Router come client VPN PPTP

[maggiore81]

Buondi
ho un C1721 con WIC ADSL

Fast0 - lan
atm0.35 atm
dialer0 vpn pptp

ero riuscito a fare funzionare tramite il vpnd group a fare in modo che il cisco avesse una dialer0 e chiamasse in pptp il server remoto, e tutta la lan uscisse in internet tramite la vpn

PROBLEMONE, dopo qualche minuto si suicidava la vpn, e mi era stato spiegato che era un problema di route e bisognava risolvere con il policy routing.

Come vedete ci sono i comandi del policy routing, ma mi attacco al piffero.... perchè non sono mai riuscito a risolvre il problema.

Ho un C1721 32F/128D con ios 12.4(8) ADV IP SERVICES (mi serve per ipv6)

Ecco la conf:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service sequence-numbers
!
hostname gateway
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 4096 notifications
no logging console
no logging monitor
enable password 7 <XXXXXXXXXXXXXX>
!
no aaa new-model
!
resource policy
!
clock timezone CET 2
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip tcp selective-ack
ip tcp synwait-time 10
!
!
no ip bootp server
ip domain round-robin
no ip domain lookup
ip domain name spadhausen.org
ip name-server 217.97.32.2
ip name-server 217.97.32.7
ip multicast-routing
ip ssh time-out 90
ip ssh version 2
login block-for 120 attempts 5 within 60
login on-failure log
vpdn enable
!
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip 83.233.168.2
initiate-to ip 83.233.168.3
initiate-to ip 83.233.168.4
initiate-to ip 83.233.168.5
initiate-to ip 83.233.168.6
initiate-to ip 83.233.168.7
!
!
ipv6 unicast-routing
ipv6 general-prefix WAN 6to4 ATM0.35
ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1683529703
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1683529703
revocation-check none
rsakeypair TP-self-signed-1683529703
!
!
crypto pki certificate chain TP-self-signed-1683529703
certificate self-signed 01
X
X
X
X
X
X REMOVED
X
X
username maggiore privilege 15 password 7 0<XXXXXXXXXXXXXX>
!
!
!
!
!
!
interface Tunnel0
no ip address
no ip redirects
ipv6 unnumbered FastEthernet0
tunnel source ATM0.35
tunnel mode ipv6ip 6to4
!
interface Null0
no ip unreachables
!
interface ATM0
bandwidth 256
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
atm ilmi-keepalive
dsl operating-mode itu-dmt
hold-queue 224 in
!
interface ATM0.35 point-to-point
bandwidth 1280
ip address 89.186.68.6 255.255.255.252
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
description LAN FastEthernet Link
bandwidth 10000000
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip mroute-cache
speed auto
full-duplex
ipv6 address WAN 0:0:0:1::/64 eui-64
no cdp enable
hold-queue 100 in
!
interface Dialer0
description VPN Tunnel via PPTP
mtu 1450
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim dense-mode
ip nat outside
ip virtual-reassembly
encapsulation ppp
shutdown
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no keepalive
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp chap hostname maggiore
ppp chap password 7 <XXXXXXXXXXXXXX>
no ppp link reset
!
ip local policy route-map pptp
ip route 0.0.0.0 0.0.0.0 ATM0.35
!
!
no ip http server
no ip http secure-server
ip nat translation timeout 3600
ip nat translation tcp-timeout 1200
ip nat translation udp-timeout 100
ip nat translation finrst-timeout 15
ip nat translation syn-timeout 45
ip nat translation icmp-timeout 120
ip nat inside source list 102 interface ATM0.35 overload
bla bla bla tante ACL

!
!
logging trap debugging
logging facility syslog
logging 192.168.1.4
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 112 permit ip any host 88.233.168.2
access-list 112 permit ip any host 88.233.168.3
access-list 112 permit ip any host 88.233.168.4
access-list 112 permit ip any host 88.233.168.5
access-list 112 permit ip any host 88.233.168.6
access-list 112 permit ip any host 88.233.168.7
access-list 112 deny ip any any
dialer-list 1 protocol ip permit
!
no cdp run
ipv6 route 2002::/16 Tunnel0
ipv6 route ::/0 xxxxxxxxxxxxxxx
!
route-map pptp permit 10
match ip address 112
set interface ATM0.35
!
control-plane
!
!
!
!
!
!
!
!
banner login ^CC
You are connected to $(hostname).$(domain) on line $(line).
If you are not authorized to access this system, disconnect now.

THIS IS FOR AUTHORIZED USE ONLY

Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal penalties.
By continuing to use this system you indicate your awareness of and consent
to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not
agree to the conditions stated in this warning.

Network Administrator: [email protected]
^C
!
line con 0
login local
transport output telnet
stopbits 1
line aux 0
login local
transport preferred none
transport output telnet
stopbits 1
line vty 0 4
login local
transport preferred ssh
transport input ssh
transport output none
flowcontrol software
!
scheduler max-task-time 5000
sntp server 193.204.114.105
sntp server 192.43.244.18
end