The Internet as an Alternative
Internet-based WAN Backup Solutions using NetVanta
10
Copyright © 2005 ADTRAN, Inc.
61200890L1-29.4A
ip firewall fast-nat-failover
!
! If using the PPPoE and Dial-up ISP connections for local Internet access
! and using 'NAT source' with the address of the currently active interface, the
! previous command is necessary to allow sessions started on one interface to be
! terminated when the route to the destination switches to the other interface.
!
ip crypto
!
crypto ike policy 100
initiate aggressive
no respond
local-id fqdn REMOTE
peer 10.254.255.85
attribute 10
authentication pre-share
group 2
lifetime 300
!
crypto ike remote-id fqdn CENTRAL. preshared-key 1234567890
!
crypto ipsec transform-set dessha esp-des esp-sha-hmac
mode tunnel
!
! separate crypto maps are used to allow for future customization of
! individual VPN connections if needed
!
crypto map HOSTviaDIAL 100 ipsec-ike
match address REMOTE_to_CENTRAL
set peer 10.254.255.85
set transform-set dessha
set security-association lifetime seconds 600
set pfs group2
!
crypto map HOSTviaPoE 100 ipsec-ike
match address REMOTE_to_CENTRAL
set peer 10.254.255.85
set transform-set dessha
set security-association lifetime seconds 600
set pfs group2
!!
interface eth 0/1
description Local Lan Interface
ip address 10.1.1.254 255.255.255.240
access-policy LOCALLAN