Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

uBR924 to a 3005 concentrator.

I am kind of new to cisco based VPN. I have a uBR924 configured to comcast. I want to have the uBR924 connect to the 3005 as a site to site. I am unable to accomplish this.

I believe the 3005 is configured correctly because I have routers set up to connect to it.

If someone would please look over my config and tell me if this is even possible the way I would like to do it, and if it is what I would need to fix?

Current configuration : 2306 bytes

!

! Last configuration change at 21:55:14 - Wed Jun 18 2003

! NVRAM config last updated at 19:54:41 - Wed Jun 18 2003

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Rocky

!

enable password xxxxxxx

!

username me password me

clock timezone - -5

ip subnet-zero

ip dhcp excluded-address 192.168.1.1 192.168.1.10

!

ip dhcp pool Local

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 4.2.2.2 66.92.224.2 12.127.16.70

lease 8

!

call rsvp-sync

!

!

!

!

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key WhYDiDYoUDoThAt address 207.2xx.xxx.xxx

crypto isakmp identity hostname

!

!

crypto ipsec transform-set test-transform ah-md5-hmac esp-3des esp-md5-hmac

!

!

crypto map test-ipsec local-address cable-modem0

crypto map test-ipsec 10 ipsec-isakmp

set peer 207.2xx.xxx.xxx

set transform-set test-transform

match address VPN

!

!

!

!

interface Loopback0

ip address 68.81.xx.xxx 255.255.255.255

!

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface cable-modem0

ip nat outside

no cable-modem compliant bridge

cable-modem dhcp-proxy nat LAN

crypto map test-ipsec

!

router rip

version 2

network 10.0.0.0

!

ip nat pool LAN 68.81.xx.xxx 68.81.xx.xxx netmask 255.255.255.0

ip nat inside source list 1 pool LAN overload

ip classless

ip pim bidir-enable

no ip http server

no ip http cable-monitor

!

!

ip access-list extended VPN

permit ip host 10.96.75.28 207.2xx.xxx.xxx 0.0.0.15

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 172.30.0.0 0.0.255.255

access-list 2 permit 172.29.0.0 0.0.255.255

access-list 3 permit 172.30.1.6

access-list 3 permit 172.30.1.5

access-list 3 permit 172.30.0.0 0.0.255.255

access-list 3 permit 172.29.0.0 0.0.255.255

snmp-server enable traps tty

snmp-server manager

!

voice-port 0

input gain -2

output attenuation 0

!

voice-port 1

input gain -2

output attenuation 0

!

!

line con 0

line vty 0 4

login local

!

scheduler max-task-time 5000

end

Router#

Thanks

Anthony

1 REPLY
New Member

Re: uBR924 to a 3005 concentrator.

Anthony,

Just shooting in the dark, from the config above, seems like you didn`t define the local ip address of uBR924 that terminate the VPN session. And from VPN3000 perspective, for a LAN-to-LAN connection, you have to define the remote peer IP address (in this case uBR924 outside interface IP address). and it couldn`t be a hostname.

84
Views
0
Helpful
1
Replies