Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
whiteford
whiteford
Community Member
‎09-26-2007 10:35 AM
‎09-26-2007 10:35 AM

Cisco 877 VPN expert - need help

I have configured my Cisco 877 for a VPN to a Cisco Concentrator, but the tunnel comes up, then goes down, then comes up then goes down etc. I just used a config from a Cisco 837. Below is the config and errors:

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname *

!

boot-start-marker

boot-end-marker

!

logging buffered 8192 warnings

enable password **

!

no aaa new-model

!

resource policy

!

ip subnet-zero

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 172.19.15.1 172.19.15.10

!

ip dhcp pool client

network 172.19.15.0 255.255.255.0

default-router 172.19.15.1

dns-server 192.168.21.1 192.168.21.2

lease 0 2

!

ip inspect name outbound tcp

ip inspect name outbound udp

ip inspect name outbound ftp

ip inspect name outbound http

ip inspect name outbound icmp

ip tftp source-interface Vlan1

!

username *** password 0 ***

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key #78697980c0n address 80.1.156.8

!

crypto ipsec transform-set vo_t_set esp-3des esp-md5-hmac

!

crypto map vo_t_set 10 ipsec-isakmp

set peer 80.1.156.8

set transform-set vo_t_set

match address 101

!

interface ATM0

no ip address

no ip unreachables

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

ip address 172.19.15.1 255.255.255.0

ip inspect outbound in

hold-queue 100 out

!

interface Dialer1

ip address negotiated

ip access-group inbound_acl in

no ip unreachables

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxx@hg57.xxxxx

ppp chap password 0 xxxxx

ppp pap sent-username xxxx@hg57.xxxxpassword 0 xxxx

crypto map vo_t_set

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

no ip http server

no ip http secure-server

!

ip access-list extended inbound_acl

permit udp any any eq isakmp

permit esp any any

deny icmp any any timestamp-request

deny icmp any any timestamp-reply

permit icmp any any

permit udp any any eq ntp

permit tcp x.x.x.x 0.0.0.31 any eq telnet

permit tcp x.x.x.x 0.0.0.31 any eq 22

permit tcp x.x.x.x 0.0.0.31 any eq ftp-data

permit tcp x.x.x.x 0.0.0.31 any eq ftp

permit tcp x.x.x.x 0.0.0.31 any eq www

permit tcp x.x.x.x 0.0.0.31 any eq 443

permit ip 192.168.21.0 0.0.0.255 172.19.15.0 0.0.0.255

permit ip 192.168.30.0 0.0.0.255 172.19.15.0 0.0.0.255

!

access-list 50 permit 192.168.90.11

access-list 101 permit ip 172.19.15.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

access-class 50 in

exec-timeout 0 0

login local

length 0

!

scheduler max-task-time 5000

sntp server 158.43.128.33

end

When I connect my laptop to the Ethernet port and ping a remote server this is what happens, sometimes the tunnel comes up sometimes not:

*Mar 1 01:14:49.239: %LINK-3-UPDOWN: Interface ATM0, changed state to up

*Mar 1 01:14:50.239: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up

*Mar 1 01:14:57.923: %DIALER-6-BIND: Interface Vi2 bound to profile Di1

*Mar 1 01:14:57.927: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

*Mar 1 01:15:01.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

*Mar 1 01:15:18.075: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

*Mar 1 01:15:18.075: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1

*Mar 1 01:15:19.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down

*Mar 1 01:15:19.159: %LINK-3-UPDOWN: Interface ATM0, changed state to down

*Mar 1 01:15:20.159: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
132
Views
0
Helpful
0
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs