![Smile :)](./images/smilies/icon_smile.gif)
Il mio punto punto Telecom e' 85.xx.7.250, la lan Telecom e' 85.xx.63.233,
la mia lan interna e' 192.168.1.x, il mio server lan Windows e dhcp e' il 192.168.1.2.
Addeso tutto mi funziona bene e voglio provare un collegamento da casa
con Mac OS X e VPN Client Cisco.
Con questa config di VPN mi si blocca la rete aziendale e non esco piu' ...
mi dite dove potrebbe stare l'arcano?
Codice: Seleziona tutto
aaa new-model
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa session-id common
ip subnet-zero
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name 191.it
ip name-server 151.99.125.2
ip name-server 151.99.0.100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group linomatz_vpn
key linomatz
dns 192.168.1.2
wins 192.168.1.2
domain linomatz
pool SDM_POOL_1
max-users 2
netmask 255.255.255.0
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set security-association idle-time 3600
set transform-set ESP-3DES-SHA
reverse-route
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode ansi-dmt
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$$ES_WAN$
bandwidth 2048
ip address 85.xx.7.250 255.255.255.252
ip nat outside
ip virtual-reassembly
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
crypto map SDM_CMAP_1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0 secondary
ip address 85.xx.63.233 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
hold-queue 100 out
!
ip local pool SDM_POOL_1 192.168.1.4 192.168.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool net-ibs 85.xx.63.234 85.xx.63.234 netmask 255.255.255.248
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
!
logging trap debugging
access-list 2 remark SDM_ACL Category=16
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 permit 85.xx.63.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any host 0.0.0.0
access-list 100 permit ip 85.xx.63.0 0.0.0.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 100
!