Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > 837 Config Problem

Reply
Thread Tools

837 Config Problem

 
 
paulb4
Guest
Posts: n/a
 
      08-09-2005
Scenario

I have a site that needs to get access to servers on the HO Lan.
have the VPN up and working, the issue I now have is this

I would like to basically block anything going to the internet fro
the remote site. So Internet traffic has to go across the VPN to th
HO Proxy

So far I've been unsuccessful in doing this

>
> Current configuration : 2713 byte
>
> version 12.
> no service pa
> service timestamps debug uptim
> service timestamps log uptim
> service password-encryptio
>
> hostname Route
>
> logging queue-limit 10
> enable secret 5 $1$504R$nuaE.tPwutGTWmPRfIKK8
>
> username al
> username CRWS_Vijay privilege 15 password 7 ***********
>
> ip subnet-zer
> ip dhcp excluded-address 10.50.4.1 10.50.4.1
>
> ip dhcp pool DHCPPoo
> network 10.50.4.0 255.255.255.
> default-router 10.50.4.
> netbios-name-server 10.40.1.30 10.40.1.3
> dns-server 10.40.1.30 10.40.1.3
>
>
> ip inspect name Store tc
> ip inspect name Store ud
> ip inspect name Store htt
> ip audit notify lo
> ip audit po max-events 10
> no ftp-server write-enabl
>
>
>
>
> crypto isakmp policy 1
> encr 3de
> hash md
> authentication pre-shar
> group
> crypto isakmp key 0 St0r3f0ursh4r3DK33 address <3005 WAN IP
>
>
> crypto ipsec transform-set KGTrans esp-3des esp-md5-hma
>
> crypto map KG 10 ipsec-isakm
> set peer <3005 WAN IP
> set transform-set KGTran
> match address 10
>
>
>
>
> interface Loopback
> ip address <837 WAN IP> 255.255.255.25
>
> interface Ethernet
> ip address 10.50.4.1 255.255.255.
> ip nat insid
> ip inspect Store i
> hold-queue 100 ou
>
> interface ATM
> bandwidth 28
> no ip addres
> no ip mroute-cach
> no atm ilmi-keepaliv
> pvc 0/3
> encapsulation aal5mux ppp diale
> dialer pool-member
>
> dsl operating-mode aut
> hold-queue 224 i
>
> interface Dialer
> ip unnumbered Loopback
> ip access-group 101 i
> ip nat outsid
> encapsulation pp
> no ip route-cach
> no ip mroute-cach
> dialer pool
> dialer-group
> ppp chap hostname <DSL USERNAME
> ppp chap password 7 <DSL PASSWORD
> crypto map K
>
> ip nat inside source list 199 interface Loopback0 overloa
> ip classles
> ip route 0.0.0.0 0.0.0.0 Dialer
> ip http serve
> no ip http secure-serve
>
> access-list 101 deny ip 127.0.0.0 0.255.255.255 an
> access-list 101 deny ip 224.0.0.0 31.255.255.255 an
> access-list 101 permit icmp any any echo-repl
> access-list 101 permit udp host 62.140.209.182 eq isakmp any e

isakm
> access-list 101 permit esp host 62.140.209.182 an
> access-list 101 deny tcp 10.50.4.0 0.0.0.255 eq www any eq ww
> access-list 101 permit ip 10.0.0.0 0.255.255.255 10.50.0.

0.0.255.25
> access-list 101 permit tcp host 194.200.174.18 any eq telne
> access-list 101 permit ip host 194.200.174.28 an
> access-list 105 permit ip 10.50.4.0 0.0.0.255 10.0.0.

0.255.255.25
> access-list 105 permit tcp 10.50.4.0 0.0.0.255 eq www any eq ww
> access-list 199 deny ip 10.50.4.0 0.0.0.255 10.0.0.

0.255.255.25
> access-list 199 permit ip 10.50.4.0 0.0.0.255 an
>
> line con
> exec-timeout 120
> no modem enabl
> stopbits
> line aux
> stopbits
> line vty 0
> exec-timeout 120
> password 7 ******
> logi
> length
>
> scheduler max-task-time 500
>
> en
>


I can't see what I've missed or not done....

Ideas anyone?

 
Reply With Quote
 
 
 
 
RobO
Guest
Posts: n/a
 
      08-09-2005
Hi,

I might be totally wrong here or there may be another way of doing this
but the first thing that comes to my mind is "route-maps".

Is it just www traffic that you want to go through the tunnel?
What other network services does the remote network need ?

Do you want ALL outbound traffic to go through tunnel because this will
determine the route-map settings?

Let us know!

Rob

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dll config and web.config and Label Expressions (binding label text to dll config settings) CSharpner ASP .Net 0 04-09-2007 09:00 PM
VPN between Cisco 837 and cisco 837 with IP static and ip dinamic lyvicro@hotmail.com Cisco 4 12-15-2005 09:10 PM
Working: 837 Wake On Lan over internet using NAT (837) Richard Antony Burton Cisco 0 01-05-2004 10:08 AM
Cisco 837 to Cisco 837 VPN, ping OK, NetBios / VNC DROPPING! Suppa Lamah Cisco 8 12-19-2003 01:15 PM
Cisco 837-837 VPN Confused Cisco 0 07-09-2003 11:13 AM



Advertisments