Choosing VPN interface

Similar Messages

• EA6500 - VPN interface and VLan configuration feature?

  Does EA6500 has any kind of built-in VPN interface and also built-in VLan configuration feature??

  This particular router has VPN passthrough and you may open ports when needed for VPN to work behind it. As for VLAN configuration, this router is not designed for that. Everything that you would like to know about the router just click here

• Help: How to choose egress interface by the internal source IP in ASA5520?

  Hi there,
  I'm using ASA 5520: ASA ver 8.4(4)1, ASDM ver 6.4(9), firewall mode: Routed.
  There are 2 WAN Interfaces for this ASA: Port 0/3 named 100M; Port 0/0 named Outside.
  One LAN interface is Port 0/1 (10.1.0.0/16) There are 2 groups of users, which can be diffentiate by their IP addresses.
  UserGroup A: 10.1.6.0/24; UserGroup B is all other LAN users, 10.1.0.0/16, except 10.1.6.0/24.
  I'd like to route the Internet traffic as below:
  When A accesses Internet, traffic goes thru Port 0/3.
  When B accesses Internet, traffic goes thru Port 0/1.
  I can't set static-route by checking their source IP, I can't set policy based routing either.
  How can this be achieved in my ASA5520?
  Thanks,
  Tony

  Hi,
  I guess you need to use a separate router to do the PBR on the basis of the public NAT IP address (and then choose the correct gateway) of the users or build something on the LAN side in the sameway
  I guess you could also separate the users on different LAN networks and change the ASA to run in multiple context mode and create different firewall context for both LAN networks (I think every ASA has a license that permits 2 context (admin context isnt counted into this), you can check it with "show version" command). Then again this option would eliminate the use of VPN. (Though L2L VPN are supposedly coming available in multiple context mode later)
  Something tells me though that the second option would simply mean too much work or if you are using VPN on the ASA it would mean you would need separate VPN device.
  - Jouni

• Router vpn interface

  Hi,
  I ususally use cisco asa to connect site to site vpn.  The outside Eth0/0 intereface I ususally use for public internet static IP and eth0/1 to connect internal network.
  For router.  I have saw a lot of example over the web.  It usually use FE0/1 for public internet static IP for both site to site VPN connection point and FE0/0 for internal network.  Could you tell me why ?  My concept is outside interface of FE0/0 must use for public IP address because the less security level.  Please help to explain.  Thank you

  Hi,
  The interface ID doesnt have anything to do with the interfaces security on its own. On an ASA the "security-level" is used to define which is the least secure interface (the one facing Internet), not the port ID.
  You are free to use any physical interface on a Cisco Router or ASA to whatever purpose you want.
  Most people tend to use the port with the ID 0/0 for "outside" and the others for local network connections.
  There is nothing stopping you from using something different.
  - Jouni

• Netctl & VPN interface.

  Hello.
  I just took my certificate from my university to use it within the VPN but i cannot find a way to create an interface for netctl to use it with VPN.
  I want to make a netctl interace so to enable/disable when i need it.
  I search in internet for "netctl and VPN connection" but nothing found.
  Can someone give me a hint on how to achieve a VPN connection ?
  Thanks a lot.

  It does not look like netctl is supporting, or is going to support OpenVPN. See [1]
  Why don't you want to use systemctl to start the Openvpn connection when needed?
  I'm using it that way and it works without any problems.
  newpipe
  [1] https://bugs.archlinux.org/task/34718

• Choosing Receiver Interface (IDoc or RFC) without using BPM

  Hi,
  We have a scenario wherein the receiver interface (either IDoc or RFC) must be dynamically determined at runtime based on the source message. I've tried using Multi-Mapping but this did not work since IDoc and RFC interfaces are not on the same Adapter Engine.
  How do I configure this scenario without using BPM?
  Thanks,
  Francis

  Hi,
  >That was my first solution but it did not work since it seems that conditions only work for determining the Operation Mapping to use for the same Receiver interfaces.
  not true - not only Operation Mapping but also receiver agreement
  so the receiver's channel
  >I was misled into thinking that we could use it to dynamically determine the receiver interface.
  but you can do it over there
  intrface determination can be used for pseudo receiver determination too
  so you can have one interface that either goes to one
  channel or the other (within the same receiver)
  Regards,
  Michal Krawczyk

• Choose DDR3 interface between PL

  Hi,
  I'm using an evaluation board with the ZC702 SoC. I want to process video stream with pclk = 40 MHz and my system now is working at 160 MHz.
  For processing video I need to do an interpolation for each pixel (1280*720). The problem is that the weights of these interpolations are stored in the DDR3 exactly I need 2 coefficients of 32 bits foreach pixel. Actually I have a VDMA that reads one image stored in DDR3 and show it in a video panel this part works well.
  My problem is when I try to read the 2 coefficients for doing the interpolation. I have tried doing it by using a simple AXI Master interface but I have problems with the synchronization (the coefficients arrives to the interpolation part too late). Now I'm going to try with a more sophisticated Xilinx's IP core, but i don't know what is the best option to achieve my purpose.
  I'm thinking in two candidates first of all DataMover but I dont know how to send the commands (I have to create a module that send the commands or Xilin's provides an IP core to send it) and what is the maximum amount of data that can be transferred by DataMover (In my case I need to move 7372800 bytes of data). The other candidate is use a VDMA (but I think it is a waste of resources)
  Thank you for your replies

  Hi,
   Yes i asserted the tvalid first and then wait for the tready.
  I have found a reason for this strange behaviour. It seems that the datamover is on reset state and in the product guide appears a m_axi_mm2s_aresetn signal but when I import the IP core (only mm2s) this signal doesn't appear.
  This is because in the .mpd file of the datamover appears an error related with the m_axi_mm2s_aresetn signal. I have upload a picture where you can find the problem. It means that the m_axi_mm2s_aresetn signal only appears if the s2mm side is enabled.
  I don't know if it is an issue or this is for some reason that I don't understand. Where do I have to report this circumstance?
  Thank you,

• Choose Disk interface extremely slow

  Odd problem. On my MacPro I've been backing up to an external FW800 drive for quite awhile. Earlier last week I moved that drive to my Leopard Server, repartitioned it and reformatted it. I've made it available as a time machine backup destination and my Mini and MBP are happily backing up to it now.
  Problem is on the MacPro when I select "Change Disk" in the time machine preferences it takes forever to bring up a list (at least a minute). On that list I see my local drives and the server drive. Each refresh of the list takes a minute or more (i.e. I click no disk or the server drive). Eventually I get the server drive selected and when it goes to back up it says the drive can't be mounted.
  Any idea what's going on?

  Hello oswaldt,
  Do you still experience the "slow interface" problem with Time Machine?
  I had the same with Mac OS 10.5.4 Server on a PowerMac G5. The problem went away after a fresh install. But now having switched on a MacPro and done a bit of configuration on the server, I get the "slow interface" problem back.
  Here's what I've done so far, so you may recognize something in your setup:
  - Server boot disc is a mirror of 2 x 250 GB (internal).
  - The 2 other internal drives are 500 GB each, and were concatenated.
  - A Sonnet Fusion D500P is connected through a Sonnet Tempo SATA E4P controller card. Tower is loaded this way:
  -- bay 1: 500 GB
  -- bay 2: 500 GB
  -- bay 3: 1000 GB
  -- bay 4: 500 GB
  -- bay 5: 500 GB
  bay 1 and 4 are stripped (STRIP1);
  bay 2 and 5 are also stripped (STRIP2);
  STRIP1 and STRIP2 are mirrored;
  bay 3 is the TimeMachine backup drive;
  All disc mirroring, contenation and stripping were done using DiskUtility.
  [edit]: I've forgot, I also have a 300 GB Maxtor OneTouch drive connected through FireWire...
  The MacPro has 8GB of RAM.
  On the server config side, I have:
  - Fixed IP address;
  - working DNS setup with a custom-made top-level zone for the LAN;
  - freshly started OpenDirectory service;
  - AFP service running (automatic configuration, I've touched nothing);
  - no other service running for now;
  - hostname returned by command "hostname" in Terminal is not <nameOfComputer>.local. It's a fully qualified name like server.gti.lan.
  Note that, on my side, although the interface is very slow, I can get TimeMachine to work. So I suspect there are two problems in your case: slow GUI response time, and then drive-related issue.
  Let me know what you can find. I've seen very few posts regarding that problem, and found none answered so far...
  Message was edited by: Frederic Denis

• Choosing USB interface

  Hi everyone,
  just started fooling around with the garage band and decided to buy USB interface. I only record music myself. I play Acoustic/Electric guitar.
  I found these three following products:
  1) Line 6 Pod Studio GX
  2) M-Audio Fast Track
  3) Apogee One
  Would you advise me which one I should buy and why.
  I know this may be silly question, but I need your suggestion.
  Thanks!

  The One is ok...don't like the I/O limitations...onboard mic is decent for what it is. But for the same price I would consider looking at Motu's Microbook.
  Two channels not one, better I/O, on board EQ and Compression plugs, balanced outputs, etc.
  http://www.motu.com/products/motuaudio/microbook

• 1841 VPN Interface Module

  Hello,
  I would like to know if AIM-VPN/EPII-PLUS (at the moment installed in 2821 ISR) is compatible with 1841 modular router?
  Thanks.

  From this article:
  http://www.cisco.com/en/US/partner/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016a59b.html
  AIM-Based VPN Acceleration
  • Support for an optional dedicated VPN AIM can deliver two to three times the performance of embedded encryption capabilities.
  AIM supports 2 or 3 times without the card, so I assume if AIM can support 800 tunnels, without AIM will probably support around 250-300 tunnels.

• Wrvs4400n IPsev VPN interface

  I have had no problems setting up other features of the wrvs4400n, even though it does dumb things like display the actual passwords for VPN Client Accounts in clear text, but when trying to configure the IPsec VPN portion of the wrvs4400n I keep getting strange -if not buggy- behavior as I try to adjust the settings.
  Has anyone else run across any of these??
  1) On the main IPsec VPN screen under "Key Management", I set PFS to "Enable", but PFS keeps setting itself back to "Disable" whenever I save settings.
  2) Likewise the "Pre-Shared key" and "Key Life Time" keep reseting to blank and 0 respectively after saving settings. I get a warning that they are not set unless I reenter them so they are not being set and not displayed.
  3) The "Advanced VPN Tunnel Setup" window which one must go to if one sets the "Remote Security Gateway Type" to "Any" in order to change "Local Identity" to "Name" (as instructed by another warning) does not seem to want to save ANY configuration information. So one can not change "Local Identity" to "Name", nor "Authentication", "Group" etc. and have them set when it opens again.
  I notice that "PFS" is Always set to "Disable" in the "Advanced VPN Tunnel Setup" window, and I guess this is because it is not getting set in the main "IPsec VPN" window.
  I notice also that I have to enable pop-ups in my browser for the "Advanced VPN Tunnel Setup" window to appear, even though this is not necessary for other windows like the logs, or help.
  I'm using the latest firmware v1.00.13 and have tried setting IPsec up using Firefox and Safari, on windows, and Mac with the same result. Any ideas??
  thanks!

  It could have either been a problem flashing the firmware the first time or some bad behavior because of the pop-up window getting blocked and somehow messing with the internal config, but after I re-flashed and reset the router to defaults I've had no problems... Thanks!!

• Force Application to choose network interface

  Hi Everyone,
  My target computer as two NIC,
  Eth1:
  IP: 192.168.0.14
  Mask: 255.255.255.0
  GateWay: 192.168.0.254
  Eth2:
  IP: 10.2.5.168
  Mask: 255.255.0.0
  Gateway: Blank
  Eth1 is supposed to be connected to the network, Eth2 is only connected to a camera.
  I use a Blank String Control connected to the string to IP VI as in the attached pic to retrieve the computer IP address and use it to find the presence of another equipement on Eth1 subnet,
  Unfortunatly when the Eth2 cam is connected and configured the blank string control gives back the IP of the Eth2.
  According to this page http://www.ni.com/white-paper/12558/en I have set the right configuration, but I still have this problem.
  How can I force the soft to use the right NIC
  I have also read this topic: http://forums.ni.com/t5/LabVIEW-Idea-Exchange/Allow-user-to-select-the-which-NIC-to-use-for-network/... and I don't understand why it has been rejected
  Thanks a lot,
  Solved!
  Go to Solution.
  Attachments:
  BlankIP.JPG ‏11 KB

  Right click on string-ip and select multiple output. You should then be able to perform a check on the array to pull out the relevant IP address.
  edit: Here's a way to show all the IPs as an array of strings. Probably not the most elegant or efficient way to do it though

• Need Cisco VPNClient for 10.8. Available? Will OS VPN work with Cisco?

  Need to connect to VPN serve using Cisco VPNClient but cannot find client for OS 10.8. Last VPN Client I have only works in 32 bit mode. Anyway to use OS VPN?

  Have you tried setting up a Cisco connection through the VPN network preference panel? You need an account credentials (name and password) as well as either a certiicate or a general password.
  System Preferences - Network - add network port - choose VPN interface - choose Cisco IPSec type, then configure it as needed.
  Matt

• Inside lan is not reachable even after cisco Remote access vpn client connected to router C1841 But can ping to the router inside interface and loop back interface but not able to ping even to the directly connected inside device..??

  Hii frnds,
  here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
  Below is the out put from the router
  r1#sh run
  Building configuration...
  Current configuration : 3488 bytes
  ! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
  ! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
  version 15.1
  service config
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname r1
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
  aaa new-model
  aaa authentication login local-console local
  aaa authentication login userauth local
  aaa authorization network groupauth local
  aaa session-id common
  dot11 syslog
  ip source-route
  ip cef
  ip domain name r1.com
  multilink bundle-name authenticated
  license udi pid CISCO1841 sn FHK145171DM
  username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
  username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group ra-vpn
  key xxxxxx
  domain r1.com
  pool vpn-pool
  acl 150
  save-password
    include-local-lan
  max-users 10
  crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
  crypto dynamic-map RA 1
  set transform-set my-vpn
  reverse-route
  crypto map ra-vpn client authentication list userauth
  crypto map ra-vpn isakmp authorization list groupauth
  crypto map ra-vpn client configuration address respond
  crypto map ra-vpn 1 ipsec-isakmp dynamic RA
  interface Loopback0
  ip address 10.2.2.2 255.255.255.255
  interface FastEthernet0/0
  bandwidth 8000000
  ip address 117.239.xx.xx 255.255.255.240
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map ra-vpn
  interface FastEthernet0/1
  description $ES_LAN$
  ip address 192.168.10.252 255.255.255.0 secondary
  ip address 10.10.10.1 255.255.252.0 secondary
  ip address 172.16.0.1 255.255.252.0 secondary
  ip address 10.10.7.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip local pool vpn-pool 172.18.1.1   172.18.1.100
  ip forward-protocol nd
  ip http server
  ip http authentication local
  no ip http secure-server
  ip dns server
  ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
  ip nat inside source list 100 pool INTERNETPOOL overload
  ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
  access-list 100 permit ip 10.10.7.0 0.0.0.255 any
  access-list 100 permit ip 10.10.10.0 0.0.1.255 any
  access-list 100 permit ip 172.16.0.0 0.0.3.255 any
  access-list 100 permit ip 192.168.10.0 0.0.0.255 any
  access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
  access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
  access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
  control-plane
  line con 0
  login authentication local-console
  line aux 0
  line vty 0 4
  login authentication local-console
  transport input telnet ssh
  scheduler allocate 20000 1000
  end
  r1>sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, + - replicated route
  Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 117.239.xx.xx
        10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
  C        10.2.2.2/32 is directly connected, Loopback0
  C        10.10.7.0/24 is directly connected, FastEthernet0/1
  L        10.10.7.1/32 is directly connected, FastEthernet0/1
  C        10.10.8.0/22 is directly connected, FastEthernet0/1
  L        10.10.10.1/32 is directly connected, FastEthernet0/1
        117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        117.239.xx.xx/28 is directly connected, FastEthernet0/0
  L        117.239.xx.xx/32 is directly connected, FastEthernet0/0
        172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
  C        172.16.0.0/22 is directly connected, FastEthernet0/1
  L        172.16.0.1/32 is directly connected, FastEthernet0/1
        172.18.0.0/32 is subnetted, 1 subnets
  S        172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
        192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
  C        192.168.10.0/24 is directly connected, FastEthernet0/1
  L        192.168.10.252/32 is directly connected, FastEthernet0/1
  r1#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  117.239.xx.xx   49.206.59.86    QM_IDLE           1043 ACTIVE
  IPv6 Crypto ISAKMP SA
  r1 #sh crypto ipsec sa
  interface: FastEthernet0/0
      Crypto map tag: giet-vpn, local addr 117.239.xx.xx
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
     current_peer 49.206.59.86 port 50083
       PERMIT, flags={}
      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
       path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
       current outbound spi: 0x550E70F9(1427009785)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x5668C75(90606709)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550169/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x550E70F9(1427009785)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550170/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:

  hi  Maximilian Schojohann..
  First i would like to Thank you for showing  interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF "  Router cpu processer goes to 99% and hangs...
  In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
  so plz give me an alternate solution ....thanks in advance....

• Help with Remote access VPN on Cisco router 3925 via Dialer Interface

  Hi Everybody,
  I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link.  I want config VPN Remote Access and using software Cisco VPN client. But it doesn't  work.. Here my config router :
  HUNRE#show running-config
  Building configuration...
  Current configuration : 5515 bytes
  ! No configuration change since last restart
  version 15.3
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname HUNRE
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
  enable password cisco
  aaa new-model
  aaa session-id common
  crypto pki trustpoint TP-self-signed-1050416327
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1050416327
   revocation-check none
   rsakeypair TP-self-signed-1050416327
  crypto pki certificate chain TP-self-signed-1050416327
   certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
    31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
    31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
    5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
    3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
    3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
    2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
    551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
    03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
    2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
    35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
    83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
    15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
    35A0B9FB FB76E976 3D2A19D7 006078
          quit
  ip name-server 210.245.1.253
  ip name-server 210.245.1.254
  ip cef    
  no ipv6 cef
  multilink bundle-name authenticated
  vpdn enable
  vpdn-group 1
  vpdn-group 2
  license udi pid C3900-SPE100/K9 sn FOC1823839B
  license boot module c3900 technology-package securityk9
  username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
  username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
  redundancy
  track 1 ip sla 1 reachability
  track 2 ip sla 2 reachability
  crypto isakmp policy 1
   encr 3des
   authentication pre-share
   group 2
  crypto isakmp client configuration group VPN-HUNRE
   key hunre
   dns 8.8.8.8
   domain hunre
   pool IP-VPN
   acl 199
   max-users 100
  crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
   mode tunnel
  crypto dynamic-map DYNMAP 1
   set transform-set encrypt-method-1
  crypto map VPN client configuration address respond
  crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
  interface Embedded-Service-Engine0/0
   no ip address
   shutdown
  interface GigabitEthernet0/0
   ip address 192.168.1.1 255.255.255.0
   ip mtu 1492
   ip nat inside
   ip virtual-reassembly in
   ip tcp adjust-mss 1412
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   description FPT
   no ip address
   ip tcp adjust-mss 1412
   duplex auto
   speed auto
   pppoe enable group global
   pppoe-client dial-pool-number 1
  interface GigabitEthernet0/2
   description Connect to CMC
   no ip address
   ip mtu 1442
   ip nat outside
   ip virtual-reassembly in
   ip tcp adjust-mss 1412
   duplex auto
   speed auto
   pppoe enable group global
   pppoe-client dial-pool-number 2
   no cdp enable
  interface Dialer1
   ip address negotiated
   ip mtu 1452
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname [USERNAME]
   ppp chap password 0 [PASSWORD]
   ppp pap sent-username [USERNAME] password 0 [PASSWORD]
   ppp ipcp dns request
   crypto map VPN
  interface Dialer2
   description Logical ADSL Interface 2
   ip address negotiated
   ip mtu 1442
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   ip tcp adjust-mss 1344
   dialer pool 2
   dialer-group 2
   ppp authentication chap pap callin
   ppp chap hostname [USERNAME]
   ppp chap password 0 [PASSWORD]
   ppp pap sent-username [USERNAME] password 0 [PASSWORD]
   ppp ipcp address accept
   no cdp enable
  ip local pool IP-VPN 10.252.252.2 10.252.252.245
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip nat inside source list 10 interface Dialer1 overload
  ip nat inside source list 11 interface Dialer2 overload
  ip nat inside source static 10.159.217.10 interface Dialer1
  ip nat inside source list 199 interface Dialer1 overload
  ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
  ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip route 10.159.217.0 255.255.255.0 192.168.1.8
  ip sla auto discovery
  ip sla responder
  dialer-list 1 protocol ip permit
  dialer-list 2 protocol ip permit
  access-list 10 permit any
  access-list 11 permit any
  access-list 101 permit icmp any any
  access-list 199 permit ip any any
  control-plane
  line con 0
  line aux 0
  line 2
   no activation-character
   no exec
   transport preferred none
   transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
   stopbits 1
  line vty 0 4
   password cisco
   transport input all
  line vty 5 15
   password cisco
   transport input all
  scheduler allocate 20000 1000
  ntp master
  end
  However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
  Hopeful for your answers !
  Thanks

  Hi David Castro,
  Thanks for your answer,
  I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE  and my router receive IP from ISP. Here show ip int brief :
  GigabitEthernet0/0         192.168.1.1     YES NVRAM  up                    up      
  GigabitEthernet0/1         unassigned      YES NVRAM  up                    up      
  GigabitEthernet0/2         unassigned      YES NVRAM  up                    up      
  Dialer1                    210.245.54.49   YES IPCP   up                    up      
  Dialer2                    101.99.7.73     YES IPCP   up                    up      
  NVI0                       192.168.1.1     YES unset  up                    up      
  Virtual-Access1            unassigned      YES unset  up                    up      
  Virtual-Access2            unassigned      YES unset  up                    up      
  Virtual-Access3            unassigned      YES unset  up                    up 
  But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
  Thanks very much !