Re: [OSL | CCIE_Voice] Proctor Labs Easy VPN setup
Daniel, Have you tried to apply the configs and it didn't work? You don't need to use the entire EZVPN configs but something similar to the following (what I have on my home device). crypto isakmp policy 10 encr 3des authentication pre-share group 2 ! ! crypto ipsec client ezvpn IPx-Pod3 connect manual group vpodg3 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod2 connect manual group vpodg2 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod6 connect manual group vpodg6 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod18 connect manual group vpodg8 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod1 connect manual group vpodg1 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod5 connect manual group vpodg5 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod19 connect manual group vpodg9 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod4 connect manual group vpodg4 key proctorvoice mode client peer 209.124.41.250 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex crypto ipsec client ezvpn IPx-Pod3 inside ! interface FastEthernet1/0 mac-address 0017.a4dd.d4eb bandwidth 15000 ip address dhcp ip access-group INTERNET-IN in ip nat outside ip nbar protocol-discovery load-interval 30 speed 100 full-duplex crypto ipsec client ezvpn IPx-Pod3 ! I leave the old crypto ipsec client ezvpn commands in their so I can just change what pod I am using right before I start my labbing. I do have a bit differnet setup since I have a dedicated inside interface for my labbing traffic but it isn't much different than someone with a 2 interface router running EZVPN. Also, make sure you are offering up option 150 on your home DHCP pool that points to the CCM's in your lab (needs to also be changed before the start of each lab). Let me know if you have any other questions. --- Daniel Dellinger [EMAIL PROTECTED] wrote: I'd like to use the proctor labs easyvpn config so I can register my phones to CCM/CME at proctor labs during lab sessions. I've read the instructions but unclear on outside interface settings. I have DSL and my provider gives me a public ip via dhcp. I understand I need to connect the dsl modem into my 2651xm running AIS. But how do I address the outside interface of 2651? Public IP is up at the dsl modem's WAN port. Today DSL modem has public IP x.x.x.x on wan port and private subnet for pc's 192.168.1.0/24 Thanks in advance, Jacob Owen CCIE #14063 (RS, Service Provider), CCVP, CCDP
Re: [OSL | CCIE_Voice] Proctor Labs Easy VPN setup
Daniel, Have you tried to apply the configs and it didn't work? You don't need to use the entire EZVPN configs but something similar to the following (what I have on my home device). crypto isakmp policy 10 encr 3des authentication pre-share group 2 ! ! crypto ipsec client ezvpn IPx-Pod3 connect manual group vpodg3 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod2 connect manual group vpodg2 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod6 connect manual group vpodg6 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod18 connect manual group vpodg8 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod1 connect manual group vpodg1 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod5 connect manual group vpodg5 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod19 connect manual group vpodg9 key proctorvoice mode client peer 209.124.41.250 crypto ipsec client ezvpn IPx-Pod4 connect manual group vpodg4 key proctorvoice mode client peer 209.124.41.250 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 speed 100 full-duplex crypto ipsec client ezvpn IPx-Pod3 inside ! interface FastEthernet1/0 mac-address 0017.a4dd.d4eb bandwidth 15000 ip address dhcp ip access-group INTERNET-IN in ip nat outside ip nbar protocol-discovery load-interval 30 speed 100 full-duplex crypto ipsec client ezvpn IPx-Pod3 ! I leave the old crypto ipsec client ezvpn commands in their so I can just change what pod I am using right before I start my labbing. I do have a bit differnet setup since I have a dedicated inside interface for my labbing traffic but it isn't much different than someone with a 2 interface router running EZVPN. Also, make sure you are offering up option 150 on your home DHCP pool that points to the CCM's in your lab (needs to also be changed before the start of each lab). Let me know if you have any other questions. --- Daniel Dellinger [EMAIL PROTECTED] wrote: I'd like to use the proctor labs easyvpn config so I can register my phones to CCM/CME at proctor labs during lab sessions. I've read the instructions but unclear on outside interface settings. I have DSL and my provider gives me a public ip via dhcp. I understand I need to connect the dsl modem into my 2651xm running AIS. But how do I address the outside interface of 2651? Public IP is up at the dsl modem's WAN port. Today DSL modem has public IP x.x.x.x on wan port and private subnet for pc's 192.168.1.0/24 Thanks in advance, Jacob Owen CCIE #14063 (RS, Service Provider), CCVP, CCDP
Re: [OSL | CCIE_Voice] Proctor Labs Easy VPN setup
When you sign onto your ProctorLabs vRack session - you receive the configuration for the EasyVPN for your particular pod. This configuration already assumes that you are getting DHCP from your provider - and so gives you the configuration specifically for that - with Labeled interfaces. Below I have included a very small subset of the website provided configuration that I believe addresses the questions / concerns that you have re: dhcp ip addressing and default route to the ISP - along with the easyvpn config for the outside interface as well as a description on the interface to tie everything together: ! ! interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group FW-IN in no ip unreachables ip nat outside ip inspect CBAC-FW out no cdp enable duplex auto speed auto no shut crypto ipsec client ezvpn IPx-Pod1 outside ! ! ip route 0.0.0.0 0.0.0.0 dhcp ! ! Hope this helps - but if you are still unclear on how to proceed - post a more specific question and we will try to oblige! Cheers, -- Mark Snow CCIE #14073 (Voice, Security) Senior Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Fax: +1.309.413.4097 Mailto: [EMAIL PROTECTED] -- Join our free online support and peer group communities: http://www.IPexpert.com/communities -- IPexpert - The Global Leader in Self-Study, Classroom-Based, Video-On- Demand and Audio Certification Training Tools for the Cisco CCIE RS Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. -- On Jun 7, 2008, at 9:58 PM, Daniel Dellinger wrote: L and my provider gives me a public ip via dhcp. I understand I need to connect the dsl modem into my 2651xm running AIS. But how do I address the outside interface of 2651? Public IP is up at the dsl modem’s WAN port.
Re: [OSL | CCIE_Voice] Proctor Labs Easy VPN setup
Thanks Mark and Jacob for responses. Below states ip address dhcp for fa0/0 (Outside/public). Today I do not have dhcp running on my dsl modem. Does router need to get private IP from dsl modem or will router be getting DHCP address from proctor labs upstream device? Current physical setup DSL-Modem WAN port telephone walljack DSLmodem LAN Ethernet 1 connects to 2651xm fa0/0 2651xm fa0/1 connects to 2950 switch - vlan 2 access port 2950 port 1-8 connect to ip phones - voice vlan 2 Regards, Daniel From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Snow Sent: Sunday, June 08, 2008 4:44 PM To: OSL CCIE Voice Lab Exam Subject: Re: [OSL | CCIE_Voice] Proctor Labs Easy VPN setup When you sign onto your ProctorLabs vRack session - you receive the configuration for the EasyVPN for your particular pod. This configuration already assumes that you are getting DHCP from your provider - and so gives you the configuration specifically for that - with Labeled interfaces. Below I have included a very small subset of the website provided configuration that I believe addresses the questions / concerns that you have re: dhcp ip addressing and default route to the ISP - along with the easyvpn config for the outside interface as well as a description on the interface to tie everything together: ! ! interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group FW-IN in no ip unreachables ip nat outside ip inspect CBAC-FW out no cdp enable duplex auto speed auto no shut crypto ipsec client ezvpn IPx-Pod1 outside ! ! ip route 0.0.0.0 0.0.0.0 dhcp ! ! Hope this helps - but if you are still unclear on how to proceed - post a more specific question and we will try to oblige! Cheers, -- Mark Snow CCIE #14073 (Voice, Security) Senior Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Fax: +1.309.413.4097 Mailto: [EMAIL PROTECTED] -- Join our free online support and peer group communities: http://www.IPexpert.com/communities -- IPexpert - The Global Leader in Self-Study, Classroom-Based, Video-On-Demand and Audio Certification Training Tools for the Cisco CCIE RS Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. -- On Jun 7, 2008, at 9:58 PM, Daniel Dellinger wrote: L and my provider gives me a public ip via dhcp. I understand I need to connect the dsl modem into my 2651xm running AIS. But how do I address the outside interface of 2651? Public IP is up at the dsl modem's WAN port.
[OSL | CCIE_Voice] Proctor Labs Easy VPN setup
I'd like to use the proctor labs easyvpn config so I can register my phones to CCM/CME at proctor labs during lab sessions. I've read the instructions but unclear on outside interface settings. I have DSL and my provider gives me a public ip via dhcp. I understand I need to connect the dsl modem into my 2651xm running AIS. But how do I address the outside interface of 2651? Public IP is up at the dsl modem's WAN port. Today DSL modem has public IP x.x.x.x on wan port and private subnet for pc's 192.168.1.0/24 Thanks in advance,