Questions

Can't get EasyVpn to work Bellsouth DSL PPPoe Netopia 2241N-VG w/Cisco 851w

+
0 Votes
Locked

Can't get EasyVpn to work Bellsouth DSL PPPoe Netopia 2241N-VG w/Cisco 851w

jerrydurden
I am by no means a router guru, but I have had some experience performing simple configs, however I can't get my 851w to VPN access to work with Bellsouth DSL PPPoe. I have a Netopia 2214N-VG that is bridged to my 851w. Internet access is working and I can ssh into it. However, some sites or slow and some only load half-way AND I can't establish a VPN connection. Any help would be appreciated. Thanks ! Here is my config:

!This is the running config of the router: xxx.xxx.xxx.xxx
!----------------------------------------------------------------------------
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CS851w
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$SSi1$Z4YoW78K24ueywF87DvQd.
enable password 7 151118480127282B
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login CSREMOTES local
aaa authorization exec default local
aaa authorization network CSREMOTES local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
!
!
ip cef
ip inspect name MYFW tcp
ip inspect name MYFW udp
ip domain name CS.com
vpdn enable
!
!
!
crypto pki trustpoint TP-self-signed-4233279387
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4233279387
revocation-check none
rsakeypair TP-self-signed-4233279387
!
!
crypto pki certificate chain TP-self-signed-4233279387
certificate self-signed 01
30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323333 32373933 3837301E 170D3038 30353032 30323335
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32333332
37393338 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D933 2D1BAA3B 7B11A825 ED63FA76 150F0A6F 967566A6 7070EFA0 A33E54D2
023A5494 C68AA85B 187A7C58 8EC8DC39 79AEAF2E C7A11EE7 360CB979 5E76878E
E8743CB5 4679BE5C CE6D0BCB BF9758C7 EDC93A80 67220800 1BA642D3 5AD1C98D
9EB3F5F1 C48AED23 CA8764FB ABF2320F 180D58D2 5B410622 1E697B0B B566BA8D
862B0203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603
551D1104 11300F82 0D435338 3531772E 43532E63 6F6D301F 0603551D 23041830
168014A6 287EA022 347C4872 7221D126 1DB02286 903B0230 1D060355 1D0E0416
0414A628 7EA02234 7C487272 21D1261D B0228690 3B02300D 06092A86 4886F70D
01010405 00038181 00C375BC D45889E7 F56FC4AF 5D79BB0C C3384D07 E7ABD567
D2C8D0A1 5907E6A7 8D90FEF2 249851DD 26D5AFF2 42B8573B 7F830E5F F21CA6C1
340E8776 CD3070A7 609B5C4E 5D8C8621 8DFA8549 F8831BE4 EBFBC6CE 3C3C4971
6FFA9A08 FD239C0B 34B3CFFC 4A9D662C 9C883F29 301ED491 F7C6A661 D5ED4075
F2BD7788 A1B4FC9F 00
quit
username admin privilege 15 password 7 passwordgoeshere
username csremote1 password 7 passwordgoeshere
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 36000
!
crypto isakmp client configuration group CSREMOTES
key 550Lobdell
dns 192.168.50.3
domain namegoeshere
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
!
crypto dynamic-map remotemap 1
set transform-set vpn1
reverse-route
!
!
crypto map remotemap isakmp authorization list CSREMOTES
crypto map remotemap client configuration address respond
!
crypto map static-map 1 ipsec-isakmp dynamic remotemap
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid CS-WiFi
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 014653547704040B244042
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer1
mtu 1492
ip address negotiated
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname myhostname@bellsouth.net
ppp chap password mypassword
ppp pap sent-username myhostname@bellsouth.net password mypassword
ppp ipcp dns request
ppp ipcp address accept
crypto map static-map
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.50.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool remote_pool 192.168.50.200 192.168.50.210
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.50.2 25 interface Dialer1 25
ip nat inside source static tcp 192.168.50.2 135 interface Dialer1 135
ip nat inside source static tcp 192.168.50.2 143 interface Dialer1 143
ip nat inside source static tcp 192.168.50.3 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.50.2 443 interface Dialer1 443
!
ip access-list extended Internet-inbound-ACL
remark SDM_ACL Category=17
permit tcp any any eq 3389
permit udp any eq bootps any eq bootpc
permit gre any any
permit esp any any
permit tcp any any eq 443
permit tcp any any eq 22
permit icmp any any
permit tcp any any eq smtp
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq 1023
!
access-list 1 permit 192.168.50.0 0.0.0.255
dialer-list 1 protocol ip list 1
!
control-plane
!
bridge 1 route ip
banner login ^CYou have reached a secure area! Unauthorized access is strictly prohibited!^C
banner motd ^C
You have reached a secure area! Unauthorized access / usage is strictly prohibited!^C
!
line con 0
exec-timeout 35791 0
password 7 011015405E060500
logging synchronous
no modem enable
line aux 0
exec-timeout 35791 0
line vty 0 4
exec-timeout 35791 0
password 7 06051C6549430A16
logging synchronous
transport input ssh
!
scheduler max-task-time 5000
end