mikeb
join:2009-11-02
Round Rock, TX
| [Config] 871 At&t dls with ike connection
Hello I'm tyring to configure a 871 cisco router to vpn from one site to our head quarters. I'm not able to get a VPN connection can you help.
Router#sh run
Building configuration...
Current configuration : 2593 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname testrt1
!
ip subnet-zero
no ip finger
ip name-server 68.94.156.1
ip name-server 68.94.157.1
!
no ip dhcp-client network-discovery
vpdn enable
no vpdn logging
!
!
username XXXXXXX privilege 15 password 7
no aaa new-model
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
vpdn-group pppoe
request-dialin
protocol pppoe
!
crypto isakmp policy 10
hash md5
authentication pre-shar
crypto isakmp key Vi@Pv1ll3 address 12.X.X.X
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set afp-ts-1 esp-des esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map afppolicy-7 10 ipsec-isakmp
set peer 12.X.X.X
set transform-set afp-ts-1
match address Vi-to-Pville
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
speed auto
full-duplex
pppoe-client dial-pool-number 1
crypto map afppolicy-7 10
!
!
interface Vlan1
description Inside
ip address 172.16.7.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer1
ip address 99.X.X.X 255.255.255.0
ip mtu 1492
encapsulation ppp
ip nat outside
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname fx08@att.net
ppp chap password 7
ppp pap sent-username fx08@att.net password 7
!
ip classless
ip route 0.0.0.0 0.0.0.0 99.X.X.X
no ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map nonat interface Dialer1 overload
!
ip access-list extended Vi-to-Pville
permit ip 172.16.7.0 0.0.0.255 172.16.1.0 0.0.0.255 any
ip access-list extended Outside-IN
permit ip 12.161.73.0 0.0.0.255 host 12.200.54.27
permit tcp any any established
permit udp any any eq ntp
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit icmp any any time-exceeded
permit icmp any any unreachable
permit udp host 12.X.X.X host 12.X.X.X eq isakmp
permit esp host 12.X.X.X host 12.X.X.X
deny tcp any any eq telnet log
deny tcp any any eq www log
deny udp any any eq snmp log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip host 255.255.255.255 any log
ip access-list extended nonat
deny ip 172.16.7.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 172.16.7.0 0.0.0.255 any
!
access-list 101 permit ip 0.0.0.0 255.255.255.0 any
access-list 101 permit ip 172.16.7.0 0.0.0.255 any
access-list 160 remark CAR-ICMP ACL
access-list 160 permit icmp any any
!
route-map nonat permit 10
match ip address nonat
!
!
control-plane
!
banner motd ^C
[WARNING] This system is owned by.
If you are not authorized to access this system,
exit immediately. Unauthorized access to this system
is forbidden by company policies, national, and
international laws. Unauthorized users are subject
to criminal and civil penalties as well as company
initiated disciplinary proceedings.
By entry into this system you acknowledge that you
are authorized access and the level of privilege you
subsequently execute on this system. You further
acknowledge that by entry into this system you
expect no privacy from monitoring.
^C
!
line con 0
password 7
logging synchronous
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
privilege level 15
password 7
logging synchronous
login local
transport preferred all
transport input ssh
transport output all
!
scheduler max-task-time 5000 |
