Tweet
CENTRAL ROUTER:
version 12.1
no parser cache
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname central
!
username remote password 0 remote
!--- Username and shared secret password for the router (remote)
!--- (used for CHAP authentication).
!--- Shared secret password must be the same on both sides.
!
isdn switch-type basic-net3
!
!
interface Ethernet0
ip address 10.1.0.1 255.255.255.0
ip nat inside
! --- Ethernet 0 is an inside NAT interface.
! --- All traffic from this network will be translated.
no cdp enable
!
interface BRI0
! --- If you have additional BRIs, copy this BRI 0 configuration to the other BRIs.
no ip address
encapsulation ppp
dialer pool-member 1
!--- Assign BRI0 as member of dialer pool 1.
!--- Dialer pool 1 is specified in interface Dialer 1.
dialer pool-member 2
!--- Assign BRI0 as member of dialer pool 2.
!--- Dialer pool 2 is specified in interface Dialer 2.
isdn switch-type basic-net3
! --- This depends on the country.
no cdp enable
ppp authentication chap pap callin
! --- Permit one-way CHAP and PAP authentication.
! --- Configure authentication on both the physical and dialer interface.
!
interface Dialer1
! --- Create a dialer interface for every device you need to connect to.
description CONNECTION TO INTERNET
ip address negotiated
! --- IP address obtained from ISP. If the ISP permits a static address,
! --- configure that instead.
ip nat outside
! --- The Outside NAT interface. Since this interface only has one IP address,
! --- all traffic from inside network will be Port Address Translated (PAT).
encapsulation ppp
dialer pool 1
! --- Dialer profile 1. Remember that interface BRI 0 is a member of this profile.
dialer remote-name ISP
dialer idle-timeout 180
dialer string 6122
! --- Number used to dial the ISP.
dialer-group 1
! --- Apply interesting traffic definition from dialer-list 1.
no cdp enable
ppp authentication chap pap callin
ppp chap hostname XXXXX
! --- XXXXX is the username the ISP expects in order to authenticate this router.
! --- For more information, refer to the document on ppp chap hostname.
ppp chap password YYYYY
! --- YYYYY is the password the ISP expects in order to authenticate this router.
ppp pap sent-username XXXXX password YYYYY
! --- PAP username and password.
! --- This is only needed if the ISP does not support CHAP.
!
interface Dialer2
description CONNECTION TO REMOTE OFFICE
ip address 192.168.17.2 255.255.255.252
! --- IP address for the connection to the remote office.
! --- The remote office BRI interface is in the same subnet.
ip nat inside
! --- Dialer 2 is an inside NAT interface.
! --- With this configuration, traffic from remote office is translated
! --- before being sent to the ISP.
encapsulation ppp
dialer pool 2
! --- Dialer profile 2. Remember that interface BRI 0 is a member of this profile.
dialer remote-name remote
! --- Specifies remote router name (remote).
! --- This name must match that used by the remote router to authenticate itself.
! --- Remember that we configured the router username and password earlier.
dialer idle-timeout 180
dialer string 6121
! --- Number used to dial the remote office router.
dialer-group 1
! --- Apply interesting traffic definition from dialer-list 1.
no cdp enable
ppp authentication chap callin
!
ip nat inside source list 101 interface Dialer1 overload
! --- Establishes dynamic source translation (with PAT) for addresses which are
! --- identified by the access list 101.
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
! --- Default route. Such traffic will use dialer 1 to the ISP.
ip route 10.2.0.0 255.255.255.0 Dialer2
! --- Route to remote router network. Traffic for 10.2.0.0/24 will use Dialer2.
!
access-list 101 permit ip 10.1.0.0 0.0.0.255 any
access-list 101 permit ip 10.2.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.17.0 0.0.0.3 any
! --- Defines an access list permitting those addresses that are to be translated.
! --- Note that the Ethernet 0 network, the remote router network and the
! --- BRI network (between this router and the remote) will be translated.
dialer-list 1 protocol ip permit
! --- Interesting traffic definition.
! --- This definition is applied to both connections.
! --- If you need to define different interesting traffic for each connection,
! --- create 2 dialer-lists and apply one to each dialer profile with dialer-group.
no cdp run
!
line con 0
exec-timeout 3 0
line vty 0 4
exec-timeout 3 0
!
!
end
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname remote
!
username central password 0 remote
!--- Username and shared secret password for the router (central)
!--- (used for CHAP authentication).
!--- Shared secret must be the same on both sides.
!
isdn switch-type basic-net3
!
interface Ethernet0
ip address 10.2.0.1 255.255.255.0
! --- Remember that this network is included in the NAT statements on central.
no cdp enable
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
!--- Assign BRI0 as member of dialer pool 1.
!--- Dialer pool 1 is specified in interface Dialer 1.
isdn switch-type basic-net3
no cdp enable
ppp authentication chap
!
interface Dialer1
ip address 192.168.17.1 255.255.255.252
encapsulation ppp
dialer pool 1
! --- Dialer profile 1. Remember that interface BRI 0 is a member of this profile.
dialer remote-name central
! --- Specifies other router name (central).
! --- This name must match that used by the remote router to authenticate itself.
! --- Remember that we configured the router username and password earlier.
dialer string 6131
! --- Number used to dial the central router.
dialer-group 1
! --- Apply interesting traffic definition from dialer-list 1.
pulse-time 0
no cdp enable
ppp authentication chap callin
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
! --- Default route. Such traffic will use dialer 1 to the central router.
no ip http server
!
dialer-list 1 protocol ip permit
! --- All IP traffic is interesting.
!
line con 0
exec-timeout 3 0
line aux 0
line vty 0 4
exec-timeout 3 0
!
end
version 12.1
no parser cache
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname central
!
username remote password 0 remote
!--- Username and shared secret password for the router (remote)
!--- (used for CHAP authentication).
!--- Shared secret password must be the same on both sides.
!
isdn switch-type basic-net3
!
!
interface Ethernet0
ip address 10.1.0.1 255.255.255.0
ip nat inside
! --- Ethernet 0 is an inside NAT interface.
! --- All traffic from this network will be translated.
no cdp enable
!
interface BRI0
! --- If you have additional BRIs, copy this BRI 0 configuration to the other BRIs.
no ip address
encapsulation ppp
dialer pool-member 1
!--- Assign BRI0 as member of dialer pool 1.
!--- Dialer pool 1 is specified in interface Dialer 1.
dialer pool-member 2
!--- Assign BRI0 as member of dialer pool 2.
!--- Dialer pool 2 is specified in interface Dialer 2.
isdn switch-type basic-net3
! --- This depends on the country.
no cdp enable
ppp authentication chap pap callin
! --- Permit one-way CHAP and PAP authentication.
! --- Configure authentication on both the physical and dialer interface.
!
interface Dialer1
! --- Create a dialer interface for every device you need to connect to.
description CONNECTION TO INTERNET
ip address negotiated
! --- IP address obtained from ISP. If the ISP permits a static address,
! --- configure that instead.
ip nat outside
! --- The Outside NAT interface. Since this interface only has one IP address,
! --- all traffic from inside network will be Port Address Translated (PAT).
encapsulation ppp
dialer pool 1
! --- Dialer profile 1. Remember that interface BRI 0 is a member of this profile.
dialer remote-name ISP
dialer idle-timeout 180
dialer string 6122
! --- Number used to dial the ISP.
dialer-group 1
! --- Apply interesting traffic definition from dialer-list 1.
no cdp enable
ppp authentication chap pap callin
ppp chap hostname XXXXX
! --- XXXXX is the username the ISP expects in order to authenticate this router.
! --- For more information, refer to the document on ppp chap hostname.
ppp chap password YYYYY
! --- YYYYY is the password the ISP expects in order to authenticate this router.
ppp pap sent-username XXXXX password YYYYY
! --- PAP username and password.
! --- This is only needed if the ISP does not support CHAP.
!
interface Dialer2
description CONNECTION TO REMOTE OFFICE
ip address 192.168.17.2 255.255.255.252
! --- IP address for the connection to the remote office.
! --- The remote office BRI interface is in the same subnet.
ip nat inside
! --- Dialer 2 is an inside NAT interface.
! --- With this configuration, traffic from remote office is translated
! --- before being sent to the ISP.
encapsulation ppp
dialer pool 2
! --- Dialer profile 2. Remember that interface BRI 0 is a member of this profile.
dialer remote-name remote
! --- Specifies remote router name (remote).
! --- This name must match that used by the remote router to authenticate itself.
! --- Remember that we configured the router username and password earlier.
dialer idle-timeout 180
dialer string 6121
! --- Number used to dial the remote office router.
dialer-group 1
! --- Apply interesting traffic definition from dialer-list 1.
no cdp enable
ppp authentication chap callin
!
ip nat inside source list 101 interface Dialer1 overload
! --- Establishes dynamic source translation (with PAT) for addresses which are
! --- identified by the access list 101.
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
! --- Default route. Such traffic will use dialer 1 to the ISP.
ip route 10.2.0.0 255.255.255.0 Dialer2
! --- Route to remote router network. Traffic for 10.2.0.0/24 will use Dialer2.
!
access-list 101 permit ip 10.1.0.0 0.0.0.255 any
access-list 101 permit ip 10.2.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.17.0 0.0.0.3 any
! --- Defines an access list permitting those addresses that are to be translated.
! --- Note that the Ethernet 0 network, the remote router network and the
! --- BRI network (between this router and the remote) will be translated.
dialer-list 1 protocol ip permit
! --- Interesting traffic definition.
! --- This definition is applied to both connections.
! --- If you need to define different interesting traffic for each connection,
! --- create 2 dialer-lists and apply one to each dialer profile with dialer-group.
no cdp run
!
line con 0
exec-timeout 3 0
line vty 0 4
exec-timeout 3 0
!
!
end
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname remote
!
username central password 0 remote
!--- Username and shared secret password for the router (central)
!--- (used for CHAP authentication).
!--- Shared secret must be the same on both sides.
!
isdn switch-type basic-net3
!
interface Ethernet0
ip address 10.2.0.1 255.255.255.0
! --- Remember that this network is included in the NAT statements on central.
no cdp enable
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
!--- Assign BRI0 as member of dialer pool 1.
!--- Dialer pool 1 is specified in interface Dialer 1.
isdn switch-type basic-net3
no cdp enable
ppp authentication chap
!
interface Dialer1
ip address 192.168.17.1 255.255.255.252
encapsulation ppp
dialer pool 1
! --- Dialer profile 1. Remember that interface BRI 0 is a member of this profile.
dialer remote-name central
! --- Specifies other router name (central).
! --- This name must match that used by the remote router to authenticate itself.
! --- Remember that we configured the router username and password earlier.
dialer string 6131
! --- Number used to dial the central router.
dialer-group 1
! --- Apply interesting traffic definition from dialer-list 1.
pulse-time 0
no cdp enable
ppp authentication chap callin
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
! --- Default route. Such traffic will use dialer 1 to the central router.
no ip http server
!
dialer-list 1 protocol ip permit
! --- All IP traffic is interesting.
!
line con 0
exec-timeout 3 0
line aux 0
line vty 0 4
exec-timeout 3 0
!
end