Cisco L2Lvpn

Discussion in 'Cisco' started by dionbosschieter, Apr 13, 2012.

  1. dionbosschieter

    dionbosschieter

    Joined:
    Apr 13, 2012
    Messages:
    1
    Likes Received:
    0
    Hello,

    I got a problem with our cisco that is connecting to our Uniper using a l2vpn.
    The cisco has an internal network 192.168.81.0 and the datacenter uses 192.168.229.0.

    I want to be able to ping from 192.168.81.0 to 192.168.229.0 and also from 192.168.229.0 to 192.168.81.0.

    I can't get to get this config working, could someone else see what i did wrong?

    no aaa new-model
    memory-size iomem 10
    !
    crypto pki trustpoint TP-self-signed-3462783490
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3462783490
    revocation-check none
    rsakeypair TP-self-signed-3462783490
    !
    !
    crypto pki certificate chain TP-self-signed-3462783490
    certificate self-signed 01 nvram:IOS-Self-Sig#A.cer
    ip source-route
    !
    !
    ip dhcp excluded-address 192.168.81.136 192.168.81.254
    !
    ip dhcp pool 192.168.81.0/24
    network 192.168.81.0 255.255.255.0
    default-router 192.168.81.1
    dns-server 213.75.63.36 213.75.63.70 8.8.8.8
    !
    ip dhcp pool voice
    network 192.168.17.0 255.255.255.0
    default-router 192.168.17.1
    option 66 ascii http://xsp.voipit.nl/dms/tiptel280
    dns-server 213.144.235.1 213.144.235.2
    !
    !
    ip cef
    no ip domain lookup
    ip domain name yourdomain.com
    ip name-server 213.75.63.36
    ip name-server 213.75.63.70
    no ipv6 cef
    !
    !
    license udi pid CISCO881-K9 sn FCZ1509C1MY
    !
    !
    username admin privilege 15 secret 5 $1$Ef4M$rZZ8qBjKd.uaq.MqNCewa.
    !
    !
    !
    policy-map custom-shaper-10000kbps
    class class-default
    shape average 9400000
    !
    !
    !
    crypto isakmp policy 1
    hash md5
    authentication pre-share
    lifetime 3600
    !
    crypto isakmp policy 3
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key ##### address 213.144.232.7 no-xauth
    crypto isakmp key ##### address 217.148.80.219 no-xauth
    !
    crypto ipsec security-association lifetime seconds 28800
    !
    crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
    crypto ipsec transform-set des-md5 esp-des esp-md5-hmac
    !
    crypto map L2Lvpn 100 ipsec-isakmp
    description RoutIT
    set peer 213.144.232.7
    set transform-set 3des-sha
    set pfs group2
    match address 100
    crypto map L2Lvpn 101 ipsec-isakmp
    description Tunnel to217.148.80.219
    set peer 217.148.80.219
    set transform-set des-md5
    set pfs group1
    match address 101
    !
    !
    !
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    switchport access vlan 2
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    description WAN
    no ip address
    load-interval 30
    duplex full
    speed 100
    pppoe-client dial-pool-number 1
    service-policy output custom-shaper-10000kbps
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    ip address 192.168.81.1 255.255.255.0
    ip verify unicast reverse-path
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    load-interval 30
    !
    interface Vlan2
    ip address 192.168.17.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    !
    interface Dialer0
    no ip address
    no cdp enable
    !
    interface Dialer1
    description WAN dialer
    mtu 1492
    ip address 46.144.31.25 255.255.255.0
    ip verify unicast reverse-path
    ip nat outside
    ip nat enable
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp pap sent-username ### password 7 #####
    ppp ipcp mask request
    ppp ipcp address accept
    no cdp enable
    crypto map L2Lvpn
    !
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    ip nat log translations syslog
    no ip nat service sip udp port 5060
    ip nat pool pool1 192.168.81.0 192.168.81.254 netmask 255.255.255.0
    ip nat inside source static tcp 192.168.81.240 5214 interface Dialer1 5214
    ip nat inside source static tcp 192.168.81.240 5216 interface Dialer1 5216
    ip nat inside source static tcp 192.168.81.240 50495 interface Dialer1 50495
    ip nat inside source static tcp 192.168.81.240 50496 interface Dialer1 50496
    ip nat inside source static tcp 192.168.81.240 50525 interface Dialer1 50525
    ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
    ip route 0.0.0.0 0.0.0.0 Dialer1
    !
    access-list 1 remark CCP_ACL Category=16
    access-list 1 permit 192.168.81.0 0.0.0.255
    access-list 22 permit any
    access-list 23 permit 0.0.0.0
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 23 permit 10.0.0.0 0.255.255.255
    access-list 23 permit 172.16.0.0 0.15.255.255
    access-list 23 permit 192.168.0.0 0.0.255.255
    access-list 23 permit 84.246.25.0 0.0.0.255
    access-list 23 permit 192.168.222.0 0.0.0.255
    access-list 23 permit 192.168.81.0 0.0.0.255
    access-list 23 permit 95.97.68.0 0.0.0.255
    access-list 23 permit any
    access-list 100 permit ip 192.168.82.0 0.0.0.255 any
    access-list 100 permit ip 192.168.17.0 0.0.0.255 any
    access-list 101 remark CCP_ACL Category=4
    access-list 101 remark IPSec Rule
    access-list 101 permit ip 192.168.81.0 0.0.0.255 192.168.229.0 0.0.0.255
    access-list 102 deny ip 192.168.82.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    !
    route-map SDM_RMAP_1 permit 1
    match ip address 102
    !
    !
    control-plane
    !
    !
    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input ssh
    !
    scheduler max-task-time 5000
    end
     
    dionbosschieter, Apr 13, 2012
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.