Security Basics mailing list archives
Re: Cisco L2L VPN Issue
From: Karsten Iwen <newsletter () saviya de>
Date: Tue, 12 Jul 2005 17:59:53 +0200
I think you don't need a logical interface but "ip radius source-interface fastEthernet 0/0" (or whatever your internal interface is).
regards, Karsten Iwen -- Dipl.-Ing. Karsten Iwen Network- and Security Consultant/Trainer CCIE #14602 (Security) CCSI, CCSP, CCNP MCSE: Security pilotalb () nycap rr com schrieb:
Problem: Data sourced from the Cisco 2811 does not appear to be marked as interesting and will not be forwarded over the IPSEC tunnel. The issue with this is that security requirements require AAA authentication to all network devices. The Intranet-based AAA server is configured properly on the router but the AAA packets don’t seem to be marked as interesting and will simply just not route anywhere. I therefore cannot login without a console connection. I also have each of our remote site routers act as a DNS proxy. Basically that means the router is configured with the “ip dns server” and “ip name-server <corporate DNS IP>” commands. Once again the Intranet-based DNS server traffic will not forward out the VPN tunnel (but clients using the corporate DNS IP directly will work fine). I tested a theory by running an extended ping. Any data sourced from the internal interface will forward out the VPN tunnel (or rather the traffic Ihave marked as interesting… which is simply all Intranet-based traffic). Any other standard pings are simply unroutable and will not leave therouter. It appears I need to somehow create a logical interface for the VPN tunnel and point all traffic to that interface (using something like “ip route 0.0.0.0 0.0.0.0 vpninterface0). I’ve tried Googling and hitting cisco.com but all I can see is brief mention of “tunnel0” interfaces. Has anyone else tried to setup a remote site to completely run off of a VPN tunnel and have the config working? Am I right in believing I need to create a VPN interface? If so how? Any input would be appreciated. Thanks, Mike W.
Current thread:
- Cisco L2L VPN Issue pilotalb (Jul 11)
- Re: Cisco L2L VPN Issue Karsten Iwen (Jul 12)