Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > IPSec - Lan to Lan - Nat routers - 1 Static and 1 Dynamic ip

Reply
Thread Tools

IPSec - Lan to Lan - Nat routers - 1 Static and 1 Dynamic ip

 
 
Sharqy_5
Guest
Posts: n/a
 
      07-20-2003
I've got the following situation:
2 sites
one site with a 826 adsl router which gets a dynamic ip. (site 1)
one site with a 1721 router (incl adsl and eth wic) which has a static ip.
(site 2)
Both routers use Nat for address translation.
I'd like to connect the sites to each other by ipsec, but won't get it
working.
In the meanwhile i've got a working configuration which doesn't use ipsec.
Could someone help me solving this problem.

Here is the configuration of site 2, site 1 will folow:

version 12.2
service timestamps debug uptime
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname Site 2
!
logging console critical
aaa new-model
!
!
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
aaa session-id common
enable secret 5 xxxx.
enable password xxxx
!
username xxxx password xxxx
memory-size iomem 25
clock timezone GMT 2
ip subnet-zero
no ip source-route
!
!
no ip domain lookup
!
no ip bootp server
ip dhcp-server 192.168.5.1
vpdn enable
!
vpdn-group PPTP_WIN2KCLIENT
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
interface Loopback0
ip address 192.168.20.1 255.255.255.0
!
interface Tunnel1
bandwidth 512
ip address 192.168.200.1 255.255.255.252
ip mtu 1434
ip tcp adjust-mss 1380
tunnel source Ethernet0
tunnel destination 1.1.1.1
tunnel mode ipip
!
interface ATM0
description Connected to ADSL
no ip address
no atm ilmi-keepalive
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
no fair-queue
hold-queue 224 in
!
interface Ethernet0
description Connected to SDSL
ip address 3.3.3.3 255.255.255.240
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
no cdp enable
!
interface FastEthernet0
description Connected to the internal net
ip address 192.168.1.1 255.255.255.0 secondary
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip policy route-map email
speed auto
no cdp enable
!
interface Virtual-Template1
description Connected to VPN users
ip unnumbered Loopback0
ip nat inside
peer default ip address dhcp
compress mppc
ppp encrypt mppe 128
ppp authentication ms-chap
!
interface Dialer0
description For connection to dial ISP
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp pap sent-username xxxx password xxxx
!
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source list 104 interface Ethernet0 overload
ip nat inside source static tcp 192.168.5.3 25 interface Ethernet0 25
ip nat inside source static tcp 192.168.5.3 110 interface Ethernet0 110
ip nat inside source static tcp 192.168.5.3 143 interface Ethernet0 143
ip nat inside source static tcp 192.168.5.3 443 interface Ethernet0 443
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 217.166.56.97 250
ip route 1.1.1.1 255.255.255.255 3.3.3.3
ip route 192.168.6.0 255.255.255.0 192.168.200.2
no ip http server
!
!
logging facility local1
logging 192.168.5.1
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 104 permit ip 192.168.5.0 0.0.0.255 any
access-list 104 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 permit ip 192.168.20.0 0.0.0.255 any
access-list 198 permit tcp host 192.168.5.3 eq 143 192.168.0.0 0.0.255.255
access-list 198 permit tcp host 192.168.5.3 eq 443 192.168.0.0 0.0.255.255
access-list 198 permit tcp host 192.168.5.3 eq smtp 192.168.0.0 0.0.255.255
access-list 198 permit tcp host 192.168.5.3 eq pop3 192.168.0.0 0.0.255.255
access-list 199 permit tcp host 192.168.5.3 eq 443 any
access-list 199 permit tcp host 192.168.5.3 eq pop3 any
access-list 199 permit tcp host 192.168.5.3 eq smtp any
access-list 199 permit tcp host 192.168.5.3 eq 143 any
dialer-list 1 protocol ip permit
no cdp run
!
route-map email permit 5
match ip address 198
!
route-map email permit 10
match ip address 199
set ip next-hop 3.3.3.3
!
route-map email permit 20
set default interface Dialer0
!
snmp-server community public RO
snmp-server enable traps tty
radius-server host 192.168.5.1 auth-port 1812 acct-port 1813
radius-server retransmit 3
radius-server key xxxx
radius-server authorization permit missing Service-Type
!
line con 0
line aux 0
line vty 0 4
access-class 102 in
password xxxx
!
ntp clock-period 17180048
ntp server 207.46.248.43
end

Thanks in advance,

Rene Poelman


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Simultaneous NAT overload (internet) and NAT overlapping for IPsec jayteezer Cisco 1 05-23-2010 02:45 PM
Cisco 1801 - ADSL/PPPoE - IPSec - Static NAT ---- 56K Dial Backup - NAT Overload skweetis Cisco 0 12-11-2006 04:33 PM
acl+Static nat+Dynamic Nat yadap Cisco 0 08-31-2006 06:50 AM
IPSec tunnels + NAT overload + NAT static alpertech@yahoo.ca Cisco 1 01-20-2006 02:52 PM
VPN between 2 Cisco routers (1 static, 1 dynamic) with access from stat --> dynamic over ISDN Hans-Peter Walter Cisco 3 01-21-2004 02:12 PM



Advertisments