Re: Need advice on 1710 callback...

jesal · ‎04-14-2003

I'm using multiple 1710's in my network. Remote sites use the AUX port to call back Head office 1710 modem if their connection goes down. The problem with this is only one connection is allowed. The rest of the remote sites will get a busy signal.

I would like to have some redundany for the remote sites, without spending money on more hardware. I have a fiber connection to Head Office, it's very stable and I'm not worried about redundancy here. Is it possible to use an Internet dialup account and establish a vpn connection to Head Office? Can I still use a GRE Tunnel? I guess you can't use an IP since it is not known, is it possible to use a MAC address instead? How do I go about getting this setup?

Somebody please help!!

Thanks,

Jesal

Below is my HEADOFFICE and one of REMOTE configs.

--------------------------------------------------------

"HEADOFFICE CONFIG"

version 12.2

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname HEADOFFICE

!

logging buffered 20000 debugging

logging console notifications

aaa new-model

!

aaa authentication login default local

aaa authentication login NO_AUTH none

aaa authentication ppp default local

aaa authorization network grouplist local

aaa session-id common

enable secret 5 ******

!

username REMOTE1 password 7 ******

!

memory-size iomem 25

ip subnet-zero

no ip source-route

!

no ip domain lookup

ip host loop 2005 192.168.50.1

!

ip inspect name fw1 tcp

ip inspect name fw1 udp

ip inspect name fw1 ftp

ip audit notify log

ip audit po max-events 100

!

modemcap entry MYMODEM:MSC=&F1S0=1

!

crypto isakmp policy 1

authentication pre-share

!

crypto isakmp policy 2

hash md5

authentication pre-share

crypto isakmp key ****** address 209.115.*.*

!

crypto ipsec transform-set ts1 esp-des esp-md5-hmac

!

crypto map cfmap local-address Ethernet0

crypto map cfmap 40 ipsec-isakmp

set peer 209.115.*.*

set transform-set ts1

match address 104

!

interface Loopback0

ip address 192.168.50.1 255.255.255.0

!

interface Tunnel4

description GRE tunnel to REMOTE1

bandwidth 1000

ip address 192.168.104.1 255.255.255.0

ip mtu 1420

no ip route-cache

no ip mroute-cache

tunnel source Ethernet0

tunnel destination 209.115.251.253

crypto map cfmap

!

interface Ethernet0

description Telus fibre to Internet

ip address 216.123.*.* 255.255.255.248

ip access-group 120 in

ip nat outside

no ip route-cache

no ip mroute-cache

half-duplex

no cdp enable

crypto map cfmap

!

interface FastEthernet0

ip address 192.168.0.201 255.255.255.0

ip nat inside

ip inspect fw1 in

no ip route-cache

ip policy route-map nonat

no ip mroute-cache

speed auto

half-duplex

no cdp enable

!

interface Async5

ip unnumbered Loopback0

encapsulation ppp

load-interval 30

dialer in-band

dialer idle-timeout 900

dialer map ip 192.168.54.1 name REMOTE1 broadcast

dialer-group 1

async default routing

async mode interactive

no peer default ip address

ppp authentication chap

!

router ospf 5

log-adjacency-changes

network 192.168.104.0 0.0.0.255 area 0

!

access-list 104 remark Define crypto traffic on GRE tunnel to REMOTE1

access-list 104 permit gre host 216.123.*.* host 209.115.*.*

dialer-list 1 protocol ip permit

no cdp run

!

route-map nat1 permit 10

match ip address 151

!

route-map nonat permit 10

match ip address 150

set ip next-hop 192.168.50.2

!

snmp-server community public RW

snmp-server enable traps tty

!

line con 0

login authentication NO_AUTH

line aux 0

modem InOut

modem autoconfigure type MYMODEM

transport input all

autoselect ppp

stopbits 1

speed 115200

flowcontrol hardware

line vty 0 4

exec-timeout 30 0

password 7 *******

length 0

!

end

----------------------------------------------------------

"REMOTE1 CONFIG"

version 12.2

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname REMOTE1

!

logging buffered 20000 debugging

logging console notifications

aaa new-model

!

aaa authentication login default local

aaa authentication login NO_AUTH none

aaa authentication ppp default local

aaa authorization network grouplist local

aaa session-id common

enable secret 5 ******

!

username HEADOFFICE password 7 ******

memory-size iomem 25

ip subnet-zero

no ip source-route

!

no ip domain lookup

ip host loop 2005 192.168.54.1

ip dhcp excluded-address 192.168.4.1 192.168.4.19

ip dhcp excluded-address 192.168.4.100 192.168.4.254

!

ip dhcp pool LAN

network 192.168.4.0 255.255.255.0

default-router 192.168.4.200

dns-server 192.168.0.8

netbios-name-server 192.168.0.12

domain-name DOMAIN

!

ip inspect name fw1 tcp

ip inspect name fw1 udp

ip inspect name fw1 ftp

ip audit notify log

ip audit po max-events 100

!

chat-script Dialout ABORT ERROR ABORT BUSY "" "AT" OK "ATDT\T" TIMEOUT 45 CONNECT \c

modemcap entry MYMODEM:FD=&F1:AA=s0=1:MSC=&F1S0=1

!

crypto isakmp policy 1

authentication pre-share

!

crypto isakmp policy 2

hash md5

authentication pre-share

crypto isakmp key ten4bigfella address 216.123.*.*

!

crypto ipsec transform-set ts1 esp-des esp-md5-hmac

!

crypto map cfmap local-address Ethernet0

crypto map cfmap 10 ipsec-isakmp

set peer 216.123.*.*

set transform-set ts1

match address 100

!

interface Loopback0

ip address 192.168.54.1 255.255.255.0

!

interface Tunnel4

description GRE tunnel to HEADOFFICE

bandwidth 1000

ip address 192.168.104.2 255.255.255.0

ip mtu 1420

no ip route-cache

no ip mroute-cache

tunnel source Ethernet0

tunnel destination 216.123.*.*

crypto map cfmap

!

interface Ethernet0

description Internet connection

ip address 209.115.*.* 255.255.255.192

ip access-group 120 in

ip nat outside

no ip route-cache

no ip mroute-cache

half-duplex

no cdp enable

crypto map cfmap

!

interface FastEthernet0

ip address 192.168.4.200 255.255.255.0

ip nat inside

ip inspect fw1 in

no ip route-cache

ip policy route-map nonat

no ip mroute-cache

no keepalive

speed auto

half-duplex

no cdp enable

!

interface Async5

ip unnumbered Loopback0

encapsulation ppp

dialer in-band

dialer idle-timeout 300

dialer map ip 192.168.50.1 name HEADOFFICE broadcast 287****

dialer map ip 192.168.0.0 name HEADOFFICE broadcast 287****

dialer watch-group 8

dialer-group 1

async default routing

async mode interactive

no peer default ip address

ppp authentication chap

!

router ospf 5

log-adjacency-changes

network 192.168.4.0 0.0.0.255 area 0

network 192.168.54.0 0.0.0.255 area 0

network 192.168.104.0 0.0.0.255 area 0

!

ip nat inside source route-map nat1 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 209.115.*.*

no ip http server

ip pim bidir-enable

!

access-list 100 remark Define crypto GRE traffic to HEADOFFICE

access-list 100 permit gre host 209.115.*.* host 216.123.*.*

dialer watch-list 8 ip 192.168.0.0 255.255.255.0

dialer watch-list 8 delay disconnect 15

dialer-list 1 protocol ip list 130

no cdp run

!

route-map nat1 permit 10

match ip address 151

!

route-map nonat permit 10

match ip address 150

set ip next-hop 192.168.54.2

!

snmp-server community public RO

snmp-server enable traps tty

!

line con 0

login authentication NO_AUTH

line aux 0

script dialer Dialout

modem InOut

modem autoconfigure type MYMODEM

transport input all

autoselect ppp

stopbits 1

speed 115200

flowcontrol hardware

line vty 0 4

exec-timeout 30 0

password 7 ******

length 0

!

end

----------------------------------------------------------

kmarrero · ‎04-17-2003

You should be able to use a dial up account to connect to the Head office via VPN. This URL should assist you with the configuration. http://www.cisco.com/univercd/cc/td/doc/product/core/7100/swcg/6342ch4.htm#1035840

jesal · ‎04-21-2003

Thanks, this should give me a few ideas to get started.

Thank you.