Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router on a stick IPSec with external DSL

I need to connect remote site with 2 local LANs to our hub site. Internet is Telmex with 2wire 2701. My solution was router on a stick with 3 trunked VLANs to a switch. 2 local LANs and 1 VLAN that I connect to the DSL modem. Try as I might, no joy on getting ISAKMP to make an offer to hub. Anyone see the errors of my ways :< ! Here is the info for remote:

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key xxxxxx address 65.xxx.yyy.aaa (my hub)

crypto ipsec transform-set 3desmd5_xform1 esp-3des esp-md5-hmac

crypto map curta_1 1 ipsec-isakmp

description HQ VPN Router to remote VPN

set peer 65.xxx.yyy.aaa

set transform-set 3desmd5_xform1

match address 100

! Local Lan #1

interface FastEthernet0/0.128

encapsulation dot1Q 128 native

ip address 10.30.128.1 255.255.255.0

! Local Lan #2

interface FastEthernet0/0.130

encapsulation dot1Q 130

ip address 10.30.130.1 255.255.255.0

! Segment facing DSL inside

interface FastEthernet0/0.1000

encapsulation dot1Q 1000

ip address 201.122.21.143 255.255.255.224 ******

crypto map curta_1

access-list 100 remark Set interesting traffic for crypto map to traverse VPN

access-list 100 permit ip 10.30.128.0 0.0.7.255 10.15.0.0 0.0.255.255 (hub site)

access-list 100 permit ip 10.30.128.0 0.0.7.255 192.168.125.0 0.0.0.255 (hub site)

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1000

ip route 10.15.0.0 255.255.0.0 FastEthernet0/0.1000

ip route 192.168.125.0 255.255.255.0 FastEthernet0/0.1000

****** ISP gave 1 static IP this example shows this, this is a point of brain damage as ISP can not give clear examples using this setup, but claims it will work :(.

190
Views
0
Helpful
0
Replies