Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2600 Dynamic IPsec

Hello all.

While I'm waiting to figure out my PIX issue(see L2TP/IKE/IPsec post) I'm trying to configure a 2621 router with a VPN accelerator card to be a dynamic IPSec gateway(basically a match of my PIX)

I can't find any examples besides the one for 2600 ADSL w/ hardware card. Some things I was able to figure out by using the PIX config and trying things, but I'm pretty much stuck trying to get the dymanic map into isakmp.

so far this is my config, is there any examples out there of a dynamic dial-in VPN for the 2600?

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

logging rate-limit console 10 except errors

username admin

memory-size iomem 10

ip subnet-zero

no ip finger

no ip domain-lookup

ip audit notify log

ip audit po max-events 100

no ip dhcp-client network-discovery

ip ssh time-out 60

ip ssh authentication-retries 2

no mgcp timer receive-rtcp

crypto isakmp policy 10

authentication pre-share

crypto ipsec transform-set strong esp-des esp-sha-hmac

mode transport

crypto dynamic-map dynmap 10

set security-association lifetime seconds 300

set transform-set strong

set pfs group2

crypto map mymap client configuration address initiate

crypto map mymap client configuration address respond

crypto map mymap 10 ipsec-isakmp

! Incomplete

set transform-set strong

set pfs group2

call rsvp-sync

interface ATM0/0

no ip address

no ip mroute-cache


atm vc-per-vp 256

no atm ilmi-keepalive

pvc 0/35

dsl operating-mode auto

interface FastEthernet0/0

ip address

duplex auto

speed auto

interface FastEthernet0/1

ip address

duplex auto

speed auto

interface FastEthernet0/1.1

interface Dialer1

no ip address


pulse-time 0

ip classless

ip route

no ip http server

snmp-server packetsize 4096

dial-peer cor custom

line con 0

transport input none

line aux 0

line vty 0 4


transport input ssh


I started making a subint for FE0/1 for the VPN stuff. I can't get the ADSL wic to carrier detect my dsl line(i tried all sorts of pinout including the ones I know to be right with no luck) so it's no good to me.

Cisco Employee

Re: 2600 Dynamic IPsec

There's a sample config here:

This is actually for a 3002 HW client to a router, but the router config is exactly the same since the VPN SW client acts exactly like the HW client.

CreatePlease login to create content