ezvpn w/ router which has changing public address (PPPoE)

NewsGroups | Search | Tools

User Password

Lost Password?

alt.certification.cisco

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Yahoo!

Google

Windows Live

del.icio.us digg

digg

Netscape

Subject	Author	Date
ezvpn w/ router which has changing public address (PPPoE)	=?ISO-8859-15?Q?J=F6rg_Sch=FCt	03-03-2006

Posted by =?ISO-8859-15?Q?J=F6rg_Sch=FCt on March 3, 2006, 1:53 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Hi

We want to set up a VPN connection between our ASA 55xx and a
router (Cisco 1841) which will get it's public IP via PPPoE.
When using PPPoE we will not know which will be our IP address
(it will change every 24 hours).
We are not able to establish a vpn connection (not even phase 1)
between these two devices.
There was no problem establishing a vpn connection when this
router had a fixed ip address by routing all the traffic to the
default gateway of the ISP. The ASA had no knowledge about the
fixed IP of the router.
To make things more complicated, we have no real dynamic address
assignment from our ISP. We have to set the IP address manually to
establish a connection via PPPoE.
Can anyone plese point out where the error in this config is?

version 12.4
hostname yourname
no aaa new-model
ip subnet-zero
no ip cef
no ip dhcp use vrf connected
ip dhcp pool test
network 10.250.7.8 255.255.255.248
dns-server 192.168.1.1
default-router 10.250.7.9
lease infinite
!
no ip domain lookup
vpdn enable
!
username xyzxyz password 0 asdfasdfasdf
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp keepalive 20
!
crypto ipsec transform-set Strong esp-aes esp-sha-hmac
!
crypto ipsec client ezvpn nameOfTunnelGroup
connect auto
group dynVPN key jkljkljkljlk
local-address FastEthernet0/1
mode network-extension
peer 1.2.3.4
username xyzxyz password asdfasdfasdf
xauth userid mode local
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 10.250.7.9 255.255.255.248
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
crypto ipsec client ezvpn nameOfTunnelGroup inside
!
interface FastEthernet0/1
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
!
interface Dialer1
ip address xxx.xx.xxx.xxx 255.255.255.0
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
no keepalive
no cdp enable
ppp authentication chap callin
ppp chap hostname qwerqwerqwerqwer
ppp chap password 0 132412341234
crypto ipsec client ezvpn nameOfTunnelGroup
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 10.250.7.8 0.0.0.7

J=F6rg

--=20
J=F6rg Sch=FCtter http://www.schuetter.org/joerg
joerg@schuetter.org http://www.lug-untermain.de/

Similar Threads	Posted
cisco pix 501 and PPPoE	April 19, 2005, 10:55 pm
Liberate IP address on a DHCP-client router	July 14, 2005, 11:28 am
changing IP addresses for VPN	April 28, 2005, 4:39 am
Multiple public IP behind PIX 501	December 1, 2005, 7:44 am
Multiple public IP behind PIX 501	December 1, 2005, 7:43 am
Changing the configuration register	December 29, 2005, 12:49 pm
public vs private data network	April 11, 2005, 2:21 am
A discussion of how Cisco Unified Communications is changing the workplace environment	August 29, 2006, 4:33 am
PEER ADDRESS	March 29, 2005, 7:42 pm
IP address overlapping ?	August 14, 2005, 6:27 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com