i currently have a 871 router, i use it to connect our remote offices to our main office via t1's, dsl, etc. Due to outages at various phone comanies i have been tasked with the job of coming up with a dial backup solution on these routers. What i am looking at doing is upon failure of the main link i would like a async modem attached to the aux port to dial an ISP and once connected, connect a backup vpn. i was wondering if it is possible to run encryption over the aux port and also how to do it. thanks
below is my config i have so far
hostname center_0049
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable password xxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.49.1
ip dhcp excluded-address 192.168.49.2 192.168.49.99
ip dhcp excluded-address 192.168.49.150 192.168.49.254
!
ip dhcp pool dcp
network 192.168.49.0 255.255.255.0
domain-name xxxxxxxxxxx
dns-server 192.168.1.8 192.168.2.8
default-router 192.168.49.1
!
ip dhcp pool remote_site_userp-md5-hmac
!
!
ip name-server 192.168.1.8
ip name-server 192.168.2.8
!
modemcap entry usr:MSC=& FS0=1 & C1&D2;&H1;&R2;&B1;&W;
!
!
username admin password 0 xxxxxxxxxxx
username center0001 password 0 xxxxxxxxxxx
!
!
!
!
!
!
!
crypto ipsec client ezvpn center_0049
connect auto
group remote_sites key xxxxxxxxxxx
mode network-extension
peer xxxxxxxxxxx
username remote password xxxxxxxxxxx
xauth userid mode local
!
!
bridge irb
!
!
interface Tunnel1
no ip address
tunnel source BVI1
tunnel destination xxxxxxxxxxx
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 192.168.1.63 255.255.255.0
duplex auto
speed auto
crypto ipsec client ezvpn center_0049
!
interface Dot11Radio0
no ip address
shutdown
!
encryption vlan 1 mode ciphers tkip
!
ssid dcpstatic
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 v
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Async1
no ip address
encapsulation ppp
dialer in-band
dialer pool-member 1
async mode dedicated
ppp authentication chap
routing dynamic
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
dialer remote-name backup_link
dialer idle-timeout 1800
dialer string 14405404040
ppp authentication chap
!
interface BVI1
ip address 192.168.49.1 255.255.255.0
crypto ipsec client ezvpn center_0049 inside
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 0.0.0.0 0.0.0.0 Dialer1 2
!
no ip http server
no ip http secure-server
ip nat pool dcp 69.219.11.226 69.219.11.226 netmask 255.255.255.248
!
logging source-interface Async1
logging 192.168.49.100
access-list 15 permit 192.168.1.0 0.0.0.255
access-list 15 permit 0.0.0.0 255.255.255.0
access-list 100 permit ip host 67.100.6.34 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.49.0 0.0.0.255 192.168.1.0 0.0.0.255
!
control-plane
!
bridge 1 route ip
!
line con 0
no modem enable
transport output all
speed 2400
line aux 0
password xxxxxxxxxxx
login
modem InOut
modem autoconfigure type usr
transport input all
transport output all
line vty 0 4
session-timeout 60
login local
transport input all
transport output all
!
scheduler max-task-time 5000
end
