Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router on a stick IPSec with external DSL

I need to connect remote site with 2 local LANs to our hub site. Internet is Telmex with 2wire 2701. My solution was router on a stick with 3 trunked VLANs to a switch. 2 local LANs and 1 VLAN that I connect to the DSL modem. Try as I might, no joy on getting ISAKMP to make an offer to hub. Anyone see the errors of my ways :< ! Here is the info for remote:

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key xxxxxx address (my hub)

crypto ipsec transform-set 3desmd5_xform1 esp-3des esp-md5-hmac

crypto map curta_1 1 ipsec-isakmp

description HQ VPN Router to remote VPN

set peer

set transform-set 3desmd5_xform1

match address 100

! Local Lan #1

interface FastEthernet0/0.128

encapsulation dot1Q 128 native

ip address

! Local Lan #2

interface FastEthernet0/0.130

encapsulation dot1Q 130

ip address

! Segment facing DSL inside

interface FastEthernet0/0.1000

encapsulation dot1Q 1000

ip address ******

crypto map curta_1

access-list 100 remark Set interesting traffic for crypto map to traverse VPN

access-list 100 permit ip (hub site)

access-list 100 permit ip (hub site)

ip route FastEthernet0/0.1000

ip route FastEthernet0/0.1000

ip route FastEthernet0/0.1000

****** ISP gave 1 static IP this example shows this, this is a point of brain damage as ISP can not give clear examples using this setup, but claims it will work :(.