

encapsulation ppp

no ip split-horizon

dialer pool 1

dialer idle-timeout 55

dialer string 012345

dialer hold-queue 10

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname test

ppp chap password 7 051F031C35

ppp pap sent-username test password 7 09584B1A0D

crypto map rtp

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

logging 10.100.100.50

access-list 1 permit 10.100.100.0 0.0.0.255

access-list 100 deny ip any 10.0.0.0 0.255.255.255

access-list 100 deny ip any 192.168.0.0 0.0.255.255

access-list 100 permit tcp any eq www any log

access-list 100 permit tcp any any eq www log

access-list 100 permit udp any eq domain any log

access-list 100 permit udp any any eq domain log

access-list 115 permit ip 10.100.100.0 0.0.0.255 any

access-list 115 deny ip any any

dialer-list 1 protocol ip permit

dialer-list 1 protocol ipv6 permit

!

snmp-server engineID local 0000000902000050547CF924

snmp-server community public RO

snmp-server chassis-id JAD03254137

snmp-server enable traps tty

!

line con 0

exec-timeout 0 0

password 7 xxx

login

stopbits 1

line vty 0 4

password 7 xxx

login

!

no rcapi server

!

!

end

2 REPLIES
Cisco Employee

Re: RAS and VPN

"crypto map rtp local-address Dialer" is missing in the global config so add that. Here is the link which has sample config exactly the same what you are trying to achive with troubleshooting too.

http://www.cisco.com/warp/public/793/access_dial/ipsec_9349.html

Once you have that command and things dosen't work, need to know following debug

debug dialer

debug isdn q931

debug ppp nego

debug crypto engine

debug crypto ipsec

debug crypto isakmp

New Member

Re: RAS and VPN

Thanks for this information.

If I try to enter the line:

crypto map rtp local-address Dialer 1

the router crash and restarts. I use the software

c800-k9osy6-mw.122-13.T.bin

I will try some other software.

107
Views
3
Helpful
2
Replies
CreatePlease to create content