DSL PPPOE IPSEC Example

From Internetworkpro

Jump to: navigation, search
Configuration.png This page or section provides device configuration instructions
Please note that the information on this page has not been checked for accuracy and is not intended as a replacement to documentation. Please ensure you understand your desired objectives before attempting to apply any examples listed.
See more examples at Category:Configuration
Blank.png This page or section has been marked as requiring improvement.
Please review this page or section and make any stylistic or grammar changes necessary to improve the article. For assistance, please check the Page Guidelines. To discuss improvement of the article, use the talk page.
Other articles in need of improvement can be found at Category:Needs Improvement

This page brought to you by: tabularasa on #cisco/Freenode 

! 
!
crypto isakmp policy 1
 encr aes 256
 authentication pre-share 
crypto isakmp key keyhere address x.x.x.x
!
!
crypto ipsec transform-set aesset esp-aes esp-sha-hmac 
!
crypto map aesmap 10 ipsec-isakmp 
 set peer x.x.x.x
 set transform-set aesset 
 match address 120
 
!
interface GigabitEthernet0/0
 description DSL interface
 no ip address
 duplex full
 speed 100
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 no ip address
 duplex full
 speed auto
!
interface GigabitEthernet0/1.10
 description VLAN 10
 encapsulation dot1Q 10
 ip tcp adjust-mss 1452
 ip address 172.20.20.254 255.255.255.0
 ip helper-address 172.20.60.20
 no snmp trap link-status
!         
interface GigabitEthernet0/1.20
 description VLAN 20
 encapsulation dot1Q 20
 ip tcp adjust-mss 1452
 ip address 172.20.21.254 255.255.255.0
 no snmp trap link-status
!
interface GigabitEthernet0/1.30
 description VLAN 30
 encapsulation dot1Q 30
 ip tcp adjust-mss 1452
 ip address 172.20.22.254 255.255.255.0
 ip helper-address 172.20.60.20
 no snmp trap link-status
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 ppp authentication pap chap callin
 ppp chap hostname hostnamehere
 ppp chap password 7 encryptedpasswordhere
 ppp pap sent-username usernamehere password 7 encryptedpasswordhere
 crypto map aesmap
 
!
ip route 0.0.0.0 0.0.0.0 Dialer1
 
ip nat inside source list 100 interface Dialer1 overload
 
!
access-list 100 deny   ip 172.20.20.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 100 deny   ip 172.20.21.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 100 deny   ip 172.20.22.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 100 permit ip any any
access-list 120 permit ip 172.20.20.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 120 permit ip 172.20.21.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 120 permit ip 172.20.22.0 0.0.0.255 172.20.60.0 0.0.0.255
Retrieved from "http://www.inetpro.org/wiki/DSL_PPPOE_IPSEC_Example"
Personal tools
Namespaces
Variants
Actions
Navigation
Categories
Toolbox