VPN site-to-site semmpre down
Inviato: dom 15 feb , 2015 6:00 pm
Ciao a tutti,
da qualche giorno cerco di mettere su una vpn, su linea adsl (telecom e tiscali con ip statici) tra due le 2 sedi della mia azienda utilizzando cisco 2801 e cisco 1801.
L'adsl funziona perfettamente, la vpn sempre DOWN. Mi date una mano a comprendere il mio errore??
Vi ringrazio
Fabio
queste sono le configurazioni da ma impostate:
ROUTER 1 LINEA TISCALI
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname host
!
boot-start-marker
boot system flash:c2801-advipservicesk9-mz.124-16.bin
boot-end-marker
!
enable secret 5 $1$IJY3caHg44DpbtWDLLL6PnZ3.
!
no aaa new-model
network-clock-participate wic 2
ip cef
!
!
!
!
ip name-server 213.205.32.70
ip name-server 213.205.36.70
!
!
voice-card 0
username user privilege 15 password 7 e74305070B070A5F2F1F1C594850
!
!
ip tcp mss 1460
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key KEY address 95.XXX.XXX.XXX #ip altro punto
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map mymap 10 ipsec-isakmp
set peer 95.XXX.XXX.XXX #ip altro punto
set transform-set myset
match address 100
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
hold-queue 100 out
!
interface Service-Engine0/0
no ip address
shutdown
interface FastEthernet0/1
ip address 192.168.69.50 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/1/0
description Atm line
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
no ip route-cache
no snmp trap link-status
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface BRI0/2/0
no ip address
!
interface BRI0/2/1
no ip address
interface Dialer0
ip address negotiated
ip nat outside
no ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp chap hostname [email protected]
ppp chap password 7 06575D7DD81B5F
ppp pap sent-username [email protected] password 7 124DDD44465E5A
crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.69.0 0.0.0.255
access-list 100 permit ip 192.168.69.0 0.0.0.255 192.168.5.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
exec-timeout 120 0
login local
!
scheduler allocate 20000 1000
end
ROUTER 2 LINEA TELECOM
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
boot system flash:c180x-adventerprisek9-mz.124-15.T.bin
service password-encryption
!
hostname host2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$yrdM$I28UV2ee333ByuUNqbjT8F51
!
no aaa new-model
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key KEY address 217.XXX.XXX.XXX # ip altro punto
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map mymap 10 ipsec-isakmp
set peer 217.XXX.XXX.XXX # ip linea tiscali
set transform-set myset
match address 100
!
!
!
ip cef
!
!
ip name-server 8.8.8.8
ip name-server 151.99.125.1
!
multilink bundle-name authenticated
username utente privilege 15 password 7 070C714F441509471C585E547B7E
archive
log config
hidekeys
!
!
ip tcp mss 1460
!
!
!
interface FastEthernet0
ip address 192.168.5.4 255.255.255.0 secondary
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
hold-queue 100 out
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
description ATM line
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no ip route-cache
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface Vlan1
no ip address
!
interface Dialer0
ip address negotiated
ip nat outside
no ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp pap sent-username XXXX-USER @alicebiz.it password 7 0000000000C0E0410
crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
!
access-list 1 permit 192.168.60.0 0.0.0.255
access-list 2 permit 192.168.5.0 0.0.0.255
access-list 100 permit ip 192.168.5.0 0.0.0.255 192.168.69.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 120 0
login local
da qualche giorno cerco di mettere su una vpn, su linea adsl (telecom e tiscali con ip statici) tra due le 2 sedi della mia azienda utilizzando cisco 2801 e cisco 1801.
L'adsl funziona perfettamente, la vpn sempre DOWN. Mi date una mano a comprendere il mio errore??
Vi ringrazio
Fabio
queste sono le configurazioni da ma impostate:
ROUTER 1 LINEA TISCALI
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname host
!
boot-start-marker
boot system flash:c2801-advipservicesk9-mz.124-16.bin
boot-end-marker
!
enable secret 5 $1$IJY3caHg44DpbtWDLLL6PnZ3.
!
no aaa new-model
network-clock-participate wic 2
ip cef
!
!
!
!
ip name-server 213.205.32.70
ip name-server 213.205.36.70
!
!
voice-card 0
username user privilege 15 password 7 e74305070B070A5F2F1F1C594850
!
!
ip tcp mss 1460
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key KEY address 95.XXX.XXX.XXX #ip altro punto
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map mymap 10 ipsec-isakmp
set peer 95.XXX.XXX.XXX #ip altro punto
set transform-set myset
match address 100
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
hold-queue 100 out
!
interface Service-Engine0/0
no ip address
shutdown
interface FastEthernet0/1
ip address 192.168.69.50 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface ATM0/1/0
description Atm line
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
no ip route-cache
no snmp trap link-status
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface BRI0/2/0
no ip address
!
interface BRI0/2/1
no ip address
interface Dialer0
ip address negotiated
ip nat outside
no ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp chap hostname [email protected]
ppp chap password 7 06575D7DD81B5F
ppp pap sent-username [email protected] password 7 124DDD44465E5A
crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.69.0 0.0.0.255
access-list 100 permit ip 192.168.69.0 0.0.0.255 192.168.5.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
exec-timeout 120 0
login local
!
scheduler allocate 20000 1000
end
ROUTER 2 LINEA TELECOM
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
boot system flash:c180x-adventerprisek9-mz.124-15.T.bin
service password-encryption
!
hostname host2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$yrdM$I28UV2ee333ByuUNqbjT8F51
!
no aaa new-model
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key KEY address 217.XXX.XXX.XXX # ip altro punto
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map mymap 10 ipsec-isakmp
set peer 217.XXX.XXX.XXX # ip linea tiscali
set transform-set myset
match address 100
!
!
!
ip cef
!
!
ip name-server 8.8.8.8
ip name-server 151.99.125.1
!
multilink bundle-name authenticated
username utente privilege 15 password 7 070C714F441509471C585E547B7E
archive
log config
hidekeys
!
!
ip tcp mss 1460
!
!
!
interface FastEthernet0
ip address 192.168.5.4 255.255.255.0 secondary
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
hold-queue 100 out
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
description ATM line
no ip address
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no ip route-cache
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface Vlan1
no ip address
!
interface Dialer0
ip address negotiated
ip nat outside
no ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp pap sent-username XXXX-USER @alicebiz.it password 7 0000000000C0E0410
crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
!
access-list 1 permit 192.168.60.0 0.0.0.255
access-list 2 permit 192.168.5.0 0.0.0.255
access-list 100 permit ip 192.168.5.0 0.0.0.255 192.168.69.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 120 0
login local