tutto funziona, riesco ad accedere ai servizi della rete principale ma, al ping mi risponde solo il router e non gli host della rete dietro al router.
qualcuno sa darmi una manina??
posto la configurazione altrimenti di cosa parliamo?

Codice: Seleziona tutto
sh ru
Building configuration...
Current configuration : 3494 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname *********
!
boot-start-marker
boot-end-marker
!
enable secret 5 *********
enable password *********
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.199.96 172.16.199.254
!
ip dhcp pool voipsi
import all
network 172.16.199.0 255.255.255.0
dns-server 88.149.128.12 208.67.222.222
domain-name *********.localdomain
default-router 172.16.199.254
lease 0 2
!
!
ip domain name *********.localdomain
ip name-server 88.149.128.12
ip name-server 208.67.222.222
!
!
!
username admin privilege 15 password 0 *********
username kese87 password 0 ciao
!
!
crypto logging session
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90
!
crypto isakmp client configuration group vpnuser
key *********
dns 208.67.222.222
domain *********.localdomain
pool vpnpool
acl 158
save-password
split-dns *********.localdomain
max-users 10
max-logins 1
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac
!
crypto dynamic-map remote-dyn 10
set transform-set VPN-CLI-SET
!
!
crypto map remotemap local-address Dialer0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn
!
!
!
!
interface FastEthernet0
ip address 192.168.5.253 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface BRI0
no ip address
ip broadcast-address 0.0.0.0
encapsulation hdlc
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
no ip address
ip broadcast-address 0.0.0.0
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Vlan1
ip address 172.16.199.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address ********* 255.255.255.252
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username ********* password 0 *********
crypto map remotemap
!
ip local pool vpnpool 172.16.254.1 172.16.254.254
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Dialer0 overload
!
access-list 101 deny ip 172.16.199.0 0.0.0.255 172.16.254.0 0.0.0.255
access-list 101 permit ip 172.16.199.0 0.0.0.255 any
access-list 158 permit ip 172.16.199.0 0.0.0.255 172.16.254.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
password *********
line vty 0 4
password *********
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end