Aiuto configurazione vpn ipsec client

[Alexius85]

ciao ragazzi vi chiedo gentilmente un aiuto riguradante la mia conf sulla vpn ipsec cisco su un router 877w.
Sono riuscito a configurararla ed accedere con una lgn e psw però non riesco ad raggiungere apparati direte della lan 192.168.2.0.
Mi aiutate gentilmente pls?
grazie

questa la conf:


Current configuration : 6688 bytes
!
! Last configuration change at 18:55:29 CET Mon Jan 14 2013 by root
! NVRAM config last updated at 18:50:06 CET Mon Jan 14 2013 by root
!
version 15.1
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname SockBrothers_Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 52000
enable secret 5 $1$vQQC$1LOYP8XbA/s8CeSmZtVCc/
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
aaa authorization network remote-vpn local
!
!
!
!
!
aaa session-id common
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 0:00 last Sun Oct 0:00
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-1233573994
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1233573994
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-1233573994
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323333 35373339 3934301E 170D3032 30333031 30303337
31335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32333335
37333939 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E4F6 C1B36844 89AAA0C5 7AA87A14 6BEADA43 B169759E E6459496 5883C86F
2C261CDA E803FEAD 7DC6BAF7 CF6DFDA9 0B7B26D7 8C7196D2 AA1130A3 D2656A80
9B13AC81 7C24069D 210B55C2 DF9BBE86 DFF56450 D29F30C9 952C23A5 45DD3F8A
C548A7F7 3F9EF547 B4D87DF5 E428F54A B926DD82 8857F124 342877D0 EA160FD0
0A530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 140C824E 3F5F4BBA 4EC2C172 8A93001F 48791A58 AC301D06
03551D0E 04160414 0C824E3F 5F4BBA4E C2C1728A 93001F48 791A58AC 300D0609
2A864886 F70D0101 04050003 81810045 52F15E83 A08E2BCB 0622BF70 2DBE2E5F
FAD18483 49B53CBD CF16F9C2 002E5CC2 80EAC438 9DD80CD2 14B97E41 94A86D52
B6B9F731 40C9D7AE 7C99802F 125186BA 01D912E3 496B29FE 5FCDDC70 550AAB72
5D82440C AC63C0C1 47FE0856 8725DED5 7F4EAA1F 3D106855 7EF2E015 C5DCA7AF
E8ADD524 8C91E53B F0373943 723747
quit
dot11 syslog
!
dot11 ssid Sockbrothers
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 0807435C131817181F0A5451737B
!
ip source-route
!
ip dhcp pool DHCP
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/n ... h>&myip=<a>
interval maximum 0 0 5 0
!
!
!
!
!
archive
log config
hidekeys
username root privilege 15 secret 5 $1$fi4e$WqTXcGmXP4wXCIeh1Dk28/
username xxxxxxx password 7 13101B06190D1738242929
!
!
!
!
crypto logging session
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90

!
crypto isakmp client configuration group remote-vpn
key xxxxxxxx
pool remote-pool
acl 158
save-password
include-local-lan
max-users 5
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set VPN-CLI-SET
reverse-route
!
!
crypto map mappa local-address Dialer0
crypto map mappa client authentication list remote-vpn
crypto map mappa isakmp authorization list remote-vpn
crypto map mappa client configuration address respond
crypto map mappa 10 ipsec-isakmp dynamic dynmap
!
bridge irb
!
!
!
interface ATM0
no ip address
load-interval 30
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm tkip
!
ssid Sockbrothers
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
world-mode dot11d country IT both
l2-filter bridge-group-acl
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip tcp adjust-mss 1452
arp timeout 3600
bridge-group 1
!
interface Dialer0
ip ddns update hostname xxxxx.dyndns.org
ip ddns update dyndns
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxxxxxx
ppp chap password 7 00311F12165A1814002C4D1F504150
no cdp enable
crypto map mappa
!
interface Dialer1
no ip address
no cdp enable
!
interface BVI1
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
crypto map mappa
!
ip local pool remote-pool 192.168.100.1 192.168.100.5
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat translation timeout 420
ip nat translation tcp-timeout 150
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.2.17 5000 interface Dialer0 5000
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.100.0 255.255.255.240 Dialer0
!
logging esm config
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 102 remark Traffico abilitato ad entrare nel router dalla ethernet
access-list 158 permit ip 192.168.100.0 0.0.0.15 192.168.2.0 0.0.0.255
access-list 158 permit ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.15
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet
!
scheduler max-task-time 5000
sntp server 193.204.114.232
end