Prev: Vlans and PIX question
Next: Differnce between setting mac address port security under the interface vs. the mac address-table global command
From: Elia S. on 1 Feb 2010 08:41 Hello I am in this situation: HQ: Cisco 2651XM fast0/0 LAN 192.168.1.0/24 fast0/1 remote link to the remote office via wireless link atm0.1 wan link Remote office: ( Cisco 831: eth0: LAN 192.168.10.0/24 eth1: "WAN" the eth1 of the C831 is connected via a transparent wireless bridge to the fast0/1 of the C2651xm in the HQ The C831 is not on all the day but only for a few hours a day. the remote lan just browses the internet via the wi-fi link and via the HQ's link. The wifi link is established at 11mbit (5mbit real throughput). The wireless link is encrypted via wep128 (UNSECURE) and cannot be upgraded. After some days of planning I produced these ideas: a) PPPoE Link (the C831,when switched on, calls the 2651XM and makes a PPP link to it) ms-chap-v2 + mppe 128 b) lan to lan ipsec link. I have the problem that I can route though ipsec the traffic destinated to the remote lans (192.168.1.x -> 192.168.10.x and vice-versa but I don't know how to tunnel the traffic to internet via the 2651xm). c) L2TP+IPSEC. A dialer interface on the C831 and a ip route 0.0.0.0 0.0.0.0 dial1 so everything goes through it. Problem: I never configured a l2tp "dial up" . Someone can help me ?
From: bod43 on 1 Feb 2010 09:42 On 1 Feb, 13:41, "Elia S." <adminNOS...(a)spadhausen.com> wrote: > Hello > I am in this situation: > > HQ: > Cisco 2651XM > fast0/0 LAN 192.168.1.0/24 > fast0/1 remote link to the remote office via wireless link > atm0.1 wan link > > Remote office: ( > Cisco 831: > eth0: LAN 192.168.10.0/24 > eth1: "WAN" > > the eth1 of the C831 is connected via a transparent wireless bridge to the > fast0/1 of the C2651xm in the HQ > The C831 is not on all the day but only for a few hours a day. the remote > lan just browses the internet via the wi-fi link and via the HQ's link. The > wifi link is established at 11mbit (5mbit real throughput). > The wireless link is encrypted via wep128 (UNSECURE) and cannot be upgraded. > > After some days of planning I produced these ideas: > > a) PPPoE Link (the C831,when switched on, calls the 2651XM and makes a PPP > link to it) ms-chap-v2 + mppe 128 > b) lan to lan ipsec link. I have the problem that I can route though ipsec > the traffic destinated to the remote lans (192.168.1.x -> 192.168.10.x and > vice-versa but I don't know how to tunnel the traffic to internet via the > 2651xm). > c) L2TP+IPSEC. A dialer interface on the C831 and a ip route 0.0.0.0 0.0.0.0 > dial1 so everything goes through it. > > Problem: I never configured a l2tp "dial up" . > Someone can help me ? You may already have considered this however my first thought is to just make the link a routed link. This makes IPSEC straightforward and will also prevent any broadcasts from leaking across the radio link. L2TP-v3 does not seem to be supported on 83x or 85x or 87x. L2TP does not seem to be supported on 831 but is on 836 and 801 so maybe that's a mistake in the Feature Navigator.
From: bod43 on 1 Feb 2010 09:49
On 1 Feb, 14:42, bod43 <Bo...(a)hotmail.co.uk> wrote: > On 1 Feb, 13:41, "Elia S." <adminNOS...(a)spadhausen.com> wrote: > > > > > Hello > > I am in this situation: > > > HQ: > > Cisco 2651XM > > fast0/0 LAN 192.168.1.0/24 > > fast0/1 remote link to the remote office via wireless link > > atm0.1 wan link > > > Remote office: ( > > Cisco 831: > > eth0: LAN 192.168.10.0/24 > > eth1: "WAN" > > > the eth1 of the C831 is connected via a transparent wireless bridge to the > > fast0/1 of the C2651xm in the HQ > > The C831 is not on all the day but only for a few hours a day. the remote > > lan just browses the internet via the wi-fi link and via the HQ's link. The > > wifi link is established at 11mbit (5mbit real throughput). > > The wireless link is encrypted via wep128 (UNSECURE) and cannot be upgraded. > > > After some days of planning I produced these ideas: > > > a) PPPoE Link (the C831,when switched on, calls the 2651XM and makes a PPP > > link to it) ms-chap-v2 + mppe 128 > > b) lan to lan ipsec link. I have the problem that I can route though ipsec > > the traffic destinated to the remote lans (192.168.1.x -> 192.168.10.x and > > vice-versa but I don't know how to tunnel the traffic to internet via the > > 2651xm). > > c) L2TP+IPSEC. A dialer interface on the C831 and a ip route 0.0.0.0 0.0.0.0 > > dial1 so everything goes through it. > > > Problem: I never configured a l2tp "dial up" . > > Someone can help me ? > > You may already have considered this however my > first thought is to just make the link a routed link. > > This makes IPSEC straightforward and will also prevent > any broadcasts from leaking across the radio link. > > L2TP-v3 does not seem to be supported on > 83x or 85x or 87x. > > L2TP does not seem to be supported on > 831 but is on 836 and 801 so maybe that's a mistake > in the Feature Navigator. By the way - if not already obvious I don't know much about L2TP. I did notice this - http://www.net-gyver.com/?p=952 Bridging over GRE tunnels. router-t(config-if)#bridge-group 1 % This command is an unreleased and unsupported feature Still unsupported but apparently is does work?? It's not in the help. (config-if)#bridge? % Unrecognized command This is an 877 on Version 12.4(15)T7. |