Re: ADSL / VPN - Advice / Config(s) Required

john.pepper · ‎06-22-2004

I have been asked to implement an IPSec VPN between 4 sites connected by ADSL (UK) using the following equipment:

Central Site:

-------------

1 * 2621 (ADSL WIC) - (2 * Static IP's from ISP)

1 * PIX 515-R-DMZ Bun

Remote sites (* 3)

------------------

1 * 1721 ADSL / VPN Bun - (1 * Static IP from ISP)

The remote sites will terminate their VPN's on the PIX at the Central site, plus RAS users will use the remote vpn client. These remote sites will also directly access the Internet via their ADSL conneciton so will need some form of 'no nat' statement - e.g ACL / route map.

I have done some IPSec configs but have not had any exposure to configuring ADSL / Dialer interfaces.

Would anyone have some similar configs I could look at to get me started..?

Much appreciated in adevance...

Cheers.....JP

didyap · ‎06-28-2004

Have you seen this document ?

http://cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e52.shtml

tevens · ‎06-28-2004

John,

First; you need to find out how the DSL is provisioned. Are they providing you PPPoE, bridged PVC or routed PVC. In the US, ADSL usually will be bridged in a multi host environment and PPPoE in a single host environment. You'll need to use IRB for bridged PVC's. Below is an example.

bridge irb

bridge 2 protocol ieee

bridge 2 route ip

interface ATM0/0

no ip address

no atm ilmi-keepalive

pvc 0/35

encapsulation aal5snap

!

dsl operating-mode auto

bridge-group 2

interface BVI2

ip address

ip access-group Internet-in in

crypto map VPN

crypto ipsec df-bit clear

Second; The configs completely depend on your design. Cisco does document that very well, so check out their configuration under ISAKMP/IPSEC. There are also many documents on how to configure IPSec between IOS and PIX. Search on the CCO using keywords IPSEC IOS and PIX.