Hi everybody,
I am looking to establish a site-to-site VPN connection with a client. I have looked at the manual but it has not worked.
We have an 857 Integrated Router on our end which handles the PPPoE and NATs several internal devices to public IPs provided by our DSL service.
I have a provided a sh run prior to any VPN configuration. Below the sh run are the connection settings...
If someone could provide the CLI commands, I would appreciate it. Again, I understand the manual provides commands but I'm unsure of which commands are necessary.
Current configuration : 1917 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname @#$#$(&
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$WOv/$3DWqFFkG5GU.ZlPfy7nHJ1
!
aaa new-model
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.49
!
ip dhcp pool alpha
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server @#$#$(& @#$#$(&
domain-name @#$#$(&
lease 2
!
!
ip cef
no ip domain lookup
ip domain name @#$#$(&
!
!
!
username @#$#$(& password 0 @#$#$(&
!
!
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address @#$#$(& 255.255.255.248
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username @#$#$(& password 0 @#$#$(&
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static 10.0.0.3 @#$#$(&
ip nat inside source static 10.0.0.5 @#$#$(&
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input ssh
!
scheduler max-task-time 5000
end
(IPs adjusted for privacy)
He asked that we have our internal IP space NAT to 10.20.30.40 /32
They use the following:
3DES MDS
Group 2
VPN peer IP: 60.70.80.90
Thanks in advance!
Peter K.
NVT