VPN between DG834GB and Cisco Soho99 / Dynamic addresses ?

Author	All Replies
ACS join:2009-06-22	VPN between DG834GB and Cisco Soho99 / Dynamic addresses ? Hi, I'm struggling to get a VPN tunnel between my Netgear and Cisco routers. Both endpoints are using dynamic IP addresses, and used to be Netgear devices (DG834GB). This worked fine. At one end, I'm now replacing the Netgear router with a Cisco Soho99. Internet access, and dyndns is working fine. No VPN tunnel between the two sites though. I found and followed an old posting on this forum: »Do I need a VPN, if so how do I setup??? but am unable to get the tunnel up. Probably due to the fact both endpoints use dynamic addresses. Am I trying to do something impossible, or just missing something ? Specific to my config: crypto isakmp key key hostname myremotehost.homelinux.com no-xauth set peer myremotehost.homelinux.com dynamic
ACS join:2009-06-22	to forum · permalink · · 2009-06-22 05:32:07 ·
ACS join:2009-06-22	My config (changed some private details) mylocalhost.homelinux.com#sh ru Building configuration... Current configuration : 3179 bytes ! version 12.3 no parser cache no service pad service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone service password-encryption ! hostname mylocalhost.homelinux.com ! boot-start-marker boot-end-marker ! memory-size iomem 5 enable secret 5 secret enable password 7 secret ! username admin password 7 secret ip subnet-zero ip dhcp excluded-address 192.168.1.1 ip dhcp excluded-address 192.168.1.1 192.168.1.150 ! ip dhcp pool DHCPPool import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 domain-name domain.eu option 66 ip 192.168.1.2 option 150 ip 192.168.1.2 ! ! ip domain name homelinux.com ip name-server 195.238.2.21 ip name-server 195.238.2.22 ip ssh time-out 60 ip ssh authentication-retries 2 ip ddns update method ddns-upd HTTP add http://Userr:passwd@members.dyndns.org/nic/update?system=dyndns&hostname=mylocalhost.homelinux.com&myip= interval maximum 28 0 0 0 ! aaa new-model ! ! aaa session-id common ! ! ! ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 lifetime 28800 crypto isakmp key key hostname myremotehost.homelinux.com no-xauth crypto isakmp identity hostname crypto isakmp keepalive 3600 ! crypto ipsec security-association lifetime seconds 28800 ! crypto ipsec transform-set remotehost esp-3des esp-sha-hmac crypto ipsec df-bit clear ! crypto map remotehost 110 ipsec-isakmp set peer myremotehost.homelinux.com dynamic set transform-set remotehost set pfs group2 match address 150 ! ! ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ip nat inside ip tcp adjust-mss 1452 hold-queue 100 out ! interface BRI0 no ip address shutdown ! interface ATM0 no ip address ip tcp adjust-mss 1452 no atm ilmi-keepalive dsl operating-mode auto hold-queue 224 in pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface Virtual-Template1 no ip address ! interface Virtual-PPP1 no ip address ! interface Dialer1 ip ddns update hostname mylocalhost.homelinux.com ip ddns update ddns-upd host members.dyndns.org ip address negotiated ip mtu 1492 ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname ISP-USER ppp chap password 7 ISP-PASSWD ppp ipcp dns request crypto map remotehost ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server ip http authentication local ip http secure-server ip dns server ip dns spoofing ! ip nat inside source list 100 interface Dialer1 overload ! access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 100 permit ip 192.168.1.0 0.0.0.255 any access-list 150 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255 snmp-server community public view internet-router RO ! control-plane ! ! line con 0 exec-timeout 120 0 transport preferred all transport output all stopbits 1 line vty 0 4 exec-timeout 0 0 password 7 password transport preferred none transport input ssh transport output none ! scheduler max-task-time 5000 ! end
ACS join:2009-06-22	to forum · permalink · · 2009-06-22 05:40:54 ·
ACS join:2009-06-22	reply to ACS # [180001]"VPN Version"=2 [180001]"VPN policy"=1ToHome1024192.168.0.1...255.255.255.02mylocalhost.homelinux.com4192.168.1.1...255.255.255.0key0000022013600192.168.1.1500
ACS join:2009-06-22	to forum · permalink · · 2009-06-22 07:02:15 ·


Friday, 04-Dec 02:34:57	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF