Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
1
Replies

Could they access each other with ipsec? (Post edited by ciscomoderator)

guoliang.wu
Level 1
Level 1

‎06-04-2002 08:23 PM - edited ‎02-21-2020 11:46 AM

--Begin moderator note--

Note: The following post was edited by ciscomoderator to remove confidential information. Since this was posted on a public forum, it is recommended all passwords be changed including encrypted passwords. Please use Cisco's TAC for support involving confidential information to reduce security risks to your network(s).

--End moderator note--

I built a VPN between two points. One point uses ADSL (with CISCO 1720 plus wic-1enet, without fixed IP adress), the other point uses DDN line (with CISCO 2611, with fixed IP adress). The VPN only use ipsec encryption without building tunnel.With transporting in vpn,the two points' computer can ping each other, but they can't find out eachother in 'MS windows network neighbor'.

I want to know how can i make tow points find out eachother?

Router#sh run

Building configuration...

Current configuration : 1695 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

no logging buffered

no logging buffered

logging rate-limit console 10 except errors

enable secret 5 --moderator edit--

!

memory-size iomem 25

ip subnet-zero

no ip finger

!

vpdn enable

no vpdn logging

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key --moderator edit-- address --moderator edit--

!

!

crypto ipsec transform-set rtpset esp-des esp-md5-hmac

!

crypto map rtp 1 ipsec-isakmp

set peer --moderator edit--

set transform-set rtpset

match address 115

!

!

!

!

interface Ethernet0

no ip address

half-duplex

pppoe enable

pppoe-client dial-pool-number 1

!

interface FastEthernet0

ip address 10.0.0.1 255.255.255.0

ip nat inside

speed auto

!

interface Dialer1

ip address negotiated

ip mtu 1410

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username --moderator edit-- password 7 --moderator edit--

crypto map rtp

!

ip nat inside source route-map nonat interface Dialer1 overload

ip kerberos source-interface any

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

access-list 115 permit ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255

access-list 115 deny ip 10.0.0.0 0.0.0.255 any

access-list 120 deny ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255

access-list 120 permit ip 10.0.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

route-map nonat permit 10

match ip address 120

!

!

line con 0

transport input none

line aux 0

line vty 0 4

password --moderator edit--

login

!

end

Router#

Router#sh run

Building configuration...

Current configuration : 1348 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

enable secret 5 --moderator edit--

enable password --moderator edit--

!

!

!

!

!

ip subnet-zero

!

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key --moderator edit-- address 0.0.0.0

!

!

crypto ipsec transform-set rtpset esp-des esp-md5-hmac

!

crypto dynamic-map rtpmap 10

set transform-set rtpset

match address 115

!

!

crypto map rtptrans 10 ipsec-isakmp dynamic rtpmap

!

!

!

!

!

!

interface Ethernet0/0

ip address --moderator edit-- 255.255.255.252

ip nat outside

crypto map rtptrans

!

interface Ethernet0/1

ip address --moderator edit-- 255.255.255.248 secondary

ip address --moderator edit-- 255.255.255.252 secondary

ip address 10.0.1.254 255.255.255.0

ip nat inside

!

ip nat inside source route-map nonat interface Ethernet0/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 --moderator edit--

no ip http server

!

access-list 115 permit ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255

access-list 115 deny ip 10.0.1.0 0.0.0.255 any

access-list 120 deny ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255

access-list 120 permit ip 10.0.1.0 0.0.0.255 any

route-map nonat permit 10

match ip address 120

!

!

!

!

line con 0

line aux 0

line vty 0 4

password --moderator edit--

login

!

end

Labels:
0 Helpful
1 Reply 1

ciscomoderator
Community Manager
Community Manager

‎06-10-2002 10:40 AM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful
Customers Also Viewed These Support Documents