1841 Router and VPN Client for Public Internet on
Moderatore: Federico.Lagni
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Ma è una linea fastweb?
Che apparato perimetrale hai?
Hai un ip pubblco fisso?
Che apparato perimetrale hai?
Hai un ip pubblco fisso?
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
-
ep
- Network Emperor
- Messaggi: 260
- Iscritto il: sab 06 dic , 2008 11:36 am
…anche perché l'immagine è hotlinked da questo documento Cisco, che spiega passo-passo…
-
piercisco
- n00b
- Messaggi: 3
- Iscritto il: gio 26 mar , 2009 6:30 pm
Salve a tutti, anche se non mi sono presentato....
Ho un router Elsag (linea telecom italia con degli ip statici), con il quale un ip ho fatto il nat. Poi con questo ip nattato gli devo collegare un 1841, e dovrei realizzare questa vpn. Ho fatto delle prove ora vi posto la mia configurazione che quasi sicuramente ha degli errori!!!!
Building configuration...
Current configuration : 2081 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
username remoto01 password 0 cisco
username remoto02 password 0 cisco
!
!
!
crypto logging session
!
crypto isakmp policy 18
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp aggressive-mode disable
crypto isakmp xauth timeout 90
!
crypto isakmp client configuration group remote-vpn
key pierluigi100
dns 192.168.101.1
pool remote-pool
acl 158
save-password
max-users 10
max-logins 10
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac
!
crypto dynamic-map remote-dyn 10
set transform-set VPN-CLI-SET
!
!
crypto map remotemap local-address Dialer0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.101.200 255.255.255.0
duplex auto
speed auto
!
interface Dialer0
no ip address
crypto map remotemap
!
ip local pool 192.168.101.0 192.168.102.10
ip forward-protocol nd
ip route 192.168.101.0 255.255.255.0 Dialer0
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
banner motd ^C
--------------------------------------------------------------
System is RESTRICTED to authorized personnel ONLY
Unauthorized use of this system will be logged and prosecuted
to the fullest extent of the law.
If you are NOT authorized to use this system, LOG OFF NOW
--------------------------------------------------------------
^C
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
**********************************************
quando provo a fare una connessione mi esce il seguente errore:
%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.101.139
Ho un router Elsag (linea telecom italia con degli ip statici), con il quale un ip ho fatto il nat. Poi con questo ip nattato gli devo collegare un 1841, e dovrei realizzare questa vpn. Ho fatto delle prove ora vi posto la mia configurazione che quasi sicuramente ha degli errori!!!!
Building configuration...
Current configuration : 2081 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
username remoto01 password 0 cisco
username remoto02 password 0 cisco
!
!
!
crypto logging session
!
crypto isakmp policy 18
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp aggressive-mode disable
crypto isakmp xauth timeout 90
!
crypto isakmp client configuration group remote-vpn
key pierluigi100
dns 192.168.101.1
pool remote-pool
acl 158
save-password
max-users 10
max-logins 10
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac
!
crypto dynamic-map remote-dyn 10
set transform-set VPN-CLI-SET
!
!
crypto map remotemap local-address Dialer0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.101.200 255.255.255.0
duplex auto
speed auto
!
interface Dialer0
no ip address
crypto map remotemap
!
ip local pool 192.168.101.0 192.168.102.10
ip forward-protocol nd
ip route 192.168.101.0 255.255.255.0 Dialer0
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
banner motd ^C
--------------------------------------------------------------
System is RESTRICTED to authorized personnel ONLY
Unauthorized use of this system will be logged and prosecuted
to the fullest extent of the law.
If you are NOT authorized to use this system, LOG OFF NOW
--------------------------------------------------------------
^C
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
**********************************************
quando provo a fare una connessione mi esce il seguente errore:
%CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.101.139
