Advertisement

08.24.2007 at 01:21PM PDT, ID: 22785946
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.4

DMPVN Configuration on spoke router

Asked by USAlliance in Virtual Private Networking (VPN), IPSec Security Protocol, Cisco PIX Firewall

Tags: , ,

We configured a spoke router with Cable connection using DMVPN. We cannot get internet access from the spoke site, but we can access the server in our HQ through our NAT\Firewall through a PIX firewall.
We using Cisco router 1721, IOS version 12.3.  
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash c1700-k9o3sy7-mz.123-23.bin
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
 --More--         !
ip cef
ip audit po max-events 100
!
!
!
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco123 address 65.X.X.X no-xauth
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set restrictVPN esp-3des esp-md5-hmac
!
crypto ipsec profile DMVPNPROF
 set transform-set restrictVPN
!
 --More--         !
!
!
interface Loopback0
 no ip address
!
interface Loopback1
 no ip address
!
interface Tunnel1
 bandwidth 1000
 ip address 10.0.0.3 255.255.255.0
 ip mtu 1400
 ip nhrp authentication ABCD
 ip nhrp map 10.0.0.1 65.X.X.X
 ip nhrp map multicast 65.X.X.X
 ip nhrp network-id 99
 ip nhrp holdtime 450
 ip nhrp nhs 10.0.0.1
 ip tcp adjust-mss 1360
 no ip split-horizon eigrp 1
 delay 1000
 tunnel source Ethernet0
 --More--          tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile DMVPNPROF
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface Ethernet0
 ip address 192.168.X.X 255.255.255.0
 ip nat outside
 half-duplex
!
interface FastEthernet0
 ip address 172.X.X.X 255.255.255.128
 ip nat inside
 speed auto
!
router eigrp 1
 passive-interface Ethernet0
 network 10.0.0.0 0.0.0.255
 network 172.X.X.X 0.0.0.255
 network 192.168.0.0 0.0.255.255
 --More--          no auto-summary
!
ip nat inside source list 1 interface Tunnel1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.x.x
no ip http server
no ip http secure-server
!
!
access-list 1 permit 172.X.X.X.X 0.0.0.255
access-list 100 permit tcp any any eq 2000
access-list 100 permit udp any any range 16384 32768
dialer-list 1 protocol ip permit
!
!
!
line con 0
 password cisco
 login
line aux 0
line vty 0 4
 password cisco
 login
 --More--         !
end

Router#Start Free Trial
[+][-]08.24.2007 at 11:40PM PDT, ID: 19766994

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Virtual Private Networking (VPN), IPSec Security Protocol, Cisco PIX Firewall
Tags: spoke, dmvpn, dmpvn
Sign Up Now!
Solution Provided By: llyquid
Participating Experts: 1
Solution Grade: B
 
 
[+][-]03.25.2008 at 02:17PM PDT, ID: 21206306

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20081112-EE-VQP-44 / EE_QW_2_20070628