VPN Site-To-Site

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
Fleur
n00b
Messaggi: 2
Iscritto il: ven 10 mar , 2006 9:57 am

Mi potete aiutare con una configurazione VPN SITE-TO-SITE ?

LAN_1
IP 10.0.1.0-255
GW 10.0.1.1
IP_PUB 62.123.45.66 (CISCO 1700 che fa NAT per tutti)
NB: Interfaccia Dialer0 ha un ip STATICO ma assegnato dal provider in PPP

LAN_2
IP 10.0.2.0-255
GW 10.0.2.1
IP_PUB 62.123.45.78 (CISCO 1700 che fa NAT per tutti)
NB: Interfaccia Dialer0 ha un ip STATICO ma assegnato dal provider in PPP

Vorrei fare in modo che IP_PRIVATI_LAN_1 pingassero IP_PRIVATI_LAN_2 ...

Non sono un esperto e purtroppo il fatto che l'interfaccia ATM0/0/0 non abbai un ip statico non aiuta.

Mi postate una configurazione, please ?
Avatar utente
Ulisse31
Cisco fan
Messaggi: 26
Iscritto il: ven 10 mar , 2006 9:46 am
Località: Firenze
Contatta:

Mi accodo a questo post per non appensantire il thread, dal momento che ho un prob simile.
Ho 2 cisco 837 configurati in modo da navigare via ADSL, e da questo punto funzionano (per ora). Adesso sto impazzendo per farli funzionare in VPN-site-to-site. La VPN funziona, riesco a pingare i pc da entrambi i lati, PERÒ quando accedo alle cartelle condivise o cerco di trasferire file la conn diventa lentissima/instabile/casca. Posto la conf di uno dei due router (depurata dei dati sensibili). Vi chiedo aiuto perché sto incominciando a disperare...

=====
AUTHORIZED ACCESS ONLY
This system is the property of XXX S.R.L.
Disconnect IMMEDIATELY as you are not an authorized user!
Contact [email protected]

Be an Hacker, not a Cracker!

User Access Verification

Username: XXX
Password:
router2#show run
Building configuration...

Current configuration : 4708 bytes
!
! Last configuration change at 18:07:45 Berlin Fri Mar 10 2006 by XXX
! NVRAM config last updated at 15:42:16 Berlin Fri Mar 10 2006
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router2
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$3Un/$ThZa2aEE5ic.QG46UV63D.
!
username XXX privilege 15 secret 5 XXX
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
no aaa new-model
ip subnet-zero
!
!
ip tcp mss 1460
ip tcp synwait-time 10
ip name-server 212.216.112.112
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key XXX address XXX.255.XXX.182
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toXXX.255.XXX.182
set peer XXX.255.XXX.182
set transform-set ESP-3DES-SHA
match address 100
!
!
!
!
interface Ethernet0
description $FW_INSIDE$
ip address XXX.168.X.1 255.255.255.0
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password 7 XXX
ppp pap sent-username XXX password 7 105A1B100112000C5B53
crypto map SDM_CMAP_1
!
ip nat translation timeout 900
ip nat translation tcp-timeout 900
ip nat inside source static udp XXX.168.X.11 48911 interface Dialer0 48911
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static tcp XXX.168.X.30 13308 interface Dialer0 13308
ip nat inside source static udp XXX.168.X.30 13308 interface Dialer0 13308
ip nat inside source static udp XXX.168.X.30 48910 interface Dialer0 48910
ip nat inside source static tcp XXX.168.X.30 48910 interface Dialer0 48910
ip nat inside source static udp XXX.168.X.30 48557 interface Dialer0 48557
ip nat inside source static tcp XXX.168.X.30 48557 interface Dialer0 48557
ip nat inside source static udp XXX.168.X.30 4672 interface Dialer0 4672
ip nat inside source static tcp XXX.168.X.30 4662 interface Dialer0 4662
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
logging trap debugging
logging XXX.168.X.1
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit XXX.168.X.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip XXX.168.X.0 0.0.0.255 XXX.115.XXX.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip XXX.168.X.0 0.0.0.255 XXX.115.XXX.0 0.0.0.255
access-list 101 permit ip XXX.168.X.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
privilege level 15
login local
length 0
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler interval 500
!
end
=====
Oddìo il crash di sistema!
Oddìo oddìo oddìo....
S-si prega d-di far r-r-riavviare s-solo da ragazza CARINA!
Avatar utente
Ulisse31
Cisco fan
Messaggi: 26
Iscritto il: ven 10 mar , 2006 9:46 am
Località: Firenze
Contatta:

Ok, sono riuscito (dopo una settimana di tentativi) a far funzionare la VPN tra due cisco 837 (IOS 12.3). Il trucco praticamente è stato cancellare tutte le conf e ripartire da zero :-P
Per chi si trova / troverà con i miei stessi problemi, consiglio di:
1- Controllare i parametri della crypto map e la route map
1- controllare bene bene le ACL,
2- studiare a fondo le istruzioni della guida Cisco (in PDF) "Configuring a Router IPsec Tunnel Private-to-Private Network with NAT and a Static".
3- Fare attenzione alla configurazione dell'MTU.

Alcuni thread che mi hanno aiutato:
http://groups.google.com/group/it.comp. ... 9d6717c98d

http://groups.google.com/group/it.comp. ... 8faceda4ce
Oddìo il crash di sistema!
Oddìo oddìo oddìo....
S-si prega d-di far r-r-riavviare s-solo da ragazza CARINA!
Avatar utente
Robertediz
n00b
Messaggi: 3
Iscritto il: gio 12 giu , 2014 4:40 pm

It has amazing infra-red heat technology which is proven to work to guarantee your hair's colour and moisture and is certain to render which you head of wonderful, silky, sparkling, elegant and straight hair. The various useful features surprise you already and you may be more surprise seeing the result which can realize not until you use it on nice hair. Although GHD irons are made with the highest standards of quality, and come with a 12 months warranty, they also feature two modes that protect the iron from damage so ghd hair straightener cheap you can be comfortable that your particular GHD Styler ghd hair straightener cheap will last and last.

But it turned out available again in October 2005 in baby pink color using a matching pink bottle of GHD iron oil as an extra addition. You have to have a high degree of heat if you want your straightened look to last all day. . If you discover an item that is priced about 50 % lower than these rates, it really is probably a fake. However plug them in and wait the 7 seconds for the crooks to heat-up towards the 210 degrees needed to straighten flowing hair and you are going to see and feel the best way they glide through hair and leave you with perfect kink-free, shiny straight hair. Only make use of a dryer until it is a bit bit of damp and wet.

This allows you mould curls and in making glossy flicks and sultry waves. For safety a GHD hair-styling tool is unique for the automatic sleep mode and automatic switch-off prevents damage on flowing hair. . GHD is one in the great brands for the grounds of electric hair straightening machine. ghd's Pink Diamond 1" Gold Professional Styler Set retails for $235 (retail valuation on $290) and is available to purchase through salons, Sephora, Sephora. But today, it really is still possible to chemically straighten the head of hair, that's considered better that the fact that was found within the past.
Rispondi