Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN over ADSL with other users

I am examining the feasibility of creating a site-to-site VPN between my company's VPN router and customer's VPN router.

Customer uses an ADSL line and a SOHO97 router to access Internet.

Customer has also other public IP available.

The site to site VPN would be used for traffic from/to a PC of my company which would be located at customer site and would be assigned its own subnet within customer network:

MyVPNrtr---------(ADSL)-------CustomerVPNrtr-----internal router---||customer users||---------My PC

Customer VPN rtr outside interface does not have an ip address configured, it just inherits that specified in the dialer profile used by the users.

Questions:

To allow such tunnel with my VPN roter,

should the customer define 2 subinterfaces on ATM interface and another dialer profile (beside tha one already used by customer users accessing Internet) for my PC with another public IP (which then I would use for the VPN) ?

I was thinking of using 2 point to point subinterfaces and 2 dialer profiles, one for the users and one for MyPC.

Customer configuration would be something like this:

Interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

dsl power-cutback 1

Interface ATM0.1 point-to-point <----------THIS WOULD BE FOR INTERNAL USERS

pvc 6/60

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

Interface ATM0.2 point-to-point <----------THIS WOULD BE FOR VPN

pvc 6/60

encapsulation aal5mux ppp dialer

dialer pool-member 2

crypto map vpn

interface Dialer0 <---------------------------------THIS FOR USERS ACCESSING INTERNET

ip address 101.130.118.117 255.255.255.248 <-------PUBLIC IP USED FOR USERS ACCESS TO INTERNET

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username <removed>

ppp ipcp address accept

!

interface Dialer1 <---------------------------------THIS FOR MyPC USING THE VPN

ip address 101.130.118.118 255.255.255.248 <------PUBLIC IP USED FOR SITE TO SITE VPN

ip nat outside

encapsulation ppp

dialer pool 2

dialer-group 2 <-------------------IS IT NEEDED ?

crypto map vpn

ip route <my network> Dialer1 <-------------IS IT RIGHT ?

ip route 0.0.0.0 0.0.0.0 Dialer0 <------------ANY CONFLICT WITH PREVIOUS LINE ?

!

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static <MyPC private> <MyPC public> <-------IS IT RIGHT ?

!

ETC.ETC.

WHAT DO YOU THINK ?

Thanks

3 REPLIES
New Member

Re: VPN over ADSL with other users

Ok,simplifying the question, forget the configuration lines above:

I want to grant access to a group of users behind an ADSL VPN capable router (e.g. SOHO97)

At the same time I want to establish a site to site VPN using that router.

I have an entire public IP subnet.

Question:

- I would use 2 ATM subinterfaces: do I need to use 2 dialer interfaces or can I assign the IP addresses to the 2 subinterfaces directly ?

I tbelieve the dialer inetrface are used mainly because usually with ADSL the public IP is assigned by ISp, but in my case I already have a set of public IPs.

Is there any other reason why I need to use dialer interface with PPPoA ?

Thanks

Re: VPN over ADSL with other users

hi

do clarify for which purpose you are creating 2 dialer interfaces ?

is it your local lan getting connected to the public network (internet) thru that particular sub interface ?

coz you can compile them in a single dialer interface pointing your default route towards that dialer interface.

apply the crypto map in both atm and dialer interface.

but take care while mentioninng the interesting traffic which has to be encrypted.

hope you have idea about the remote end public ip address which is rquired to be mentioned under the ipsec peer config.

Also the remote local lan block which has to be matched using the ACL which can be applied under the crypto map for encryption purpose.

also refer this link for some assistance in doing the same..

http://cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e52.shtml#t1

regds

New Member

Re: VPN over ADSL with other users

Thanks for your feedback, spremkumar.

Well, the doubt is whether I reallly have to use any dialer interface. Can't I statically assign a public IP to the ATM subinterface ?

The overall purpose is to allow internal users access to Internet (PATting their IPs) and also allow a site to site VPN between the ADSL router and different site VPN router.

161
Views
3
Helpful
3
Replies