gopher2
07-25-2004, 02:48 AM
I'm using my 1720 as a cable modem router
I finally got ipsec working,
but now the pptp vpn does not seem to work on the wan interface, Ethernet 0
I can successfully establish a connection from a w2k client on the inside
network to the FastEthernet 0 interface no problem
I just doest work on the Ethernet interface
I think there is a problem with my access list, but not sure
here is a copy of my config
Thanks
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5
!
username xxxxxxxxxxxxx
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
aaa session-id common
ip subnet-zero
!
!
ip name-server xx.xxx.xx.xxx
!
ip cef
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
async-bootp dns-server 192.168.5.2
async-bootp nbns-server 192.168.5.5
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 5
lifetime 28800
crypto isakmp key xxxxxxxxxxxxxxxxx address xx.xx.xxx.xx
!
!
crypto ipsec transform-set 3DES-MD5 esp-3des esp-sha-hmac
!
crypto map CISCO-NODE4 10 ipsec-isakmp
description VPN TUNNEL TO NODE4 NETGEAR
set peer xx.xx.xx.xx
set transform-set 3DES-MD5
set pfs group5
match address 115
!
!
!
interface Ethernet0
ip address dhcp
ip nat outside
full-duplex
no cdp enable
crypto map CISCO-NODE4
!
interface FastEthernet0
ip address 192.168.5.1 255.255.255.0
ip nat inside
speed auto
no cdp enable
!
interface Serial0
no ip address
shutdown
no cdp enable
!
interface Serial1
no ip address
shutdown
no cdp enable
!
interface Virtual-Template1
ip unnumbered Ethernet0
ip mroute-cache
peer default ip address pool VPN-DIALUP
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
ip local pool VPN-DIALUP 192.168.5.225 192.168.5.254
ip nat inside source route-map NONAT interface Ethernet0 overload
ip classless
no ip http server
no ip http secure-server
!
!
logging trap debugging
logging 192.168.5.100
access-list 110 remark EXCERPT THE PRIVATE NETWORK FROM THE NAT RULE
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 110 permit ip 192.168.5.0 0.0.0.255 any
access-list 115 remark INCLUDE PRIVATE NETWORK TO PRIVATE NETWORK IN VPN
TUNNEL
access-list 115 permit ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
no cdp run
!
route-map NONAT permit 10
match ip address 110
!
line con 0
speed 115200
line aux 0
line vty 0 5
!
scheduler max-task-time 5000
!
end
I finally got ipsec working,
but now the pptp vpn does not seem to work on the wan interface, Ethernet 0
I can successfully establish a connection from a w2k client on the inside
network to the FastEthernet 0 interface no problem
I just doest work on the Ethernet interface
I think there is a problem with my access list, but not sure
here is a copy of my config
Thanks
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5
!
username xxxxxxxxxxxxx
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
aaa session-id common
ip subnet-zero
!
!
ip name-server xx.xxx.xx.xxx
!
ip cef
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
async-bootp dns-server 192.168.5.2
async-bootp nbns-server 192.168.5.5
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 5
lifetime 28800
crypto isakmp key xxxxxxxxxxxxxxxxx address xx.xx.xxx.xx
!
!
crypto ipsec transform-set 3DES-MD5 esp-3des esp-sha-hmac
!
crypto map CISCO-NODE4 10 ipsec-isakmp
description VPN TUNNEL TO NODE4 NETGEAR
set peer xx.xx.xx.xx
set transform-set 3DES-MD5
set pfs group5
match address 115
!
!
!
interface Ethernet0
ip address dhcp
ip nat outside
full-duplex
no cdp enable
crypto map CISCO-NODE4
!
interface FastEthernet0
ip address 192.168.5.1 255.255.255.0
ip nat inside
speed auto
no cdp enable
!
interface Serial0
no ip address
shutdown
no cdp enable
!
interface Serial1
no ip address
shutdown
no cdp enable
!
interface Virtual-Template1
ip unnumbered Ethernet0
ip mroute-cache
peer default ip address pool VPN-DIALUP
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
ip local pool VPN-DIALUP 192.168.5.225 192.168.5.254
ip nat inside source route-map NONAT interface Ethernet0 overload
ip classless
no ip http server
no ip http secure-server
!
!
logging trap debugging
logging 192.168.5.100
access-list 110 remark EXCERPT THE PRIVATE NETWORK FROM THE NAT RULE
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 110 permit ip 192.168.5.0 0.0.0.255 any
access-list 115 remark INCLUDE PRIVATE NETWORK TO PRIVATE NETWORK IN VPN
TUNNEL
access-list 115 permit ip 192.168.5.0 0.0.0.255 192.168.4.0 0.0.0.255
no cdp run
!
route-map NONAT permit 10
match ip address 110
!
line con 0
speed 115200
line aux 0
line vty 0 5
!
scheduler max-task-time 5000
!
end