VPN site-to-site with pppoe ADSL connection

Dear

I would like to know - is it possible to connect two 5505 ASA in VPN site-to-site with 1 site using the pppoe ADSL connection?

A (static IP) site

Site B (ADSL pppoe, DHCP)

Site has < site="" to="" site="" vpn=""> > Site B

Best regards

Alan.

Configuration of site B should be the same as all the other side than peers with static end.

The different configuration would be on Site A as he will accept a VPN to a dynamic counterpart.

Unfortunately, I have no configuration example to show you on ASDM.

Tags: Cisco Security

Similar Questions

  • Authendication PPP with an ADSL connection

    Hi guys,.

    I am trying to establish ADSL connection for my home network using cisco 877w router. I tried various, setting and still, I can't able to succeed and get connectivity.

    Here is the debug ppp connect, please take a look and suggest me what is wrong. Also, I write my running configuration.

    The debug log output:

    * 07:56:26.263 May 26: Vi2 CHAP: I put the id challenge 179 len 33 'vwz9-Windsor. "
    * 07:56:26.263 May 26: Vi2 CHAP: using the hostname of interface CHAP
    * 07:56:26.263 May 26: Vi2 CHAP: using interface CHAP password
    * 07:56:26.263 May 26: Vi2 CHAP: O ANSWER id 179 len 42 of "[email protected] / * /"
    * 07:56:27.191 May 26: Vi2 PPP: permission NOT required
    * 07:56:27.191 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:56:27.503 May 26: Vi2 PPP: permission NOT required
    * 07:56:27.503 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:56:33.239 May 26: Vi2 CHAP: I put challenge id len 222 33 'vwz9-Windsor. "
    * 07:56:33.239 May 26: Vi2 CHAP: using the hostname of interface CHAP
    * 07:56:33.239 May 26: Vi2 CHAP: using interface CHAP password
    * 07:56:33.239 May 26: Vi2 CHAP: O ANSWER id 222 len 42 of "[email protected] / * /"
    * 07:56:33.855 May 26: Vi2 PPP: permission NOT required
    * 07:56:33.855 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:56:34.315 May 26: Vi2 PPP: permission NOT required
    * 07:56:34.315 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:56:41.907 May 26: Vi2 CHAP: I put the id challenge 198 len 33 'vwz9-Windsor. "
    * 07:56:41.911 May 26: Vi2 CHAP: using the hostname of interface CHAP
    * 07:56:41.911 May 26: Vi2 CHAP: using interface CHAP password
    * 07:56:41.911 May 26: Vi2 CHAP: O ANSWER id 198 42 len of "[email protected] / * /"
    * 07:56:42.335 May 26: Vi2 PPP: permission NOT required
    * 07:56:42.335 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:56:42.627 May 26: Vi2 PPP: permission NOT required
    * 07:56:42.627 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:56:54.863 May 26: Vi2 CHAP: I put the id challenge 240 len 33 'vwz9-Windsor. "
    * 07:56:54.863 May 26: Vi2 CHAP: using the hostname of interface CHAP
    * 07:56:54.863 May 26: Vi2 CHAP: using interface CHAP password
    * 07:56:54.863 May 26: Vi2 CHAP: O ANSWER id 240 len 42 of "[email protected] / * /"
    * 07:56:55.571 May 26: Vi2 PPP: permission NOT required
    * 07:56:55.571 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:56:56.039 May 26: Vi2 PPP: permission NOT required
    * 07:56:56.039 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:57:18.031 May 26: Vi2 PPP: permission NOT required
    * 07:57:18.031 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:57:18.099 May 26: Vi2 CHAP: I CHALLENGE id 0 len 33 'vwz9-Windsor. "
    * 07:57:18.099 May 26: Vi2 CHAP: using the hostname of interface CHAP
    * 07:57:18.099 May 26: Vi2 CHAP: using interface CHAP password
    * 07:57:18.099 May 26: Vi2 CHAP: O ANSWER id 0 len 42 of "[email protected] / * /"
    * 07:57:18.495 May 26: Vi2 PPP: permission NOT required
    * 07:57:18.495 May 26: Vi2 PPP: no authentication remotely for call out
    * 07:57:18.751 May 26: Vi2 PPP: permission NOT required
    * 07:57:18.755 May 26: Vi2 PPP: no authentication remotely for call out
    ________________________________________________________________
    * 08:13:23.139 may 26: % 6-DIALER-BIND: Vi2 Interface with the profile Di1
    * 08:13:23.143 May 26: Vi2 PPP: using the direction of call dialer
    * 08:13:23.143 May 26: Vi2 PPP: treatment of connection as a legend
    * 08:13:23.143 May 26: Vi2 PPP: id of Session Session handle [B 6, 000029] [20]
    * 08:13:23.143 May 26: Vi2 PPP: Phase is ESTABLISHING, open asset
    * 08:13:23.143 May 26: Vi2 PPP: permission NOT required
    * 08:13:23.143 May 26: Vi2 PPP: no authentication remotely for call out
    * 08:13:23.143 May 26: Vi2 LCP: O CONFREQ [Closed] id 44 len 10
    * 08:13:23.143 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:23.495 May 26: Vi2 PPP: LCP will not open, throw the package UNKNOWN (0xAAAA)
    * 08:13:25.151 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:25.151 May 26: Vi2 LCP: O CONFREQ [REQsent] id 45 len 10
    * 08:13:25.151 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:27.167 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:27.167 May 26: Vi2 LCP: O CONFREQ [REQsent] id 46 len 10
    * 08:13:27.167 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:28.719 May 26: Vi2 PPP: LCP will not open, throw the package UNKNOWN (0xAAAA)
    * 08:13:29.183 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:29.183 May 26: Vi2 LCP: O CONFREQ [REQsent] id 47 len 10
    * 08:13:29.183 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:31.199 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:31.199 May 26: Vi2 LCP: O CONFREQ [REQsent] id 48 len 10
    * 08:13:31.199 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:33.215 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:33.215 May 26: Vi2 LCP: O CONFREQ [REQsent] id 49 len 10
    * 08:13:33.215 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:33.499 May 26: Vi2 PPP: LCP will not open, throw the package UNKNOWN (0xAAAA)
    * 08:13:35.231 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:35.231 May 26: Vi2 LCP: O CONFREQ [REQsent] id 50 len 10
    * 08:13:35.231 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:37.247 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:37.247 May 26: Vi2 LCP: O CONFREQ [REQsent] id 51 len 10
    * 08:13:37.247 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:38.739 May 26: Vi2 PPP: LCP will not open, throw the package UNKNOWN (0xAAAA)
    * 08:13:39.263 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:39.263 May 26: Vi2 LCP: O CONFREQ [REQsent] id 52 len 10
    * 08:13:39.263 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:41.279 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:41.279 May 26: Vi2 LCP: O CONFREQ [REQsent] id 53 len 10
    * 08:13:41.279 May 26: Vi2 LCP: MagicNumber 0x1788EAE3 (0x05061788EAE3)
    * 08:13:43.295 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:13:43.295 May 26: Vi2 LCP: State is listening
    * 08:13:43.499 May 26: Vi2 PPP: LCP will not open, throw the package UNKNOWN (0xAAAA)
    * 08:13:48.763 May 26: Vi2 PPP: LCP will not open, throw the package UNKNOWN (0xAAAA)
    * 08:13:48.871 May 26: Vi2 PPP: LCP will not open, throw the package UNKNOWN (0xAAAA)

    ----------------------------------------------------------------------------
    * 08:14:48.279 May 26: Vi2 CHAP: using interface CHAP password
    * 08:14:48.279 May 26: Vi2 CHAP: O ANSWER id 192 len 42 of "[email protected] / * /"
    * 08:14:48.623 may 26: Vi2 LCP: I CONFREQ [open] id 1 len 14
    * 08:14:48.623 may 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.623 may 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.623 may 26: Vi2 PPP: event id of Acct sending [w] [13]
    * 08:14:48.627 May 26: Vi2 PPP: Phase ENDS
    * 08:14:48.627 May 26: Vi2 PPP: permission NOT required
    * 08:14:48.627 May 26: Vi2 PPP: no authentication remotely for call out
    * 08:14:48.627 May 26: Vi2 PPP: Phase is
    * 08:14:48.631 May 26: Vi2 LCP: O CONFREQ [open] id 75 len 10
    * 08:14:48.631 May 26: Vi2 LCP: MagicNumber 0x178A38D9 (0x0506178A38D9)
    * 08:14:48.631 May 26: Vi2 LCP: O CONFNAK [open] id 1 len 9
    * 08:14:48.631 May 26: Vi2 LCP: AuthProto CHAP (0x0305C22305)
    * 08:14:48.647 May 26: Vi2 LCP: I CONFACK [REQsent] id 75 len 10
    * 08:14:48.647 May 26: Vi2 LCP: MagicNumber 0x178A38D9 (0x0506178A38D9)
    * 08:14:48.647 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 2 len 14
    * 08:14:48.647 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.647 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.651 May 26: Vi2 LCP: O CONFNAK [ACKrcvd] id 2 len 9
    * 08:14:48.651 May 26: Vi2 LCP: AuthProto CHAP (0x0305C22305)
    * 08:14:48.667 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 3 len 14
    * 08:14:48.667 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.667 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.667 May 26: Vi2 LCP: O CONFNAK [ACKrcvd] id 3 len 9
    * 08:14:48.667 May 26: Vi2 LCP: AuthProto CHAP (0x0305C22305)
    * 08:14:48.683 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 4 len 14
    * 08:14:48.683 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.683 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.683 May 26: Vi2 LCP: O CONFNAK [ACKrcvd] id 4 len 9
    * 08:14:48.683 May 26: Vi2 LCP: AuthProto CHAP (0x0305C22305)
    * 08:14:48.699 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 5 len 14
    * 08:14:48.699 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.699 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.699 May 26: Vi2 LCP: O CONFNAK [ACKrcvd] id 5 len 9
    * 08:14:48.699 May 26: Vi2 LCP: AuthProto CHAP (0x0305C22305)
    * 08:14:48.715 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 6 len 14
    * 08:14:48.715 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.715 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.715 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 6 len 8
    * 08:14:48.715 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.731 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 7 len 14
    * 08:14:48.731 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.731 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 26 May 08:14:48.731: qVi2 TPIF: O [ACKrcvd] CONFREJ id 7 len 8
    * 08:14:48.731 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.747 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 8 len 14
    * 08:14:48.747 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.747 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.747 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 8 len 8
    * 08:14:48.747 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.763 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 9 len 14
    * 08:14:48.767 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.767 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.767 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 9 len 8
    * 08:14:48.767 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.783 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 10 len 14
    * 08:14:48.783 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.783 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.783 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 10 len 8
    * 08:14:48.783 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.799 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 11 len 14
    * 08:14:48.799 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.799 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.799 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 11 len 8
    * 08:14:48.799 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.815 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 12 14 len
    * 08:14:48.815 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.815 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.815 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 12 len 8
    * 08:14:48.815 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.831 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 13 len 14
    * 08:14:48.831 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.831 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.835 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 13 len 8
    * 08:14:48.835 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.851 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] len 14 14 id
    * 08:14:48.851 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.851 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.851 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 14 len 8
    * 08:14:48.851 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.867 May 26: Vi2 LCP: I CONFREQ [ACKrcvd] id 15 14 len
    * 08:14:48.867 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.867 May 26: Vi2 LCP: MagicNumber 0xB5A656B1 (0x0506B5A656B1)
    * 08:14:48.867 May 26: Vi2 LCP: O [ACKrcvd] CONFREJ id 15 len 8
    * 08:14:48.867 May 26: Vi2 LCP: AuthProto PAP (0x0304C023)
    * 08:14:48.883 May 26: Vi2 LCP: I have TERMREQ [ACKrcvd] id 16 len 4
    * 08:14:48.883 May 26: Vi2 LCP: O TERMACK [ACKrcvd] id 16 len 4
    * 08:14:48.883 May 26: Vi2 PPP: permission NOT required
    * 08:14:48.883 May 26: Vi2 PPP: no authentication remotely for call out
    * 08:14:48.963 May 26: Vi2 LCP: I have TERMREQ [REQsent] id 237 len 4
    * 08:14:48.963 May 26: Vi2 LCP: O TERMACK [REQsent] id 237 len 4
    * 08:14:50.623 may 26: Vi2 LCP: Timeout: REQsent of State
    * 08:14:50.623 may 26: Vi2 LCP: O CONFREQ [REQsent] id 76 len 10
    * 08:14:50.623 may 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:14:52.639 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:14:52.639 May 26: Vi2 LCP: O CONFREQ [REQsent] id 77 len 10
    * 08:14:52.639 May 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:14:54.655 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:14:54.655 May 26: Vi2 LCP: O CONFREQ [REQsent] id 78 len 10
    * 08:14:54.655 May 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:14:56.671 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:14:56.671 May 26: Vi2 LCP: O CONFREQ [REQsent] id 79 len 10
    * 08:14:56.671 May 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:14:58.687 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:14:58.687 May 26: Vi2 LCP: O CONFREQ [REQsent] id 80 len 10
    * 08:14:58.687 May 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:15:00.703 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:15:00.703 May 26: Vi2 LCP: O CONFREQ [REQsent] id 81 len 10
    * 08:15:00.703 May 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:15:02.719 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:15:02.719 May 26: Vi2 LCP: O CONFREQ [REQsent] id 82 len 10
    * 08:15:02.719 May 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:15:04.735 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:15:04.735 May 26: Vi2 LCP: O CONFREQ [REQsent] id 83 len 10
    * 08:15:04.735 May 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:15:06.751 May 26: Vi2 LCP: Timeout: REQsent of State
    * 08:15:06.751 May 26: Vi2 LCP: O CONFREQ [REQsent] id 84 len 10
    * 08:15:06.751 May 26: Vi2 LCP: MagicNumber 0x178A39DA (0x0506178A39DA)
    * 08:15:07.931 May 26: Vi2 LCP: I CONFREQ [REQsent] id 178 len 15
    * 08:15:07.931 May 26: Vi2 LCP: AuthProto CHAP (0x0305C22305)
    * 08:15:07.931 May 26: Vi2 LCP: MagicNumber 0x066381E6 (0x0506066381E6)
    * 08:15:07.931 May 26: Vi2 LCP: O CONFACK [REQsent] id 178 len 15
    * 08:15:07.931 May 26: Vi2 LCP: AuthProto CHAP (0x0305C22305)
    * 08:15:07.931 May 26: Vi2 LCP: MagicNumber 0x066381E6 (0x0506066381E6)

    ___________________________________________________________________________

    running configuration: -.

    boot-start-marker
    start the flash c870-advipservicesk9 - mz.124 - 15.XY3.bin system
    boot-end-marker
    !
    logging buffered 16384

    !
    AAA new-model
    !
    !
    !
    !
    AAA - the id of the joint session
    clock timezone GMT 11
    !
    !
    !
    !
    no ip source route
    !
    !
    No dhcp use connected vrf ip
    DHCP excluded-address IP 192.168.1.1 192.168.1.99
    192.168.1.151 IP dhcp excluded-address 192.168.1.254
    !
    IP dhcp pool my_dhcp_pool
    network 192.168.1.0 255.255.255.0
    default router 192.168.1.1
    DNS-server 203.12.160.35 203.12.160.36
    !
    !
    IP cef
    no ip bootp Server
    IP domain name proxad.net
    !
    No ipv6 cef
    Authenticated MultiLink bundle-name Panel
    VPDN enable
    !
    !
    !

    Archives
    The config log
    hidekeys
    !
    !
    !
    !
    !
    ATM0 interface
    no ip address
    response to IP mask
    no ip redirection
    IP directed broadcast to the
    no ip proxy-arp
    ATM ilmi-keepalive
    DSL-ITU - dmt operation mode
    !
    point-to-point interface ATM0.1
    TPG description
    response to IP mask
    IP directed broadcast to the
    PVC 8/35
    aal5mux encapsulation ppp Dialer
    Dialer pool-member 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Dot11Radio0
    no ip address
    Shutdown
    base speed - 1.0 2.0 basic basic-5, 5 6.0 9.0 basic-11, 0 12.0 18.0 24.0 36.0 48.0 54.0
    root of station-role
    !
    interface Vlan1
    Description connection to the network switch internal
    IP 192.168.1.2 255.255.255.0
    no ip redirection
    no ip proxy-arp
    IP nat inside
    IP virtual-reassembly
    !
    interface Dialer0
    Description connection to TPG
    no ip address
    no ip redirection
    no ip proxy-arp
    !
    interface Dialer1
    TPG description
    the negotiated IP address
    response to IP mask
    IP directed broadcast to the
    NAT outside IP
    IP virtual-reassembly
    encapsulation ppp
    Dialer pool 1
    Dialer-Group 1
    No cdp enable
    Authentication callin PPP chap Protocol
    PPP chap hostname [email protected] / * /
    PPP chap password 7<>
    !
    IP forward-Protocol ND
    IP route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    IP http server
    no ip http secure server
    overload of IP nat inside source list 101 interface Dialer0
    !
    access-list 101 permit ip 192.168.1.0 0.0.0.255 any
    Dialer-list 1 ip protocol allow
    not run cdp

    !
    !
    !
    !
    control plan
    !

    !
    max-task-time 5000 Planner
    NTP 218.214.125.154 server
    NTP 203.161.84.63 Server
    NTP 203.161.95.174 Server

    !
    WebVPN cef
    end

    Thank you

    Siva.

    Hello

    Have you tried to use PAP authentication?

    Update your config Dialer as follows:

    interface Dialer1
    TPG description
    the negotiated IP address
    response to IP mask
    IP directed broadcast to the
    NAT outside IP
    IP virtual-reassembly
    encapsulation ppp
    Dialer pool 1
    Dialer-Group 1
    No cdp enable
    PPP authentication chap pap callin
    PPP chap hostname [email protected] / * /
    PPP chap password 7
      PPP pap sent-username [email protected] / * / password

    You can also add:
    PPP ipcp dns request
    failure to track PPP ipcp

    Hope that helps,

    Andy

  • VPN site-to-site between 3 dynamic ip site to ip address static site

    Hi all

    I have a scenario,

    I have a static ip address in the headquarters and I have 4 office locations of all offices of construction site have dynamic ip.

    I created a site to site vpn between HO perfect work for 1 site office

    but I create a second profile in HO ASA for site office 2 config, I have created does not work.

    I use HO ASA 5520 and branches 5505 all site offices is ADSL connection

    I enclose my config HO

    Can u sat down just how dynamic config several profile in the HO

    Thank you

    Zeus

    It's just a suggestion...

    You want to get 3 dynamic sites connected with the HO, right?

    HO:

    As the branch have dynamic ip, you must use the DefaultL2LGroup profile (the same shared key for all three BO).

    The crypto-plan should be dynamic with the right soure/destination NET configured. Exempt NAT with the same source/destination NET as well.

    BO:

    Configured as a VPN Site-2-Site normal with the HO. The IPSEC Wizard is very useful.

    To connect to HO Bo, the branch must initiate the tunnel. After that, you have 2 full functional site site VPN.

    http://www.Cisco.com/en/us/partner/products/ps6120/products_configuration_example09186a00805733df.shtml

    Welcome,

    Norbert

  • A Site with NAT

    Hi all, thanks for looking. I'm a very basic user to a Cisco ASA 5510, I tend to do most of the things in the ASDM GUI interface.

    We need to create a site to site with a client connection. It's pretty easy but there is a caveat, we can use our internal IPS that they already use the range elsewhere. If we gave them two different IP, for example 192.158.22.101 and 192.158.22.102. I created the site to the site using these two survey periods, but these do not exist internally on the machines because they are not IPs on our network, which is using 192.158.44.0.

    The question I have is how can I get the IP addresses 192.158.44.101 and 192.158.44.102 to become 92.158.22.101 and 92.158.22.102 before being sent via this connection. I tried to add the NAT to the object of an IP address related, but I'm obviously missing something.

    The other option, I do not fear to do, is to add a new range of internal IP 192.158.22.0 addresses, but I don't know how do either.

    Any help would be appreciated, I'm really bad here and spent two weeks on this subject already. I searched for it, but it seems that it is either too basic for most people wonder or slightly different, for example, they have control of the two sites.

    Hello

    Add to that dieng said here is the config for NATTING as two IPS 192.158.44.101 and 102:

    network object obj - 192.158.44.101

    Home 192.158.44.101

    network object obj - 192.158.44.102

    Home 192.158.44.102

    object obj -192.158.22.101 network

    Home 192.158.22.101

    object obj -192.158.22.102 network

    host 192.158.22.102

    object obj remote network

    10.x.x.x subnet 255.255.255.0

    You need two NAT statements for this:

    NAT (inside, outside) source dynamic obj - 192.158.44.101 obj -192.158.22.101 destination static obj-remote obj-remote

    nat source (indoor, outdoor) obj dynamic obj - 192.158.44.102 - 192.158.22.102 destination static obj obj-remote control-remote control

    It will be useful.

    Kind regards

    Aditya

    Please evaluate the useful messages.

  • Cisco 877 + VPN Site to Site

    Hello

    I'm new im this forum.
    I've set up a Site VPN site with 2 Cisco 877.

    SITE A:

    Address IP Adreess public: static
    Internal IP Adrees: 192.168.0.XXX
    Mask: 255.255.255.0

    SITE B:

    IP address public Adreess: Dynamics
    Internal IP address: 192.168.2.XXX
    Mask: 255.255.255.0

    I managed to do a ping on both sides, but I can't access file shares, and could rdp on any server in site A, by the internal IP address.

    Fix, is the SITES A and B SITE startup configs.

    Could you please someone help me?

    Hi Marcos,

    Really happy to know that the problem is solved. There is no need to apologize. Please mark this message as answered if there is nothing more.

    Rregards,

    Assia

  • VPN site to Site with restrictions (vpn-filter)

    VPN site to site, I installed and it works fine and two site can meet but I question after the vpn enforcement - run under Group Policy

    restrict users in the local site for dial-up networking with specific tcp ports, the vpn does not not like after order question «sh l2l vpn-sessiondb»

    This works but users can't access something in the remote site

    Note > after rising online in ACL at the end with this

    US_SITE ip access list allow a whole

    new to works well again

    example of a line of Access-List

    US_SITE list extended access permit tcp host 10.68.22.50 host 192.168.10.23 HTTP_HTTPS object-group
    US_SITE list extended access permit tcp host 10.68.22.50 host 192.168.10.24 HTTP_HTTPS object-group

    local network: 10.68.22.50

    remote network: 192.168.10.24

    is that correct or not?

    attributes of the strategy group x.x.x.x
    value of VPN-filer US_SITE

    tunnel-group General y.y.y.y
    x.x.x.x by default-group-policy

    Note: allowed sysopt active vpn connection

    The syntax on ACL that is used as a vpn-filter is different from what is normally expected. These VPN filters is not a direction, it should be noted the traffic we want to allow incoming and outgoing of the VPN in an ACL. The syntax for this is:

    access-list X permit/deny REMOTE-DEFINITION LOCAL-DEFINITION

    Example: You want to allow local users to access the RDP on the remote site:

    access-list VPN-ACL permit tcp host 192.168.10.24 eq 3389 10.68.22.0 255.255.255.0
    Disadvantage: This is all really confusing, and you can't afford things like Ping in one direction.

  • Problem with VPN Site-to-Site between RV215W and ASA5510

    The RV215W is intended to connect a new branch via 3G, but fail.

    But when connected to the internet via a cable modem VPN works.

    I have set up with the FULL domain name and remote ip address.

    Please help me soon as soon as you can.

    Thaks a lot.

    Henriux2412.

    Dear Henry;

    Thank you to the small community of Support Business.

    I doubt that this VPN site-to-site is compatible with the USB modem broadband Mobile 3 G, but I have when even suggest to verify that the Status field of the map will show your mobile card is connected (status > Mobile network). I've seen a similar problem with a Verizon USB modem where the solution was to change a few settings in their access Manager software ("NDIS Mode - connect manually" has been selected and change this option to "Modem Mode - connect manually fixed), but if this is not your case then I suggest you to check with your service provider about supported VPN site to site on the WAN configuration.

    Except that I advise you to contact the Small Business Support Center for more information on this subject, although I don't think they will support

    https://supportforums.Cisco.com/community/NetPro/small-business/sbcountrysupport

    Do not hesitate to contact me if there is anything I can help you with in the meantime.

    Kind regards

    Jeffrey Rodriguez S... : | :. : | :.
    Support Engineer Cisco client

    * Please rate the Post so other will know when an answer has been found.

  • How to turn the notifications by e-mail to connect VPN Site to Site on ASA?

    How to activate the VPN Site to Site connection e-mail notifications?

    Maybe it's possible with the event Manager?

    Hi Mario

    I think this could work depending on your intent:

    logging list email level notifications class vpnlogging list email level notifications class vpnc!logging mail emaillogging from-address logging recipient-address  level notifications
    Cordially Véronique

  • Cisco ASA VPN Site to Site WITH NAT inside

    Hello!

    I have 2 ASA 5505 related to IPSEC Tunnel VPN Site to Site.

    A 192.168.1.0/24 'remotely' inside the network and a local "192.168.200.0/24' inside the network (you can see the diagram)

    The local host have 192.168.200.254 as default gateway.

    I can't add static route to all army and I can't add static route to 192.168.200.254.

    NAT the VPN entering as 192.168.200.1 or a 192.168.200.x free to connect my host correcly?

    If my host sends packet to exit to the default gateway.

    Thank you for your support

    Best regards

    Marco

    The configuration must be applied on the SAA with the 192.168.200.0 subnet it is inside, there must be something like this:

    permit 192.168.1.0 ip access list VPN_NAT 255.255.255.0 192.168.200.0 255.255.255.0

    NAT (outside) X VPN_NAT outside access list

    Global (inside) X Y.Y.Y.Y (where the Y.Y.Y.Y) is the ip address

    If you have other traffic on the vpn through the tunnel that requires no nat, then you must add external nat exemption rules since these lines above obliges all traffic through the asa to have a nat statement.

    See if it works for you, else post your config nat here.

  • VPN site to Site with a side PAT

    Hi all

    I created a VPN site-to site between two ASA 5505 s, with one side having a static public IP address and one side behind a device with PAT. UDP 500 is sent to the ASA.

    The tunnel works very well if the launched of the side behind the PAT, but may not be brought after on the other side.

    Here's what I see in the system log during initialization of the 'wrong' side:

    Is it still a problem with PAT?

    Best regards

    Tobias

    Hello

    To be honest, these are sometimes a little hard the problems especially when you do not have access to actual devices.

    For me the newspapers you shared seem to indicate a problem with the negotiation of Phase 1 where this local line sends proposals of Phase 1 to the remote device until he returned their enough responsible for negotiating to complete.

    So, I would try to confirm the device to remote site that this traffic is indeed allowed. For example, you can check the remote via a management connection VPN device when the VPN is NOT upward and see if there is no sign of VPN negotiating taking place when you start the other site traffic. That said if he still sees the initial messages in the direction that has problems with the opening of the tunnel.

    When you launch the negotiation this site VPN, what you see with the release of

    ISAKMP crypto to show his

    or with the latest software

    See ikev1 crypto his

    Try to take out several times while you generate the traffic to the VPN

    If the remote device does not respond at all you would see probably something like MM_WAIT_MSG2, which means that the local VPN device awaits the first response (second message to trading) of the remote VPN device.

    Maybe this will help you narrow down the problem a bit.

    -Jouni

  • Can VPN site-to-site with just 1 static IP address in PIX?

    Hi all

    Can I use pix for VPN with just 1 static IP address as follows:

    LAN-A---PIX1---INTERNET---PIX2---LAN-B

    Just PIX1 has static IP, PIX2 use DHCP from ISP. I have the config this type of VPN with another brand equipment. But the use of PIX, I just VPN config with both ends have a static IP and I can't find any information in the web site. Because when config VPN site-to-site I have to use the command 'same game '.

    Can someone tell me how can I do with PIX? Thank you!

    Best regards

    Teru Lei

    You just need to set up a dynamic encryption on PIX 1 card and a card standard encryption with a peer 'set' on 2 PIX. Here is an example configuration:

    http://www.Cisco.com/warp/public/110/dynamicpix.html

    Note that it also has VPN connection clients in 1 PIX (Lion), so forget all orders of "vpngroup" that you see in his configuration cause, they are not necessary for your scenario.

  • local host to access the vpn site to site with nat static configured

    I have two 881 routers with vpn site to site between them. I have a static nat on the router for a Web server that is accessible from the internet. I can't access the Web server through the vpn. All other traffic is fine its VPN. I think that there is a problem with the NAT. Here are the relevant configuration lines.

    IP nat inside source overload map route SDM_RMAP_1 interface FastEthernet4
    IP nat inside source static 192.168.150.2 bonnefin map route SDM_RMAP_1

    allowed SDM_RMAP_1 1 route map
    corresponds to the IP 100

    access-list 100 deny ip 192.168.150.0 0.0.0.255 192.168.123.0 0.0.0.255
    access-list 100 permit ip 192.168.150.0 0.0.0.255 any

    You should be able to access the web server with its IP private (192.168.150.2) through the VPN connection.

    If you just add the VPN and the road map, try to clear the existing translation and see if you can access it via its private of the Remote LAN VPN ip address.

  • Help with 1921 SRI Easy VPN remote w / Easy VPN Site-to-Site access

    I have two 1921 ISR routers configured with easy site to site VPN.  I configured VPN each ISR ACL so that all networks on each site can communicate with the private networks of the other site.   I have a 1921 SRI also configured as an easy VPN server.

    Problem: when a remote user connects to the easy VPN server, the user can only access private networks on the site of the VPN server.  I added the IP network that is used for remote users (i.e. the Easy VPN Server IP pool) to each VPN ACL 1921, but the remote user still cannot access other sites private network via the VPN site to another and vice versa.

    Problem: I also have a problem with the easy VPN server, do not place a static host route in its routing table when he established a remote connection to the remote user and provides the remote user with an IP address of the VPN server's IP pool.  The VPN server does not perform this task the first time the user connects.  If the user disconnects and reconnects the router VPN Server does not have the static host route in its routing table for the new IP address given on the later connection.

    Any help is appreciated.

    THX,

    Greg

    Hello Greg,.

    The ASAs require the "same-security-traffic intra-interface permits" to allow through traffic but routers allow traversed by default (is there no need for equivalent command).

    Therefore, VPN clients can access A LAN but can't access the Remote LAN B on the Site to Site.

    You have added the pool of the VPN client to the ACL for the interesting site to Site traffic.

    You must also add the Remote LAN B to the ACL of tunneling split for VPN clients (assuming you are using split tunneling).

    In other words, the VPN router configuration has for customers VPN should allow remote control B LAN in the traffic that is allowed for the VPN clients.

    You can check the above and do the following test:

    1. try to connect to the remote VPN the B. LAN client

    2. check the "sh cry ips his" for the connection of the VPN client and check if there is a surveillance society being built between the pool and Remote LAN B.

    Federico.

  • the WAN connection becomes too slow after you have configured the VPN (Site Site)

    Hello

    I have two branches connected via WAN (MPLS) connection using two 2921 routers.the connection is 2 M.

    I set up a VPN between these two sites, but after the connection has become very slow.

    y at - it something I can do to speed up the speed of connection.

    VPN proposals are:

    Proposals of the phase 1: 3DES, pre-shared,.

    Phase 2 proposals: esp-3des esp-sha-hmac

    I don't think that lower levels of security proposals will add a lot to the speed...

    Hi Marc,

    one thing you should definitely is a hardware encryption go if you do not already tht, it also reduces the load on your cpu

    You can try other things is play with mtu, according to your line mtu and what applications are mainly used. try setting the mtu of at least 60 odd bytes lower than the mtu and also sometimes server line recommended mtu settings like server many have obligation to mtu to 1300 or 1400, if that's not it can cause a lot of re transmissions, you can also try fragmentation before encryption

    http://www.Cisco.com/en/us/docs/interfaces_modules/services_modules/VSPA/configuration/guide/ivmvpnb.PDF

  • ASA (v9.1) VPN from Site to Site with IKEv2 and certificates CEP/NDE MS

    Hi all

    I am currently a problem with VPN Site to Site with IKEv2 and certifiactes as an authentication method.

    Here is the configuration:

    We have three locations with an any to any layer 2 connection. I created each ASA (ASA5510 worm 9.1) to establish one VPN of Site connection to the other for the other two places. Setting this up with pre shared keys and certificates that are signed by the CA MS administrator manually work correctly.

    But when we try to enroll these certificates through the Protocol, CEP/NDE his does not work.

    Here are my steps:

    1 configure the CA Turstpoint to apply to the certification authority

    2. request that the CA through the SCEP protocol works fine

    3. set up a Trustpoint and a pair of keys for the S2S - VPN connection

    4. registration form identity certificate CA via the SCEP Protocol with a one time password works fine

    5. set the trustpoint created as for the S2S - VPN IKEv2 authentication method.

    Now I did it also for the other site of the VPN Tunnel. But when I ping on a host that is on a different location to make appear the Tunnel VPN - the VPN session is not established. In the debugs I see that there are a few problems during authentication of the remote peer.

    On the MS that I see that the certifactes of identity for both ASAs are communicated and not revoked or pending state. The certificate based on the model of the "IPSec (Offline).

    When the CA-Admin and a certificate me manually based on a copy of the model of "Domaincontroller" connection is successfully established.

    So I would like to know which is the correct certificate for IP-Sec peers template to use for the Protocol, CEP and MS Enterprise CA (its server 2008R2 of Microsoft Enterprise)?

    Anyone done this before?

    ASA requires that the local and Remote certificate contains EKU IP Security Tunnel Endpoint (1.3.6.1.5.5.7.3.6) (aka IP Security Tunnel termination). You can create a Microsoft CA model to add.

    If you absolutely must go with the 'bad' cert, there is a command

    ignore-ipsec-keyusage

    but it is obsolete and not recommended.

    Meanwhile at the IETF:

    RFC 4809

    3.1.6.3 extended Key use

    Extended Key Usage (EKU) indications are not required.  The presence
    

    or lack of an EKU MUST NOT cause an implementation to fail an IKE
    

    connection.

Maybe you are looking for

  • Why update?

    Another bloody updated with corrections of bugs that do not concern me. Your code is needlessly fat. A simpler solution would be appreciated, create fewer problems and lose the least resources, for more people.

  • connect to Internet

    I have a problem that began about 3 weeks. There, whenever I go to the mode 'sleep' it does not connect automatly, I have to reset my network card or the reboot, or sutdown to auto connect, please can you help me. Roger D. Hawkins

  • Lost blackBerry BB Z10 Z10. How can I delete data or destroy the phone?

    Hello guys,. I lost my new Z10 BB and didn t download BB to protect again. I know, I have activated something 'protect' in the settings menu, but I have no idea how manage it now. Help, please. Thank you.

  • deletion of files and cookies, history does not seem to go beyond auto-fill

    How can I get rid of all the search words since I have used? I was able to do it before simply deleting the history, but not anymore.

  • Connection to a database of Cassandra in Dreamweaver

    I created a database of Cassandra directly on my Mac OSX Version 10.9.5 without the use of virtual images. Now, I want to connect the database to a site in Dreamweaver. Someone has an idea how to do to create a connection to a database no SQL in Drea