Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
1
Replies

P2P VPN with Internet connection sharing

cco4mike1
Level 1
Level 1

‎04-08-2008 10:10 PM - edited ‎02-21-2020 03:39 PM

I have 2 Cisco 857w's currently running a basic Site to Site VPN configured successfully through SDM.

Site 1 LAN = 10.10.10.0 /24

Site 2 LAN = 10.10.20.0 /24

The client would now like all users to access the Internet only through Site 2's Internet connection.. ie Site 1 must gain access through the VPN tunnel and out to the internet through Site 2's Router.

Can this be Done? What needs to be changed on both the Router's configs?

CURRENT CONFIG SITE 1 (relevant parts)

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxx address 111.222.333.444

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to 111.222.333.444

set peer 111.222.333.444

set transform-set ESP-3DES-SHA

match address 100

!

!

!

interface ATM0

no shut

no ip address

no ip route-cache cef

no ip route-cache

load-interval 30

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

interface FastEthernet0

spanning-tree portfast

!

interface FastEthernet1

spanning-tree portfast

!

interface FastEthernet2

spanning-tree portfast

!

interface FastEthernet3

spanning-tree portfast

!

interface Dot11Radio0

no ip address

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

description LOCAL_LAN

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache cef

!

interface Dialer0

description ADSL Link FNN xxxxxxx

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

no cdp enable

ppp authentication chap callin

ppp chap hostname username@xxxxx.xxxxxx.net

ppp chap password xxxxxx

crypto map SDM_CMAP_1

!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http access-class 20

ip http authentication local

ip http secure-server

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

!

access-list 22 remark SDM_ACL Category=17

access-list 22 permit 10.10.10.0 0.0.0.255

access-list 100 remark SDM_ACL Category=4

access-list 100 remark IPSec Rule

access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

access-list 101 remark SDM_ACL Category=2

access-list 101 remark IPSec Rule

access-list 101 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

no cdp run

route-map SDM_RMAP_1 permit 1

match ip address 101

Labels:
0 Helpful
1 Reply 1

jbayuka
Level 5
Level 5

‎04-14-2008 08:05 PM

Refer to IOS Router to Pass a LAN-to-LAN IPSec Tunnel via PAT Configuration Example for more information

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ecd.shtml

0 Helpful
Customers Also Viewed These Support Documents