Hi,
I have to configure a router (837) at remote end to establish connectivity with a VPN concentrator (3005) on main site. Could any one please advice if the configuration seems to be fine or I need to make some adjustments. Its my first configuration and I`ll highly appreciate any advice from this forum. _______________________________________________________________ CL#sh running-config Building configuration...
Current configuration : 2514 bytes ! ! Last configuration change at 23:50:55 UTC Mon Oct 10 2005 ! NVRAM config last updated at 23:59:08 UTC Mon Oct 10 2005 ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CL ! boot-start-marker boot-end-marker ! enable password 7 07843281A4B ! no aaa new-model ip subnet-zero ! ! ! ! ip name-server x.x.x.x ip cef ip inspect name ethernetin udp ip inspect name ethernetin tcp timeout 3600 ip inspect name ethernetin http java-list 50 ip ips po max-events 100 vpdn enable ! vpdn-group pppoe request-dialin protocol pppoe ! no ftp-server write-enable ! ! ! ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key 6 cisco123 address (x.x.x.x VPN Concentrator 3005) ! ! crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac ! crypto map to_vpn 10 ipsec-isakmp set peer (X.x.x.x VPN Concentrator 3005) set transform-set to_vpn match address 101 ! ! ! interface Ethernet0 ip address 192.168.4.0 255.255.255.0 ip nat inside ip inspect ethernetin in ip virtual-reassembly ip tcp adjust-mss 1350 load-interval 30 hold-queue 100 out ! interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point crypto map to_vpn pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer1 mtu 1492 ip address negotiated ip access-group 100 in ip nat outside ip virtual-reassembly encapsulation pppoe ip tcp adjust-mss 1400 load-interval 30 dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname xxxxx ppp chap password 0 xxxxx crypto map to_vpn ! ip classless ip route 0.0.0.0 0.0.0.0 X.X.X.X (Pointing to the router as default gateway) ! ip http server no ip http secure-server ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.255 (address assigned by the service provider) ip nat inside source route-map nonat pool mypool overload ! ! access-list 101 permit ip 192.168.4.0 0.0.0.255 10.1.0.0 0.0.0.255 (192.168 Privte address range on remote end, 10.1. private address range on main site) access-list 110 deny ip 192.168.4.0 0.0.0.255 10.1.0.0 0.0.0.255 access-list 110 permit ip 192.168.4.0 0.0.0.255 any route-map nonat permit 10 match ip address 110 ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 login ! scheduler max-task-time 5000 end