jefta
asked on
Multiple vpn setup
I have a lot of site's with cisco 827 ISO 12.2 or higher al the site's are connected with ADSL on the internet. Now i want connect these site together with a VPN session. I can't find a working configuration, or something close to what i need.
I need the VPN to monitoring the remote netwerks whit Whatsup Gold.
How can i setup a connection
VPN office 1 cisco827
HQ cisco827 -
VPN office 2 cisco827
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname *****
!
logging buffered 4096 debugging
aaa new-model
aaa authentication login default local-case
aaa authorization exec default local
aaa authorization network default local
enable secret 5 *************
enable password 7 ***********
!
username admin privilege 15 password 7
username controle privilege 7 password 7 !
!
!
!
clock timezone GMT 1
clock summer-time recurring last Sun Mar 1:00 last Sun Oct 1:00
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip name-server
ip dhcp excluded-address !
no ip bootp server
!
!
!
interface Ethernet0
ip address 192.168.
no ip proxy-arp
ip nat inside
no ip route-cache
no ip mroute-cache
load-interval 30
no keepalive
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no ip mroute-cache
load-interval 30
no atm ilmi-keepalive
pvc 0 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no peer default ip address
no cdp enable
ppp authentication pap callin
ppp pap sent-username ********** password 7 !
!
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.50.1 80 interface Dialer0 80
ip nat inside source static tcp 192.168.50.1 81 interface Dialer0 81
ip nat inside source static tcp 192.168.50.2 25 interface Dialer0 25
ip nat inside source static tcp 192.168.50.1 3389 interface Dialer0 3389
ip nat inside source static udp 192.168.50.1 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.50.2 83 interface Dialer0 83
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
no ip http server
!
logging trap debugging
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 137
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-ss
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip any host 255.255.255.255
dialer-list 1 protocol ip permit
no cdp run
snmp-server engineID local 000000090200000196A48390
Authorised access only!
Disconnect immediately if you are not an authorised user.
^C
!
I need the VPN to monitoring the remote netwerks whit Whatsup Gold.
How can i setup a connection
VPN office 1 cisco827
HQ cisco827 -
VPN office 2 cisco827
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname *****
!
logging buffered 4096 debugging
aaa new-model
aaa authentication login default local-case
aaa authorization exec default local
aaa authorization network default local
enable secret 5 *************
enable password 7 ***********
!
username admin privilege 15 password 7
username controle privilege 7 password 7 !
!
!
!
clock timezone GMT 1
clock summer-time recurring last Sun Mar 1:00 last Sun Oct 1:00
ip subnet-zero
no ip source-route
no ip finger
no ip domain-lookup
ip name-server
ip dhcp excluded-address !
no ip bootp server
!
!
!
interface Ethernet0
ip address 192.168.
no ip proxy-arp
ip nat inside
no ip route-cache
no ip mroute-cache
load-interval 30
no keepalive
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no ip mroute-cache
load-interval 30
no atm ilmi-keepalive
pvc 0 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
hold-queue 224 in
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no peer default ip address
no cdp enable
ppp authentication pap callin
ppp pap sent-username ********** password 7 !
!
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.50.1 80 interface Dialer0 80
ip nat inside source static tcp 192.168.50.1 81 interface Dialer0 81
ip nat inside source static tcp 192.168.50.2 25 interface Dialer0 25
ip nat inside source static tcp 192.168.50.1 3389 interface Dialer0 3389
ip nat inside source static udp 192.168.50.1 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.50.2 83 interface Dialer0 83
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
no ip http server
!
logging trap debugging
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 137
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-ss
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip any host 255.255.255.255
dialer-list 1 protocol ip permit
no cdp run
snmp-server engineID local 000000090200000196A48390
Authorised access only!
Disconnect immediately if you are not an authorised user.
^C
!
ASKER
>ip address negotiated...
I: Do all the sites have non-overlapping address ranges?
Yes
B: Are all the sites using dynamic IP
No static
3: does HQ have a static?
Yes, all have a cisco 827 router
If that's the case you can get the remote sites to phone home -take a look at
I: Do all the sites have non-overlapping address ranges?
Yes
B: Are all the sites using dynamic IP
No static
3: does HQ have a static?
Yes, all have a cisco 827 router
If that's the case you can get the remote sites to phone home -take a look at
well - that presents a little design challenge
What are the chances of getting a static address at HQ?
What are the chances of getting a static address at HQ?
ASKER
All the site's have a STATIC IP adres, they al running on a ADSL line, i want to setup a vpn session to each off the site, but i can't find a good configuration for it
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
listening...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I: Do all the sites have non-overlapping address ranges?
B: Are all the sites using dynamic IP
3: does HQ have a static?
If that's the case you can get the remote sites to phone home -take a look at
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml