Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco CISCO877-K9 config

Posted on 2009-05-19
4
Medium Priority
?
721 Views
Last Modified: 2012-05-07
Hi Guys,

Im replacing a Draytek Vigor 2800 with a CISCO877-K9.

Its been a very long time since Ive been anywhere near Cisco kit and need to set this on up pretty fast with a LAN interface, DSL Connection, Static route and finally a IPSec VPN

Here is the details of what i need to configure (I cahnged any WAN addresses to ficticious ones) please could some body help me with this?

Many thanks






-=LAN=-
ip=192.168.57.1
s.net=255.255.255.0

No DHCP server


-=WAN=-

ISP=BT

PPPoE / PPPoA
VPI: 0
VCI: 38
Encapsulating type=VC MUX
Protocol=PPPoA
Modulation=G.DMT

Username=XXX@XXX.btclick.com
Password = ???

PPP Authentication= PAP or CHAP

Fixed IP= 81.81.81.81



-=Static routes=-

route #1
dest=192.168.54.0
s.net=255.255.255.0
g.way=192.168.57.3
i/face=LAN

-= VPN =-

IPSec
Target IP=213.213.213.213
IKE Authentication
IKE PSK= ?????
IPSec Security=Medium

RIP Direction=TX/RX Both
For NAT operation, treat remote sub-net as Private IP


TCPIP
My WAN IP=0.0.0.0
rEMOTE gw wan ip=192.168.200.254
Remote NW IP=192.168.200.0
Remote NW Mask=255.255.255.0

0
Comment
Question by:arundelr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:arundelr
ID: 24422904
Just to let you know I have connected using the Console cable and am using Hyper terminal

0
 

Author Comment

by:arundelr
ID: 24424704
I managed to get the LAN interface configurede and access via the web interface, here is my config so far
knbsap#show config
Using 1340 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname knbsap
!
boot-start-marker
boot-end-marker
!
enable secret*************
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1171943734
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1171943734
 revocation-check none
 rsakeypair TP-self-signed-1171943734
!
!
crypto pki certificate chain TP-self-signed-1171943734
 certificate self-signed 01 nvram:IOS-Self-Sig#5.cer
dot11 syslog
ip cef
!
!
!
!
!
username ****** privilege 15 password****
username*****privilege 15 password****
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 192.168.57.1 255.255.255.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 1
 privilege level 15
 login local
 transport input telnet ssh
line vty 2 4
 login
!
scheduler max-task-time 5000
end
 
knbsap#

Open in new window

0
 
LVL 15

Assisted Solution

by:bkepford
bkepford earned 2000 total points
ID: 24557164
This config is from a 876 but I added in the PPPoA template and the ATM interface (the ATM interface configuration is not tested so look at it first).

Again this config is mix matched and hasn't been tested but it may give you a starting point.
ip inspect log drop-pkt
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name myfw icmp
ip inspect name myfw http
ip inspect name myfw https
ip inspect name myfw cuseeme
ip inspect name myfw dns
ip inspect name myfw ftp
ip inspect name myfw h323
ip inspect name myfw imap
ip inspect name myfw pop3
ip inspect name myfw netshow
ip inspect name myfw rcmd
ip inspect name myfw realaudio
ip inspect name myfw rtsp
ip inspect name myfw esmtp
ip inspect name myfw sqlnet
ip inspect name myfw streamworks
ip inspect name myfw tftp
ip inspect name myfw vdolive
ip inspect name myfw sip
ip inspect name myfw sip-tls
ip inspect name myfw oraclenames
ip inspect name myfw oracle
ip inspect name myfw oracle-em-vp
ip inspect name myfw orasrv
!
vpdn enable
vpdn-group 1
 accept dialin 
  protocol pppoe 
  virtual-template 1
!
!
username adminperson privilege 15 password <PASSWORD>
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key <PRESHARED KEY> address 213.213.213.213
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set Preferred esp-3des esp-sha-hmac
!
crypto map VPN_MAP 118 ipsec-isakmp
 set peer 213.213.213.213
 set security-association lifetime seconds 3600
 set transform-set Preferred
 set pfs group2
 match address VPN_TRAFFIC
!
!
interface ATM0.38 point-to-point
 no ip address
 no shutdown
 pvi ATM 0/38
   encapsulation aal5mux ppp virtual-template 1
 no atm ilmi-keepalive
 dsl operating-mode auto
 
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface virtual-template 1
 description $FW_OUTSIDE$$ES_WAN$
 ip address 81.81.81.81 255.255.255.0
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 ip access-group 101 in
 ppp authentication chap pap callin
 ppp chap hostname XXX@XXX.btclick.com
 ppp chap password <PASSWORD>
 ppp pap sent-username XXX@XXX.btclick.com password <PASSWORD>
 crypto map VPN_MAP
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.57.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect myfw in
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 <DEFAULT GATEWAY>
ip route 192.168.54.0 255.255.255.0 192.168.57.3
!
ip nat inside source list 102 interface virtual-template 1 overload
!
ip access-list extended VPN_TRAFFIC
 permit ip 192.168.57.0 0.0.0.255 192.168.200.0 0.0.0.255
!
access-list 101 deny   ip any any log
access-list 102 deny ip 192.168.57.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 102 permit ip any any

Open in new window

0
 

Accepted Solution

by:
arundelr earned 0 total points
ID: 24557787
Hi,

Thanks for your input, no idea if yours works or not, after much effort I managed to get it working on the day I posted the question.

I have XX over the actual IP address and keys and posted my config just incase anybody else comes across this issue in future

cheers
Building configuration...
 
Current configuration : 3853 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname knbsap
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret ***********
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1171943734
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1171943734
 revocation-check none
 rsakeypair TP-self-signed-1171943734
!
!
crypto pki certificate chain TP-self-signed-1171943734
 certificate self-signed 01
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
        quit
dot11 syslog
ip cef
!
!
!
!
!
username *********1 privilege 15 secret ***********
username********* privilege 15 secret ***************
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel toXXX.XXX.XXX.XXX
 set peer XXX.XXX.XXX.XXX
 set transform-set ESP-3DES-SHA
 match address 100
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 192.168.xx.x 255.255.255.0
 ip tcp adjust-mss 1412
!
interface Dialer1
 ip address xx.xxx.xxx.xxx 255.255.255.248
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname XXXXXX@hg7.btclick.com
 ppp chap password 0 xxxxxx
 ppp pap sent-username xxxxxxx@hg7.btclick.com password 0 xxxxxxx
 crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.xx.x 255.255.255.0 192.168.xx.x permanent
!
ip http server
ip http authentication local
ip http secure-server
!
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.xx.0 0.0.0.255 192.168.xx.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 1
 privilege level 15
 login local
 transport input telnet ssh
line vty 2 4
 login
!
scheduler max-task-time 5000
end

Open in new window

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question