Choosing VPN interface
I finally got my Mac Mini server not long ago, and i love it, but i ran into a minor problem with the VPN.
Ill explain my network setup first:
- I have two separate WAN connections
-- WAN1 <==> Airport Extreme =en2=[ Lion Server ]=en0=[ internal network ]
The network that is behind the Airport Extreme only contains the server secondary interface.
-- WAN2 <==> BSD Firewall <==> Switch ==[ internal network ]
The network that is behind the BSD Firewall contains all out local machines, i do not want to punch any holes in this firewall.
This is where the en0 from the server is connected. En0 is also set as the server primary interface.
My thought behind this setup was to have VPN access for me and my friends to the network that is on WAN1, without letting them access
or see any of the machines located on the internal network.
The problem is that when we try to connect trough WAN1, we get no response at all.
- the correct ports are open on the Airport Extreme
- the VPN server is running
- its configured to assign IP addresses on the subnet of the Airport Extreme, none of these addresses can be assigned by the Airport Extreme.
- we tried to connect on the Airport Extreme´s subnet, same issues
If we connect from the subnet behind the BSD firewall
- no problem at all
The server will only let us connect to its primary interface(en0), any attempts connecting to its secondary interface(en2) using VPN is ignored.
Is there some way to choose which interface the VPN server should listen on?
I have looked at the output from running
$ sudo serveradmin settings vpn
but no indication of any setting that dictates the interface to which it should listen.
Is this something that is even possible to set or in other ways configure?
Yes it is. Not sure where it is in PDM, somewhere in the vpn options, but is probably a check box that says something about allowing inbound ipsec sessions to bypass interface access lists. Is this pix 6 or version 7? Oops, skimmed through too fast, you're doing pptp, don't think that will work. Post a clean config.
Similar Messages
-
EA6500 - VPN interface and VLan configuration feature?
Does EA6500 has any kind of built-in VPN interface and also built-in VLan configuration feature??
This particular router has VPN passthrough and you may open ports when needed for VPN to work behind it. As for VLAN configuration, this router is not designed for that. Everything that you would like to know about the router just click here
-
Help: How to choose egress interface by the internal source IP in ASA5520?
Hi there,
I'm using ASA 5520: ASA ver 8.4(4)1, ASDM ver 6.4(9), firewall mode: Routed.
There are 2 WAN Interfaces for this ASA: Port 0/3 named 100M; Port 0/0 named Outside.
One LAN interface is Port 0/1 (10.1.0.0/16) There are 2 groups of users, which can be diffentiate by their IP addresses.
UserGroup A: 10.1.6.0/24; UserGroup B is all other LAN users, 10.1.0.0/16, except 10.1.6.0/24.
I'd like to route the Internet traffic as below:
When A accesses Internet, traffic goes thru Port 0/3.
When B accesses Internet, traffic goes thru Port 0/1.
I can't set static-route by checking their source IP, I can't set policy based routing either.
How can this be achieved in my ASA5520?
Thanks,
TonyHi,
I guess you need to use a separate router to do the PBR on the basis of the public NAT IP address (and then choose the correct gateway) of the users or build something on the LAN side in the sameway
I guess you could also separate the users on different LAN networks and change the ASA to run in multiple context mode and create different firewall context for both LAN networks (I think every ASA has a license that permits 2 context (admin context isnt counted into this), you can check it with "show version" command). Then again this option would eliminate the use of VPN. (Though L2L VPN are supposedly coming available in multiple context mode later)
Something tells me though that the second option would simply mean too much work or if you are using VPN on the ASA it would mean you would need separate VPN device.
- Jouni -
Hi,
I ususally use cisco asa to connect site to site vpn. The outside Eth0/0 intereface I ususally use for public internet static IP and eth0/1 to connect internal network.
For router. I have saw a lot of example over the web. It usually use FE0/1 for public internet static IP for both site to site VPN connection point and FE0/0 for internal network. Could you tell me why ? My concept is outside interface of FE0/0 must use for public IP address because the less security level. Please help to explain. Thank youHi,
The interface ID doesnt have anything to do with the interfaces security on its own. On an ASA the "security-level" is used to define which is the least secure interface (the one facing Internet), not the port ID.
You are free to use any physical interface on a Cisco Router or ASA to whatever purpose you want.
Most people tend to use the port with the ID 0/0 for "outside" and the others for local network connections.
There is nothing stopping you from using something different.
- Jouni -
Netctl & VPN interface.
Hello.
I just took my certificate from my university to use it within the VPN but i cannot find a way to create an interface for netctl to use it with VPN.
I want to make a netctl interace so to enable/disable when i need it.
I search in internet for "netctl and VPN connection" but nothing found.
Can someone give me a hint on how to achieve a VPN connection ?
Thanks a lot.It does not look like netctl is supporting, or is going to support OpenVPN. See [1]
Why don't you want to use systemctl to start the Openvpn connection when needed?
I'm using it that way and it works without any problems.
newpipe
[1] https://bugs.archlinux.org/task/34718 -
Choosing Receiver Interface (IDoc or RFC) without using BPM
Hi,
We have a scenario wherein the receiver interface (either IDoc or RFC) must be dynamically determined at runtime based on the source message. I've tried using Multi-Mapping but this did not work since IDoc and RFC interfaces are not on the same Adapter Engine.
How do I configure this scenario without using BPM?
Thanks,
FrancisHi,
>That was my first solution but it did not work since it seems that conditions only work for determining the Operation Mapping to use for the same Receiver interfaces.
not true - not only Operation Mapping but also receiver agreement
so the receiver's channel
>I was misled into thinking that we could use it to dynamically determine the receiver interface.
but you can do it over there
intrface determination can be used for pseudo receiver determination too
so you can have one interface that either goes to one
channel or the other (within the same receiver)
Regards,
Michal Krawczyk -
Choose DDR3 interface between PL
Hi,
I'm using an evaluation board with the ZC702 SoC. I want to process video stream with pclk = 40 MHz and my system now is working at 160 MHz.
For processing video I need to do an interpolation for each pixel (1280*720). The problem is that the weights of these interpolations are stored in the DDR3 exactly I need 2 coefficients of 32 bits foreach pixel. Actually I have a VDMA that reads one image stored in DDR3 and show it in a video panel this part works well.
My problem is when I try to read the 2 coefficients for doing the interpolation. I have tried doing it by using a simple AXI Master interface but I have problems with the synchronization (the coefficients arrives to the interpolation part too late). Now I'm going to try with a more sophisticated Xilinx's IP core, but i don't know what is the best option to achieve my purpose.
I'm thinking in two candidates first of all DataMover but I dont know how to send the commands (I have to create a module that send the commands or Xilin's provides an IP core to send it) and what is the maximum amount of data that can be transferred by DataMover (In my case I need to move 7372800 bytes of data). The other candidate is use a VDMA (but I think it is a waste of resources)
Thank you for your repliesHi,
Yes i asserted the tvalid first and then wait for the tready.
I have found a reason for this strange behaviour. It seems that the datamover is on reset state and in the product guide appears a m_axi_mm2s_aresetn signal but when I import the IP core (only mm2s) this signal doesn't appear.
This is because in the .mpd file of the datamover appears an error related with the m_axi_mm2s_aresetn signal. I have upload a picture where you can find the problem. It means that the m_axi_mm2s_aresetn signal only appears if the s2mm side is enabled.
I don't know if it is an issue or this is for some reason that I don't understand. Where do I have to report this circumstance?
Thank you, -
Choose Disk interface extremely slow
Odd problem. On my MacPro I've been backing up to an external FW800 drive for quite awhile. Earlier last week I moved that drive to my Leopard Server, repartitioned it and reformatted it. I've made it available as a time machine backup destination and my Mini and MBP are happily backing up to it now.
Problem is on the MacPro when I select "Change Disk" in the time machine preferences it takes forever to bring up a list (at least a minute). On that list I see my local drives and the server drive. Each refresh of the list takes a minute or more (i.e. I click no disk or the server drive). Eventually I get the server drive selected and when it goes to back up it says the drive can't be mounted.
Any idea what's going on?Hello oswaldt,
Do you still experience the "slow interface" problem with Time Machine?
I had the same with Mac OS 10.5.4 Server on a PowerMac G5. The problem went away after a fresh install. But now having switched on a MacPro and done a bit of configuration on the server, I get the "slow interface" problem back.
Here's what I've done so far, so you may recognize something in your setup:
- Server boot disc is a mirror of 2 x 250 GB (internal).
- The 2 other internal drives are 500 GB each, and were concatenated.
- A Sonnet Fusion D500P is connected through a Sonnet Tempo SATA E4P controller card. Tower is loaded this way:
-- bay 1: 500 GB
-- bay 2: 500 GB
-- bay 3: 1000 GB
-- bay 4: 500 GB
-- bay 5: 500 GB
bay 1 and 4 are stripped (STRIP1);
bay 2 and 5 are also stripped (STRIP2);
STRIP1 and STRIP2 are mirrored;
bay 3 is the TimeMachine backup drive;
All disc mirroring, contenation and stripping were done using DiskUtility.
[edit]: I've forgot, I also have a 300 GB Maxtor OneTouch drive connected through FireWire...
The MacPro has 8GB of RAM.
On the server config side, I have:
- Fixed IP address;
- working DNS setup with a custom-made top-level zone for the LAN;
- freshly started OpenDirectory service;
- AFP service running (automatic configuration, I've touched nothing);
- no other service running for now;
- hostname returned by command "hostname" in Terminal is not <nameOfComputer>.local. It's a fully qualified name like server.gti.lan.
Note that, on my side, although the interface is very slow, I can get TimeMachine to work. So I suspect there are two problems in your case: slow GUI response time, and then drive-related issue.
Let me know what you can find. I've seen very few posts regarding that problem, and found none answered so far...
Message was edited by: Frederic Denis -
Hi everyone,
just started fooling around with the garage band and decided to buy USB interface. I only record music myself. I play Acoustic/Electric guitar.
I found these three following products:
1) Line 6 Pod Studio GX
2) M-Audio Fast Track
3) Apogee One
Would you advise me which one I should buy and why.
I know this may be silly question, but I need your suggestion.
Thanks!The One is ok...don't like the I/O limitations...onboard mic is decent for what it is. But for the same price I would consider looking at Motu's Microbook.
Two channels not one, better I/O, on board EQ and Compression plugs, balanced outputs, etc.
http://www.motu.com/products/motuaudio/microbook -
Hello,
I would like to know if AIM-VPN/EPII-PLUS (at the moment installed in 2821 ISR) is compatible with 1841 modular router?
Thanks.From this article:
http://www.cisco.com/en/US/partner/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016a59b.html
AIM-Based VPN Acceleration
• Support for an optional dedicated VPN AIM can deliver two to three times the performance of embedded encryption capabilities.
AIM supports 2 or 3 times without the card, so I assume if AIM can support 800 tunnels, without AIM will probably support around 250-300 tunnels. -
I have had no problems setting up other features of the wrvs4400n, even though it does dumb things like display the actual passwords for VPN Client Accounts in clear text, but when trying to configure the IPsec VPN portion of the wrvs4400n I keep getting strange -if not buggy- behavior as I try to adjust the settings.
Has anyone else run across any of these??
1) On the main IPsec VPN screen under "Key Management", I set PFS to "Enable", but PFS keeps setting itself back to "Disable" whenever I save settings.
2) Likewise the "Pre-Shared key" and "Key Life Time" keep reseting to blank and 0 respectively after saving settings. I get a warning that they are not set unless I reenter them so they are not being set and not displayed.
3) The "Advanced VPN Tunnel Setup" window which one must go to if one sets the "Remote Security Gateway Type" to "Any" in order to change "Local Identity" to "Name" (as instructed by another warning) does not seem to want to save ANY configuration information. So one can not change "Local Identity" to "Name", nor "Authentication", "Group" etc. and have them set when it opens again.
I notice that "PFS" is Always set to "Disable" in the "Advanced VPN Tunnel Setup" window, and I guess this is because it is not getting set in the main "IPsec VPN" window.
I notice also that I have to enable pop-ups in my browser for the "Advanced VPN Tunnel Setup" window to appear, even though this is not necessary for other windows like the logs, or help.
I'm using the latest firmware v1.00.13 and have tried setting IPsec up using Firefox and Safari, on windows, and Mac with the same result. Any ideas??
thanks!It could have either been a problem flashing the firmware the first time or some bad behavior because of the pop-up window getting blocked and somehow messing with the internal config, but after I re-flashed and reset the router to defaults I've had no problems... Thanks!!
-
Force Application to choose network interface
Hi Everyone,
My target computer as two NIC,
Eth1:
IP: 192.168.0.14
Mask: 255.255.255.0
GateWay: 192.168.0.254
Eth2:
IP: 10.2.5.168
Mask: 255.255.0.0
Gateway: Blank
Eth1 is supposed to be connected to the network, Eth2 is only connected to a camera.
I use a Blank String Control connected to the string to IP VI as in the attached pic to retrieve the computer IP address and use it to find the presence of another equipement on Eth1 subnet,
Unfortunatly when the Eth2 cam is connected and configured the blank string control gives back the IP of the Eth2.
According to this page http://www.ni.com/white-paper/12558/en I have set the right configuration, but I still have this problem.
How can I force the soft to use the right NIC
I have also read this topic: http://forums.ni.com/t5/LabVIEW-Idea-Exchange/Allow-user-to-select-the-which-NIC-to-use-for-network/... and I don't understand why it has been rejected
Thanks a lot,
Solved!
Go to Solution.
Attachments:
BlankIP.JPG 11 KBRight click on string-ip and select multiple output. You should then be able to perform a check on the array to pull out the relevant IP address.
edit: Here's a way to show all the IPs as an array of strings. Probably not the most elegant or efficient way to do it though -
Need Cisco VPNClient for 10.8. Available? Will OS VPN work with Cisco?
Need to connect to VPN serve using Cisco VPNClient but cannot find client for OS 10.8. Last VPN Client I have only works in 32 bit mode. Anyway to use OS VPN?
Have you tried setting up a Cisco connection through the VPN network preference panel? You need an account credentials (name and password) as well as either a certiicate or a general password.
System Preferences - Network - add network port - choose VPN interface - choose Cisco IPSec type, then configure it as needed.
Matt -
Hii frnds,
here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
Below is the out put from the router
r1#sh run
Building configuration...
Current configuration : 3488 bytes
! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname r1
boot-start-marker
boot-end-marker
enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
aaa new-model
aaa authentication login local-console local
aaa authentication login userauth local
aaa authorization network groupauth local
aaa session-id common
dot11 syslog
ip source-route
ip cef
ip domain name r1.com
multilink bundle-name authenticated
license udi pid CISCO1841 sn FHK145171DM
username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group ra-vpn
key xxxxxx
domain r1.com
pool vpn-pool
acl 150
save-password
include-local-lan
max-users 10
crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
crypto dynamic-map RA 1
set transform-set my-vpn
reverse-route
crypto map ra-vpn client authentication list userauth
crypto map ra-vpn isakmp authorization list groupauth
crypto map ra-vpn client configuration address respond
crypto map ra-vpn 1 ipsec-isakmp dynamic RA
interface Loopback0
ip address 10.2.2.2 255.255.255.255
interface FastEthernet0/0
bandwidth 8000000
ip address 117.239.xx.xx 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map ra-vpn
interface FastEthernet0/1
description $ES_LAN$
ip address 192.168.10.252 255.255.255.0 secondary
ip address 10.10.10.1 255.255.252.0 secondary
ip address 172.16.0.1 255.255.252.0 secondary
ip address 10.10.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpn-pool 172.18.1.1 172.18.1.100
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
ip nat inside source list 100 pool INTERNETPOOL overload
ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
access-list 100 permit ip 10.10.7.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.1.255 any
access-list 100 permit ip 172.16.0.0 0.0.3.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
control-plane
line con 0
login authentication local-console
line aux 0
line vty 0 4
login authentication local-console
transport input telnet ssh
scheduler allocate 20000 1000
end
r1>sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 117.239.xx.xx
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.2.2.2/32 is directly connected, Loopback0
C 10.10.7.0/24 is directly connected, FastEthernet0/1
L 10.10.7.1/32 is directly connected, FastEthernet0/1
C 10.10.8.0/22 is directly connected, FastEthernet0/1
L 10.10.10.1/32 is directly connected, FastEthernet0/1
117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 117.239.xx.xx/28 is directly connected, FastEthernet0/0
L 117.239.xx.xx/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/22 is directly connected, FastEthernet0/1
L 172.16.0.1/32 is directly connected, FastEthernet0/1
172.18.0.0/32 is subnetted, 1 subnets
S 172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.252/32 is directly connected, FastEthernet0/1
r1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
117.239.xx.xx 49.206.59.86 QM_IDLE 1043 ACTIVE
IPv6 Crypto ISAKMP SA
r1 #sh crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: giet-vpn, local addr 117.239.xx.xx
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
current_peer 49.206.59.86 port 50083
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x550E70F9(1427009785)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5668C75(90606709)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550169/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x550E70F9(1427009785)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550170/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:hi Maximilian Schojohann..
First i would like to Thank you for showing interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF " Router cpu processer goes to 99% and hangs...
In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
so plz give me an alternate solution ....thanks in advance.... -
Help with Remote access VPN on Cisco router 3925 via Dialer Interface
Hi Everybody,
I need help for my work now, I appreciate if someone can fix my problem.I have a Cisco router 3925 and access Internet via PPPoE link. I want config VPN Remote Access and using software Cisco VPN client. But it doesn't work.. Here my config router :
HUNRE#show running-config
Building configuration...
Current configuration : 5515 bytes
! No configuration change since last restart
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HUNRE
boot-start-marker
boot-end-marker
enable secret 5 $1$vEFw$rLfvLglzUgddCVwXDx03K.
enable password cisco
aaa new-model
aaa session-id common
crypto pki trustpoint TP-self-signed-1050416327
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1050416327
revocation-check none
rsakeypair TP-self-signed-1050416327
crypto pki certificate chain TP-self-signed-1050416327
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303530 34313633 3237301E 170D3134 30393235 31313534
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30353034
31363332 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CC79 74FCFABE 81183B70 5A9F4A53 EB609754 7D5F8587 9150B76E 3207A86E
5B65F9E9 6CDAC21A 6D69221D 1FF61632 14763308 43B2A1CC 8EE5ABAC EF07530E
3F0D35FE F08C955B 60B52B92 F8F54D53 DD6DD623 01F83493 02F9C49A F0C3483D
3B48A008 8D96700E 88924BFE DE00201B DE5965DE 32898CAD 9012AB55 76B6F39B
2D470203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14C3418C BC35F3D9 B26B2475 2BB5F826 060525AB B3301D06
03551D0E 04160414 C3418CBC 35F3D9B2 6B24752B B5F82606 0525ABB3 300D0609
2A864886 F70D0101 05050003 81810070 AC7C26C6 4606A551 1A3FD6C5 2A5AEAE8
35DAC86E F8885E26 51F6EEAE 7565D3AA D532C8F3 55F6656F D103F38C 8FBDE7F1
83E77143 76469040 7FEA41E8 14963DB3 F7F28EA0 C5F2F42C B186B75C AAB04900
15F9CB38 A16964F5 4E7B4378 35041AA8 AE8EC181 D58D6A62 676E286A 7B9D80E6
35A0B9FB FB76E976 3D2A19D7 006078
quit
ip name-server 210.245.1.253
ip name-server 210.245.1.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
vpdn-group 2
license udi pid C3900-SPE100/K9 sn FOC1823839B
license boot module c3900 technology-package securityk9
username cisco privilege 15 secret 5 $1$aAjB$D3iLyPFTE7O1bHPnKSJcH0
username kdhong privilege 15 secret 5 $1$nfyX$FO1BPTabCUaE6uKQwpLT.1
redundancy
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group VPN-HUNRE
key hunre
dns 8.8.8.8
domain hunre
pool IP-VPN
acl 199
max-users 100
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
mode tunnel
crypto dynamic-map DYNMAP 1
set transform-set encrypt-method-1
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic DYNMAP
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip mtu 1492
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
interface GigabitEthernet0/1
description FPT
no ip address
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface GigabitEthernet0/2
description Connect to CMC
no ip address
ip mtu 1442
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
no cdp enable
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp dns request
crypto map VPN
interface Dialer2
description Logical ADSL Interface 2
ip address negotiated
ip mtu 1442
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1344
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp pap sent-username [USERNAME] password 0 [PASSWORD]
ppp ipcp address accept
no cdp enable
ip local pool IP-VPN 10.252.252.2 10.252.252.245
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source list 11 interface Dialer2 overload
ip nat inside source static 10.159.217.10 interface Dialer1
ip nat inside source list 199 interface Dialer1 overload
ip nat inside source static tcp 10.159.217.10 80 210.245.54.49 80 extendable
ip nat inside source static tcp 10.159.217.10 3389 210.245.54.49 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.159.217.0 255.255.255.0 192.168.1.8
ip sla auto discovery
ip sla responder
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
access-list 10 permit any
access-list 11 permit any
access-list 101 permit icmp any any
access-list 199 permit ip any any
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
transport input all
line vty 5 15
password cisco
transport input all
scheduler allocate 20000 1000
ntp master
end
However, I cannot ping interfac Dialer 1. I using Cisco vpn client software ver 5.0.07.0290.
Hopeful for your answers !
ThanksHi David Castro,
Thanks for your answer,
I configed following your guide, but it have not worked yet. I saw that I cannot ping IP gateway Internet . I using ADSL Internet and config PPPoE and my router receive IP from ISP. Here show ip int brief :
GigabitEthernet0/0 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM up up
Dialer1 210.245.54.49 YES IPCP up up
Dialer2 101.99.7.73 YES IPCP up up
NVI0 192.168.1.1 YES unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Virtual-Access3 unassigned YES unset up up
But I cannot ping Interface Dialer 1, so may be VPN is does not worked. Do you have some ideal ?
Thanks very much !
Maybe you are looking for
-
Setup my brand new iMac 21.5" with Mountain Lion (10.8.4) today and migrated from old iMac (10.6.8) Time Machine backup. The backup was made today just before the new startup so is absolutely current. Searched here and found many entries but they are
-
Can I generate backdated FF logs?
Hi Experts, We have issue, because of system maintenance hourly run /VIRSA/ZVFATBAK job didn't run on perticular date and time. Now when we pulling FF log it gives message "Background Job was not scheduled/log & file not yet generated" is there in an
-
Question to load the entire database into memory.
I am planing to load the whole database into memory. Suppose mydb is 10G. Then I plan Max Memory for 10G. Then I can create a named cache with 10G and bind the mydb to this cache. Is this the best way to load entire db into memory? If the whole db ca
-
Hello experts, I would like to know why the VAT number in self billing invoice is different to the VAT number in customer masterdata? Thanks, Ferdaws
-
I have a form that I desperately want to delete some text in in order to replace it with a list box. The text consists of the following; (a)(p)M. I have used the pencil tool and I guess essentially whited out the text and successfully placed a list