06-04-2002 08:23 PM - edited 02-21-2020 11:46 AM
--Begin moderator note--
Note: The following post was edited by ciscomoderator to remove confidential information. Since this was posted on a public forum, it is recommended all passwords be changed including encrypted passwords. Please use Cisco's TAC for support involving confidential information to reduce security risks to your network(s).
--End moderator note--
I built a VPN between two points. One point uses ADSL (with CISCO 1720 plus wic-1enet, without fixed IP adress), the other point uses DDN line (with CISCO 2611, with fixed IP adress). The VPN only use ipsec encryption without building tunnel.With transporting in vpn,the two points' computer can ping each other, but they can't find out eachother in 'MS windows network neighbor'.
I want to know how can i make tow points find out eachother?
Router#sh run
Building configuration...
Current configuration : 1695 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
no logging buffered
no logging buffered
logging rate-limit console 10 except errors
enable secret 5 --moderator edit--
!
memory-size iomem 25
ip subnet-zero
no ip finger
!
vpdn enable
no vpdn logging
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key --moderator edit-- address --moderator edit--
!
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
!
crypto map rtp 1 ipsec-isakmp
set peer --moderator edit--
set transform-set rtpset
match address 115
!
!
!
!
interface Ethernet0
no ip address
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0
ip address 10.0.0.1 255.255.255.0
ip nat inside
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1410
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username --moderator edit-- password 7 --moderator edit--
crypto map rtp
!
ip nat inside source route-map nonat interface Dialer1 overload
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
access-list 115 permit ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 115 deny ip 10.0.0.0 0.0.0.255 any
access-list 120 deny ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 120 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
route-map nonat permit 10
match ip address 120
!
!
line con 0
transport input none
line aux 0
line vty 0 4
password --moderator edit--
login
!
end
Router#
Router#sh run
Building configuration...
Current configuration : 1348 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 --moderator edit--
enable password --moderator edit--
!
!
!
!
!
ip subnet-zero
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key --moderator edit-- address 0.0.0.0
!
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
!
crypto dynamic-map rtpmap 10
set transform-set rtpset
match address 115
!
!
crypto map rtptrans 10 ipsec-isakmp dynamic rtpmap
!
!
!
!
!
!
interface Ethernet0/0
ip address --moderator edit-- 255.255.255.252
ip nat outside
crypto map rtptrans
!
interface Ethernet0/1
ip address --moderator edit-- 255.255.255.248 secondary
ip address --moderator edit-- 255.255.255.252 secondary
ip address 10.0.1.254 255.255.255.0
ip nat inside
!
ip nat inside source route-map nonat interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 --moderator edit--
no ip http server
!
access-list 115 permit ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 115 deny ip 10.0.1.0 0.0.0.255 any
access-list 120 deny ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 120 permit ip 10.0.1.0 0.0.0.255 any
route-map nonat permit 10
match ip address 120
!
!
!
!
line con 0
line aux 0
line vty 0 4
password --moderator edit--
login
!
end
06-10-2002 10:40 AM
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Thank you for posting.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide