03-05-2007 07:20 AM
Dear;
I have ADSL connection with 2800 Router.
I configured the following:
--------------------------
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key 123456 address 213.x.x.202
!
!
crypto ipsec transform-set MySet esp-des esp-md5-hmac
!
crypto map ITSBAH 10 ipsec-isakmp
set peer 213.x.x.202
set security-association lifetime seconds 28800
set transform-set MySet
match address VPN_DXB
!
!
!
!
!
interface FastEthernet0/1
description " Office LAN"
ip address 172.x.x.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/1/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
crypto map ITSBAH
!
!
interface Dialer0
ip address 89.x.x.29 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname itsbah1
ppp chap password xxx
ppp pap sent-username itsbah1 password xxx
crypto map ITSBAH
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip nat pool pool 89.x.x.29 89.148.43.29 netmask 255.255.255.255
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended VPN_DXB
permit ip host 172.18.1.250 host 10.40.7.4
permit ip host 172.18.1.1 host 10.40.7.4
!
access-list 1 permit 172.18.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
------------------------------
==============================
but the tunnel is not established.
03-05-2007 09:53 PM
Hi
Can you post the output of show crypto isakmp sa and show crypto ipsec sa ?
regds
03-05-2007 10:35 PM
03-05-2007 10:44 PM
Hi Basheer
Would suggest to check out the connectivity between your router and the remote peer.
You can verify the same using normal ICMP Ping.
Also on NAT statements you need to modify so that your VPN access doesnt get Natted..
You can verify the below link to configure up the same..
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml
Also are you seeing any error logs in your router related to IPSEC Tunnel establishment..
regds
03-06-2007 12:51 AM
03-06-2007 02:03 AM
Dear;
do you thnk that the problem in the ADSL?
.
03-06-2007 02:21 AM
Hi Basheer
Can you try this and check ?
ip route 89.148.43.1 255.255.255.255 Dialer0
ip route 0.0.0.0 0.0.0.0 89.148.43.1
regds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide