837 Config Problem

Discussion in 'Cisco' started by paulb4, Aug 9, 2005.

  1. paulb4

    paulb4 Guest

    Scenario

    I have a site that needs to get access to servers on the HO Lan.
    have the VPN up and working, the issue I now have is this

    I would like to basically block anything going to the internet fro
    the remote site. So Internet traffic has to go across the VPN to th
    HO Proxy

    So far I've been unsuccessful in doing this

    >
    > Current configuration : 2713 byte
    >
    > version 12.
    > no service pa
    > service timestamps debug uptim
    > service timestamps log uptim
    > service password-encryptio
    >
    > hostname Route
    >
    > logging queue-limit 10
    > enable secret 5 $1$504R$nuaE.tPwutGTWmPRfIKK8
    >
    > username al
    > username CRWS_Vijay privilege 15 password 7 ***********
    >
    > ip subnet-zer
    > ip dhcp excluded-address 10.50.4.1 10.50.4.1
    >
    > ip dhcp pool DHCPPoo
    > network 10.50.4.0 255.255.255.
    > default-router 10.50.4.
    > netbios-name-server 10.40.1.30 10.40.1.3
    > dns-server 10.40.1.30 10.40.1.3
    >
    >
    > ip inspect name Store tc
    > ip inspect name Store ud
    > ip inspect name Store htt
    > ip audit notify lo
    > ip audit po max-events 10
    > no ftp-server write-enabl
    >
    >
    >
    >
    > crypto isakmp policy 1
    > encr 3de
    > hash md
    > authentication pre-shar
    > group
    > crypto isakmp key 0 St0r3f0ursh4r3DK33 address <3005 WAN IP
    >
    >
    > crypto ipsec transform-set KGTrans esp-3des esp-md5-hma
    >
    > crypto map KG 10 ipsec-isakm
    > set peer <3005 WAN IP
    > set transform-set KGTran
    > match address 10
    >
    >
    >
    >
    > interface Loopback
    > ip address <837 WAN IP> 255.255.255.25
    >
    > interface Ethernet
    > ip address 10.50.4.1 255.255.255.
    > ip nat insid
    > ip inspect Store i
    > hold-queue 100 ou
    >
    > interface ATM
    > bandwidth 28
    > no ip addres
    > no ip mroute-cach
    > no atm ilmi-keepaliv
    > pvc 0/3
    > encapsulation aal5mux ppp diale
    > dialer pool-member
    >
    > dsl operating-mode aut
    > hold-queue 224 i
    >
    > interface Dialer
    > ip unnumbered Loopback
    > ip access-group 101 i
    > ip nat outsid
    > encapsulation pp
    > no ip route-cach
    > no ip mroute-cach
    > dialer pool
    > dialer-group
    > ppp chap hostname <DSL USERNAME
    > ppp chap password 7 <DSL PASSWORD
    > crypto map K
    >
    > ip nat inside source list 199 interface Loopback0 overloa
    > ip classles
    > ip route 0.0.0.0 0.0.0.0 Dialer
    > ip http serve
    > no ip http secure-serve
    >
    > access-list 101 deny ip 127.0.0.0 0.255.255.255 an
    > access-list 101 deny ip 224.0.0.0 31.255.255.255 an
    > access-list 101 permit icmp any any echo-repl
    > access-list 101 permit udp host 62.140.209.182 eq isakmp any e

    isakm
    > access-list 101 permit esp host 62.140.209.182 an
    > access-list 101 deny tcp 10.50.4.0 0.0.0.255 eq www any eq ww
    > access-list 101 permit ip 10.0.0.0 0.255.255.255 10.50.0.

    0.0.255.25
    > access-list 101 permit tcp host 194.200.174.18 any eq telne
    > access-list 101 permit ip host 194.200.174.28 an
    > access-list 105 permit ip 10.50.4.0 0.0.0.255 10.0.0.

    0.255.255.25
    > access-list 105 permit tcp 10.50.4.0 0.0.0.255 eq www any eq ww
    > access-list 199 deny ip 10.50.4.0 0.0.0.255 10.0.0.

    0.255.255.25
    > access-list 199 permit ip 10.50.4.0 0.0.0.255 an
    >
    > line con
    > exec-timeout 120
    > no modem enabl
    > stopbits
    > line aux
    > stopbits
    > line vty 0
    > exec-timeout 120
    > password 7 ******
    > logi
    > length
    >
    > scheduler max-task-time 500
    >
    > en
    >


    I can't see what I've missed or not done....

    Ideas anyone?
    paulb4, Aug 9, 2005
    #1
    1. Advertising

  2. paulb4

    RobO Guest

    Hi,

    I might be totally wrong here or there may be another way of doing this
    but the first thing that comes to my mind is "route-maps".

    Is it just www traffic that you want to go through the tunnel?
    What other network services does the remote network need ?

    Do you want ALL outbound traffic to go through tunnel because this will
    determine the route-map settings?

    Let us know!

    Rob
    RobO, Aug 9, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Confused

    Cisco 837-837 VPN

    Confused, Jul 9, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,685
    Confused
    Jul 9, 2003
  2. Suppa Lamah
    Replies:
    8
    Views:
    1,617
  3. Richard Antony Burton
    Replies:
    0
    Views:
    6,124
    Richard Antony Burton
    Jan 5, 2004
  4. Michael Cohen
    Replies:
    2
    Views:
    530
    Michael Cohen
    Mar 2, 2004
  5. Replies:
    4
    Views:
    4,146
Loading...

Share This Page