Hello Hany
Here’s an excerpt from the client side VPN router, that is, the ADSL router at the remote site. Of course it has been sanitised…
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 XXXXXXXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
!
crypto pki trustpoint TP-self-signed-3860321116
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3860321116
revocation-check none
rsakeypair TP-self-signed-3860321116
!
!
crypto pki certificate chain TP-self-signed-3860321116
certificate self-signed 01
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
quit
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.96.1.73 10.96.1.74
!
ip dhcp pool sdm-pool
import all
network 10.96.1.72 255.255.255.248
default-router 10.96.1.73
dns-server 10.96.0.66 XXXXXXXXXX
!
!
ip domain name XXXXXXXXX.com
ip name-server XXXXXXXXX
ip name-server 10.96.0.66
!
multilink bundle-name authenticated
!
!
username name privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXX
username name2 privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
!
!
!
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1
connect auto
group VPN_Group key XXXXXXX
mode network-extension
peer 10.96.0.15
peer 10.96.0.13
virtual-interface 2
username name password XXXXXXXXXXXXXXX
xauth userid mode local
!
!
archive
log config
hidekeys
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.4 point-to-point
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template2 type tunnel
no ip address
tunnel mode ipsec ipv4
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.96.1.73 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1 inside
!
interface Dialer3
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname XXXXXXXXXXXXXXXXXXXXXXXXXX
ppp chap password 0 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer3 2
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface Dialer3 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.96.1.72 0.0.0.7
access-list 101 permit ip any 10.0.0.0 0.255.255.255
access-list 101 deny ip any any
dialer-list 1 protocol ip permit
snmp-server community XXXXXXXX RO
no cdp run
!
!
!
!
control-plane
!
banner login C----------------------------------------------------------------
XXXXXXXXXXXXXXXXXXXX
-----------------------------------------------------------------------
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end
I was unable to get access to the VPN server today, but when I do I will post that as well.
I hope this has been helpful!
Laz