ezvpn w/ router which has changing public address (PPPoE)
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by =?ISO-8859-15?Q?J=F6rg_Sch=FCt on March 5, 2006, 4:18 am
Please log in for more thread options
We want to set up a VPN connection between our ASA 55xx and a router (Cisco 1841) which will get it's public IP via PPPoE. When using PPPoE we will not know which will be our IP address (it will change every 24 hours). We are not able to establish a vpn connection (not even phase 1) between these two devices. There was no problem establishing a vpn connection when this router had a fixed ip address by routing all the traffic to the default gateway of the ISP. The ASA had no knowledge about the fixed IP of the router. To make things more complicated, we have no real dynamic address assignment from our ISP. We have to set the IP address manually to establish a connection via PPPoE. Can anyone plese point out where the error in this config is? version 12.4 hostname yourname no aaa new-model ip subnet-zero no ip cef no ip dhcp use vrf connected ip dhcp pool test network 10.250.7.8 255.255.255.248 dns-server 192.168.1.1 default-router 10.250.7.9 lease infinite ! no ip domain lookup vpdn enable ! username xyzxyz password 0 asdfasdfasdf ! crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp keepalive 20 ! crypto ipsec transform-set Strong esp-aes esp-sha-hmac ! crypto ipsec client ezvpn nameOfTunnelGroup connect auto group dynVPN key jkljkljkljlk local-address FastEthernet0/1 mode network-extension peer 1.2.3.4 username xyzxyz password asdfasdfasdf xauth userid mode local ! ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$ ip address 10.250.7.9 255.255.255.248 ip virtual-reassembly ip tcp adjust-mss 1452 duplex auto speed auto no cdp enable crypto ipsec client ezvpn nameOfTunnelGroup inside ! interface FastEthernet0/1 no ip address ip virtual-reassembly duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 no cdp enable ! interface ATM0/0/0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface BRI0/1/0 no ip address encapsulation hdlc shutdown ! interface Dialer1 ip address xxx.xx.xxx.xxx 255.255.255.0 ip mtu 1492 encapsulation ppp dialer pool 1 dialer-group 1 no keepalive no cdp enable ppp authentication chap callin ppp chap hostname qwerqwerqwerqwer ppp chap password 0 132412341234 crypto ipsec client ezvpn nameOfTunnelGroup ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! access-list 1 permit 10.250.7.8 0.0.0.7 J=F6rg --=20 J=F6rg Sch=FCtter http://www.schuetter.org/joerg joerg@schuetter.org http://www.lug-untermain.de/ | |||||||||||||
|
Posted by Walter Roberson on March 5, 2006, 11:49 am
Please log in for more thread options  Hmmm, this link does not directly address what you are trying to do, but some of the failure modes it describes might be applicable to your situation: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008032b637.shtml | |||||||||||||
|
Home Cabling Guide
Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Click Here to learn more |
>router (Cisco 1841) which will get it's public IP via PPPoE.
>When using PPPoE we will not know which will be our IP address
>(it will change every 24 hours).
>We are not able to establish a vpn connection (not even phase 1)
>between these two devices.