Announcement

Collapse
No announcement yet.

Bellsouth DSL PPPoe VPN issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bellsouth DSL PPPoe VPN issues

    I Figured this out..thanks

    Hey guys/gals....I am no router configuring guru, but I have had some experience with simple configs. However, I am completely lost with this issue and ANY help would be greatly appreciated.

    I have a Bellsouth DSL PPPoe connection using a Netopia 2241n bridged to a Cisco 851w. The internet works and I can also ssh into it from the outside, however some sites do not load completely like cancer.org and I can't get my "EASYVPN"
    to work. I have always had trouble in the past with DSL configs...any ideas?
    Thanks again!

    Here is my config:


    !This is the running config of the router: xxx.xxx.xxx.xxx
    !----------------------------------------------------------------------------
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname CS851w
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$SSi1$Z4YoW78K24ueywF87DvQd.
    enable password 7 151118480127282B
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login CSREMOTES local
    aaa authorization exec default local
    aaa authorization network CSREMOTES local
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone PCTime -6
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    ip subnet-zero
    !
    !
    ip cef
    ip inspect name MYFW tcp
    ip inspect name MYFW udp
    ip domain name CS.com
    vpdn enable
    !
    !
    !
    crypto pki trustpoint TP-self-signed-4233279387
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-4233279387
    revocation-check none
    rsakeypair TP-self-signed-4233279387
    !
    !
    crypto pki certificate chain TP-self-signed-4233279387
    certificate self-signed 01
    30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 34323333 32373933 3837301E 170D3038 30353032 30323335
    34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32333332
    37393338 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100D933 2D1BAA3B 7B11A825 ED63FA76 150F0A6F 967566A6 7070EFA0 A33E54D2
    023A5494 C68AA85B 187A7C58 8EC8DC39 79AEAF2E C7A11EE7 360CB979 5E76878E
    E8743CB5 4679BE5C CE6D0BCB BF9758C7 EDC93A80 67220800 1BA642D3 5AD1C98D
    9EB3F5F1 C48AED23 CA8764FB ABF2320F 180D58D2 5B410622 1E697B0B B566BA8D
    862B0203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603
    551D1104 11300F82 0D435338 3531772E 43532E63 6F6D301F 0603551D 23041830
    168014A6 287EA022 347C4872 7221D126 1DB02286 903B0230 1D060355 1D0E0416
    0414A628 7EA02234 7C487272 21D1261D B0228690 3B02300D 06092A86 4886F70D
    01010405 00038181 00C375BC D45889E7 F56FC4AF 5D79BB0C C3384D07 E7ABD567
    D2C8D0A1 5907E6A7 8D90FEF2 249851DD 26D5AFF2 42B8573B 7F830E5F F21CA6C1
    340E8776 CD3070A7 609B5C4E 5D8C8621 8DFA8549 F8831BE4 EBFBC6CE 3C3C4971
    6FFA9A08 FD239C0B 34B3CFFC 4A9D662C 9C883F29 301ED491 F7C6A661 D5ED4075
    F2BD7788 A1B4FC9F 00
    quit
    username admin privilege 15 password 7 passwordgoeshere
    username csremote1 password 7 passwordgoeshere
    !
    !
    !
    crypto isakmp policy 1
    encr 3des
    hash md5
    authentication pre-share
    group 2
    lifetime 36000
    !
    crypto isakmp client configuration group CSREMOTES
    key 550Lobdell
    dns 192.168.50.3
    domain namegoeshere
    !
    crypto ipsec security-association lifetime seconds 86400
    !
    crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
    !
    crypto dynamic-map remotemap 1
    set transform-set vpn1
    reverse-route
    !
    !
    crypto map remotemap isakmp authorization list CSREMOTES
    crypto map remotemap client configuration address respond
    !
    crypto map static-map 1 ipsec-isakmp dynamic remotemap
    !
    bridge irb
    !
    !
    interface FastEthernet0
    spanning-tree portfast
    !
    interface FastEthernet1
    spanning-tree portfast
    !
    interface FastEthernet2
    spanning-tree portfast
    !
    interface FastEthernet3
    spanning-tree portfast
    !
    interface FastEthernet4
    no ip address
    duplex auto
    speed auto
    pppoe enable group global
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Dot11Radio0
    no ip address
    !
    encryption vlan 1 mode ciphers tkip
    !
    encryption vlan 20 mode ciphers tkip
    !
    ssid CS-WiFi
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 014653547704040B244042
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    channel 2462
    station-role root
    no cdp enable
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no snmp trap link-status
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    description Internal Network
    no ip address
    ip nat inside
    ip virtual-reassembly
    bridge-group 1
    bridge-group 1 spanning-disabled
    !
    interface Dialer1
    mtu 1492
    ip address negotiated
    ip access-group Internet-inbound-ACL in
    ip inspect MYFW out
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname [email protected]
    ppp chap password mypassword
    ppp pap sent-username [email protected] password mypassword
    ppp ipcp dns request
    ppp ipcp address accept
    crypto map static-map
    !
    interface BVI1
    description Bridge to Internal Network
    ip address 192.168.50.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    ip local pool remote_pool 192.168.50.200 192.168.50.210
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    !
    no ip http server
    ip http secure-server
    ip nat inside source list 1 interface Dialer1 overload
    ip nat inside source static tcp 192.168.50.2 25 interface Dialer1 25
    ip nat inside source static tcp 192.168.50.2 135 interface Dialer1 135
    ip nat inside source static tcp 192.168.50.2 143 interface Dialer1 143
    ip nat inside source static tcp 192.168.50.3 3389 interface Dialer1 3389
    ip nat inside source static tcp 192.168.50.2 443 interface Dialer1 443
    !
    ip access-list extended Internet-inbound-ACL
    remark SDM_ACL Category=17
    permit tcp any any eq 3389
    permit udp any eq bootps any eq bootpc
    permit gre any any
    permit esp any any
    permit tcp any any eq 443
    permit tcp any any eq 22
    permit icmp any any
    permit tcp any any eq smtp
    permit tcp any any eq ftp
    permit tcp any any eq ftp-data
    permit tcp any any eq 1023
    !
    access-list 1 permit 192.168.50.0 0.0.0.255
    dialer-list 1 protocol ip list 1
    !
    control-plane
    !
    bridge 1 route ip
    banner login ^CYou have reached a secure area! Unauthorized access is strictly prohibited!^C
    banner motd ^C
    You have reached a secure area! Unauthorized access / usage is strictly prohibited!^C
    !
    line con 0
    exec-timeout 35791 0
    password 7 011015405E060500
    logging synchronous
    no modem enable
    line aux 0
    exec-timeout 35791 0
    line vty 0 4
    exec-timeout 35791 0
    password 7 06051C6549430A16
    logging synchronous
    transport input ssh
    !
    scheduler max-task-time 5000
    end

    I Figured this out..thanks
    Last edited by jerrydurden; 11th May 2008, 04:14. Reason: I Figured this out..thanks
Working...
X