Aprendo la VPN cade la rete interna

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
winter81
n00b
Messaggi: 9
Iscritto il: mer 14 mar , 2007 11:06 am

Buon giorno a tutti,

ho configurato un 877 poco tempo fa e ho configurato la VPN che apro utilizzando cisco VPN client, il problema però è che quando la VPN è aperta non riesco a navigare e non riesco a raggiungere le macchine della rete interna..

inoltro la configurazione del router, chi può darmi una mano???

Grazie anticipatamente!!!

Building configuration...

Current configuration : 4442 bytes
!
! Last configuration change at 10:03:17 Berlin Fri Mar 30 2007 by
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$kChJ$qJmKBnYjPqE0D2fA4Oet51
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
ip cef
!
!
ip name-server 151.99.125.1
ip name-server 151.99.0.100
!
!
crypto pki trustpoint TP-self-signed-1918813820
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1918813820
revocation-check none
rsakeypair TP-self-signed-1918813820
!
!
crypto pki certificate chain TP-self-signed-1918813820
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393138 38313338 3230301E 170D3032 30333031 30313234
32365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39313838
31333832 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AA95 33959017 8B8D164D 41421273 209F3B56 A139AA01 77891421 E85F1994
24707CF0 73C778B1 17C2AC1C 0A70ECC0 3EFCF57C 136B83D5 7444659A 5DBFC496
E8B8205F 381B9BD6 6C87FD5C 590651DC F76601C3 88ED59DF D88E8E75 25CBA498
34378379 4A7173FA F3EE5990 5C282618 1461FC66 2FEC2A83 987B6C81 02399EFC
BFED0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 0746464D 4D43432E 301F0603 551D2304 18301680 144B32D0
4D01D6E5 8AEE6A1E 3648EF1E EC7EE3B8 9A301D06 03551D0E 04160414 4B32D04D
01D6E58A EE6A1E36 48EF1EEC 7EE3B89A 300D0609 2A864886 F70D0101 04050003
8181002D 468E3BBD 84B45ABE 22ADB4BA 31AABE4F 0720E591 A298E480 128AEB2F
A70F77E4 018FC999 7B49EB6D 24A8EC52 7430E211 F9B4D20C 606EAA47 65B6A461
6B0BFB99 4E619F6A DA8684E6 B2A209DC 4BAD9156 B941FD2C A8EE1DA7 EF4DBC8F
4CBC7772 9C21BB90 34087853 BF148485 26C1C207 5ECB7BFE C703A902 BA9DC4A0 95374E
quit
username XXXXXX privilege 15 secret 5 !
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group XXXX
key XXXXXX
pool SDM_POOL_1
acl 102
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address XXX.XXX.XXX.73 255.255.255.248 secondary
ip address XXX.XXX.XXX.154 255.255.255.252
ip nat outside
ip virtual-reassembly
no ip mroute-cache
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
!
crypto map SDM_CMAP_1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 192.168.2.10 192.168.2.20
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool NAT XXX.XXX.XXX.74 XXX.XXX.XXX.74 netmask 255.255.255.248
ip nat inside source list 101 pool NAT overload
!
access-list 101 remark ACL PER NAT
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 deny ip any any
access-list 102 remark ACL PER CLIENT VPN
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 deny ip any any
no cdp run
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17174891
ntp server 193.204.114.232 prefer
ntp server 193.204.114.233
end
Top
Rispondi

Torna a “VPN”