Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

871 dial back over AUX w/ vpn

i currently have a 871 router, i use it to connect our remote offices to our main office via t1's, dsl, etc. Due to outages at various phone comanies i have been tasked with the job of coming up with a dial backup solution on these routers. What i am looking at doing is upon failure of the main link i would like a async modem attached to the aux port to dial an ISP and once connected, connect a backup vpn. i was wondering if it is possible to run encryption over the aux port and also how to do it. thanks

below is my config i have so far

hostname center_0049

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable password xxxxxxxxxxx

!

no aaa new-model

!

resource policy

!

ip subnet-zero

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.49.1

ip dhcp excluded-address 192.168.49.2 192.168.49.99

ip dhcp excluded-address 192.168.49.150 192.168.49.254

!

ip dhcp pool dcp

network 192.168.49.0 255.255.255.0

domain-name xxxxxxxxxxx

dns-server 192.168.1.8 192.168.2.8

default-router 192.168.49.1

!

ip dhcp pool remote_site_userp-md5-hmac

!

!

ip name-server 192.168.1.8

ip name-server 192.168.2.8

!

modemcap entry usr:MSC=& FS0=1 & C1&D2;&H1;&R2;&B1;&W;

!

!

username admin password 0 xxxxxxxxxxx

username center0001 password 0 xxxxxxxxxxx

!

!

!

!

!

!

!

crypto ipsec client ezvpn center_0049

connect auto

group remote_sites key xxxxxxxxxxx

mode network-extension

peer xxxxxxxxxxx

username remote password xxxxxxxxxxx

xauth userid mode local

!

!

bridge irb

!

!

interface Tunnel1

no ip address

tunnel source BVI1

tunnel destination xxxxxxxxxxx

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address 192.168.1.63 255.255.255.0

duplex auto

speed auto

crypto ipsec client ezvpn center_0049

!

interface Dot11Radio0

no ip address

shutdown

!

encryption vlan 1 mode ciphers tkip

!

ssid dcpstatic

vlan 1

authentication open

authentication key-management wpa

wpa-psk ascii 0 v

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2437

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no snmp trap link-status

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Async1

no ip address

encapsulation ppp

dialer in-band

dialer pool-member 1

async mode dedicated

ppp authentication chap

routing dynamic

!

interface Dialer1

ip address negotiated

encapsulation ppp

dialer pool 1

dialer remote-name backup_link

dialer idle-timeout 1800

dialer string 14405404040

ppp authentication chap

!

interface BVI1

ip address 192.168.49.1 255.255.255.0

crypto ipsec client ezvpn center_0049 inside

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.254

ip route 0.0.0.0 0.0.0.0 Dialer1 2

!

no ip http server

no ip http secure-server

ip nat pool dcp 69.219.11.226 69.219.11.226 netmask 255.255.255.248

!

logging source-interface Async1

logging 192.168.49.100

access-list 15 permit 192.168.1.0 0.0.0.255

access-list 15 permit 0.0.0.0 255.255.255.0

access-list 100 permit ip host 67.100.6.34 192.168.1.0 0.0.0.255

access-list 110 permit ip 192.168.49.0 0.0.0.255 192.168.1.0 0.0.0.255

!

control-plane

!

bridge 1 route ip

!

line con 0

no modem enable

transport output all

speed 2400

line aux 0

password xxxxxxxxxxx

login

modem InOut

modem autoconfigure type usr

transport input all

transport output all

line vty 0 4

session-timeout 60

login local

transport input all

transport output all

!

scheduler max-task-time 5000

end

2 REPLIES
Bronze

Re: 871 dial back over AUX w/ vpn

Triple Data Encryption Standard [3DES] or Advanced Encryption Standard [AES].crypto isakmp policy 1,encr 3des,crypto ipsec transform-set t1 esp-3des esp-sha-hmac.Refer the following URL for more info

http://www.cisco.com/en/US/products/ps6660/products_white_paper0900aecd804c363f.shtml

New Member

Re: 871 dial back over AUX w/ vpn

i kinda scanned this document but found no answers to my questions on this, any reason why you posted it

129
Views
0
Helpful
2
Replies