VPN 877

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
winter81
n00b
Messaggi: 9
Iscritto il: mer 14 mar , 2007 11:06 am

Buona sera a tutti,

sto per la prima volta configurando un Cisco 877 per accettare collegamenti VPN tramite cisco VPN client, il problema è che la VPN si apre, riesco anche ad effettuare il ping ad uno dei pc della rete ma non accedo ad esempio in telnet o ftp all'as/400 o qualsiasi altra macchina della rete del cliente.
Questa è la mia configurazione attuale... Chi mi sa dare una mano????

Grazie tante!!!!!!!!!

!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FFMMCC
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 xxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
!
resource policy
!
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
ip cef
!
!
ip name-server 151.99.125.1
ip name-server 151.99.0.100
!
!
crypto pki trustpoint TP-self-signed-1918813820
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1918813820
revocation-check none
rsakeypair TP-self-signed-1918813820
!
!
crypto pki certificate chain TP-self-signed-1918813820
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393138 38313338 3230301E 170D3032 30333031 30313234
32365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39313838
31333832 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AA95 33959017 8B8D164D 41421273 209F3B56 A139AA01 77891421 E85F1994
24707CF0 73C778B1 17C2AC1C 0A70ECC0 3EFCF57C 136B83D5 7444659A 5DBFC496
E8B8205F 381B9BD6 6C87FD5C 590651DC F76601C3 88ED59DF D88E8E75 25CBA498
34378379 4A7173FA F3EE5990 5C282618 1461FC66 2FEC2A83 987B6C81 02399EFC
BFED0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 0746464D 4D43432E 301F0603 551D2304 18301680 144B32D0
4D01D6E5 8AEE6A1E 3648EF1E EC7EE3B8 9A301D06 03551D0E 04160414 4B32D04D
01D6E58A EE6A1E36 48EF1EEC 7EE3B89A 300D0609 2A864886 F70D0101 04050003
8181002D 468E3BBD 84B45ABE 22ADB4BA 31AABE4F 0720E591 A298E480 128AEB2F
A70F77E4 018FC999 7B49EB6D 24A8EC52 7430E211 F9B4D20C 606EAA47 65B6A461
6B0BFB99 4E619F6A DA8684E6 B2A209DC 4BAD9156 B941FD2C A8EE1DA7 EF4DBC8F
4CBC7772 9C21BB90 34087853 BF148485 26C1C207 5ECB7BFE C703A902 BA9DC4A0 95374E
quit
username xxxxxxx privilege 15 secret 5 xxxxxxxx!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group yyyyyyyy
key xxxxxxxx
pool SDM_POOL_1
acl 102
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface Loopback0
ip address zzz.sss.rrr.xxx 255.255.255.248
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address xx.yy.xx.hh 255.255.255.248
ip nat outside
ip virtual-reassembly
no ip mroute-cache
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
!
crypto map SDM_CMAP_1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 192.168.2.10 192.168.2.20
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 101 interface Loopback0 overload
ip nat inside source static network 192.168.1.131 217.58.84.76 /32
!
access-list 100 remark SDM_ACL Category=2
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit tcp 192.168.2.0 0.0.0.255 any
access-list 100 permit tcp 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 100 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 101 remark SDM_ACL Category=18
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit tcp 192.168.2.0 0.0.0.255 any
access-list 101 permit tcp 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 101 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 102 remark SDM_ACL Category=4
access-list 102 permit ip any any
access-list 103 remark SDM_ACL Category=2
access-list 103 permit ip 192.168.2.0 0.0.0.255 any
access-list 103 permit tcp 192.168.2.0 0.0.0.255 any
access-list 103 permit tcp 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 103 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
no cdp run
route-map SDM_RMAP_4 permit 1
match ip address 103
!
route-map SDM_RMAP_2 permit 1
match ip address 100
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17174881
ntp server 193.204.114.232 prefer
ntp server 193.204.114.233
end
Top
Avatar utente
Wizard
Intergalactic subspace network admin
Messaggi: 3441
Iscritto il: ven 03 feb , 2006 10:04 am
Località: Emilia Romagna
Contatta:
Contatta Wizard

Manca la rotta per il pool della vpn intanto
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
Top
winter81
n00b
Messaggi: 9
Iscritto il: mer 14 mar , 2007 11:06 am

Wizard ha scritto:Manca la rotta per il pool della vpn intanto
Grazie... come inserisco la rotta che mi suggerisci??
noti anche altro di sbagliato??

Grazie tantissime!!!
Top
Avatar utente
Wizard
Intergalactic subspace network admin
Messaggi: 3441
Iscritto il: ven 03 feb , 2006 10:04 am
Località: Emilia Romagna
Contatta:
Contatta Wizard

ip route IP_POOL SUBNET_MASK_POOL atm0.1
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
Top
Rispondi

Torna a “VPN”