06-22-2004 08:31 AM - edited 02-21-2020 01:12 PM
I have been asked to implement an IPSec VPN between 4 sites connected by ADSL (UK) using the following equipment:
Central Site:
-------------
1 * 2621 (ADSL WIC) - (2 * Static IP's from ISP)
1 * PIX 515-R-DMZ Bun
Remote sites (* 3)
------------------
1 * 1721 ADSL / VPN Bun - (1 * Static IP from ISP)
The remote sites will terminate their VPN's on the PIX at the Central site, plus RAS users will use the remote vpn client. These remote sites will also directly access the Internet via their ADSL conneciton so will need some form of 'no nat' statement - e.g ACL / route map.
I have done some IPSec configs but have not had any exposure to configuring ADSL / Dialer interfaces.
Would anyone have some similar configs I could look at to get me started..?
Much appreciated in adevance...
Cheers.....JP
06-28-2004 11:21 AM
Have you seen this document ?
http://cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e52.shtml
06-28-2004 03:50 PM
John,
First; you need to find out how the DSL is provisioned. Are they providing you PPPoE, bridged PVC or routed PVC. In the US, ADSL usually will be bridged in a multi host environment and PPPoE in a single host environment. You'll need to use IRB for bridged PVC's. Below is an example.
bridge irb
bridge 2 protocol ieee
bridge 2 route ip
interface ATM0/0
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 2
interface BVI2
ip address
ip access-group Internet-in in
crypto map VPN
crypto ipsec df-bit clear
Second; The configs completely depend on your design. Cisco does document that very well, so check out their configuration under ISAKMP/IPSEC. There are also many documents on how to configure IPSec between IOS and PIX. Search on the CCO using keywords IPSEC IOS and PIX.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide