Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
1
Replies

public IPs on Dialer1

apstownsend
Level 1
Level 1

‎03-28-2006 01:01 PM - edited ‎03-03-2019 12:12 PM

Hi,

I have a 877 using PPPoA with a /28 public network. For this example lets just say the network address is 217.10.10.0/28 and .7 is used as the GW. Heres a cut down config :

!

!

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 5

crypto isakmp key 6 secureME address x.x.x.1

!

!

crypto ipsec transform-set DTset ah-md5-hmac esp-3des

mode transport

!

!

crypto map mymap 1 ipsec-isakmp

set peer 1.1.1.1

set transform-set myset

match address myacl

!

!

int Dialer1

ip address 217.x.x.x.255.255.248

ip mtu 1492

ip tcp adjust-mss 1452

ip nat outside

crypto mymap

!

!

interface Vlan1

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

!

dialer-list 1 protocol ip permit

Questions

1) What is the correct method of assigning the 5 IPs to the Dialer interface do I simply assign them as Secondarys? (I have done this btw and it works, can ping them external etc)

2) I have 5 IPs and I want a different crypto map on each IP, but I can only assign one crypto map to the Dialer which is the GW and have my other pub ips as secondarys (doh!). How do I work around this?

I have the tunnel working atm to my public GW address, but to me this is simply not acceptable since I want more then one Crypto map AND I have paid for a /28 network.

I have searched for quite a bit on the internet, google etc, and can't find jack.

Thanks

Andrew

My config

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 5

crypto isakmp key 6 secureIPSEC address 81.x.x.145

!

!

crypto ipsec transform-set DTset ah-md5-hmac esp-3des

mode transport

!

crypto map DTmap 1 ipsec-isakmp

description D&T Grantham

set peer 81.149.148.145

set transform-set DTset

match address 151

!

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

Labels:
0 Helpful
1 Reply 1

jackko
Level 7
Level 7

‎03-28-2006 02:50 PM

just wondering what the exact requirement is.

is the objective to configure multiple lan-lan ipsec vpn to multiple peers? if so, this can be achieved by one crypto map and one public ip.

as you already know, only one crypto map can be applied on an interface. however, one crypto map can multiple instances.

e.g.

crypto map mymap 10 ipsec-isakmp

set peer 1.1.1.1

set transform-set myset

match address 121

crypto map mymap 20 ipsec-isakmp

set peer 1.1.1.2

set transform-set myset

match address 122

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card