configurazione client-cisco 857
Inviato: gio 14 gen , 2010 12:56 pm
Sto cercando di configurare un 857 per accedere ad una LAN. Tramite il setup che posto qui sotto il client si connette, ma non va oltre. Non riesco a pingare il router all'indirizzo 192.168.1.1 nè altri indirizzi presenti sulla rete. Non sono esperto quindi vi prego di tollerare la mia configurazione!
grazie per l'aiuto!
! Last configuration change at 08:34:26 UTC Thu Jan 14 2010 by davide
! NVRAM config last updated at 06:50:18 UTC Thu Jan 14 2010 by davide
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname F5ADSL-Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
no logging monitor
enable password xxxxxxxx
!
aaa new-model
!
!
aaa authentication login clientauth local
aaa authorization network groupauthor local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-607796296
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-607796296
revocation-check none
rsakeypair TP-self-signed-607796296
!
!
crypto pki certificate chain TP-self-signed-607796296
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 36303737 39363239 36301E17 0D303230 33303130 30343131
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3630 37373936
32393630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A6462DC7 245540F4 CD0AF532 30BA680C 7A33A7A3 D3A6D582 374E0C15 0A5BA5E7
11EBF368 7DA364F1 4AEBAAA5 1BDA20D9 B3982007 3AE892ED FA146AFA 58155BA0
4D535DB5 4195A4F0 97A2E740 51913ADE B25595B4 2ACA4A92 CBF40EE0 B6781980
1105D4CE 31C8777B 25C888E0 EE37C7C2 8F8652D5 67A16767 E43B98EE 6763AFBF
02030100 01A37430 72300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
11041830 16821446 35414453 4C2D526F 75746572 2E6E6769 2E697430 1F060355
1D230418 30168014 D6A68B77 BFC34F81 DB7F2B9D BE7B225A 00139D26 301D0603
551D0E04 160414D6 A68B77BF C34F81DB 7F2B9DBE 7B225A00 139D2630 0D06092A
864886F7 0D010104 05000381 81001746 61D161BC 4EBD7486 7786EB39 9F38A643
EAA92A0C 2B785E30 05D51193 7099E3D1 3827105C BBF7472B 70D61C22 B1D77615
92C59B5B D2996B22 1C77E35B AD88ED3B 8DBBCEFA 88AD7A6F D0E1DB6F A503D5F8
E15B49DE 6D1E412F 3840FDDC 7E48954D 929ED76C C1D5C2C4 883F6053 F8C40894
5E0A5381 0FB2B145 74E33337 25AD
quit
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.32
!
ip dhcp pool LOCAL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 88.149.128.12 88.149.128.22
lease 0 2
update arp
!
!
ip cef
ip domain name ngi.it
ip name-server 88.149.128.12
ip name-server 88.149.128.22
!
!
!
username davide password 0 xxxxxxx
username vpnuser password 0 xxxxxxx
!
crypto keyring spokes
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group testgroup
key xxxxxxxxx
pool ippool
crypto isakmp profile VPNclient
description VPN clients profile
match identity group testgroup
client authentication list clientauth
isakmp authorization list groupauthor
client configuration address respond
crypto isakmp profile L2L
description LAN-to-LAN for spoke router(s) connection
keyring spokes
match identity address 0.0.0.0
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 5
set transform-set myset
set isakmp-profile VPNclient
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile L2L
!
!
crypto map mymap 10 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description Virtual LAN Interface #1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username 4820932479 password 0 xxxxxxxxxxxx
crypto map mymap
!
ip local pool ippool 192.168.1.40 192.168.1.44
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 101 interface Dialer0 overload
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input ssh
!
scheduler max-task-time 5000
end
grazie per l'aiuto!
! Last configuration change at 08:34:26 UTC Thu Jan 14 2010 by davide
! NVRAM config last updated at 06:50:18 UTC Thu Jan 14 2010 by davide
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname F5ADSL-Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
no logging monitor
enable password xxxxxxxx
!
aaa new-model
!
!
aaa authentication login clientauth local
aaa authorization network groupauthor local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-607796296
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-607796296
revocation-check none
rsakeypair TP-self-signed-607796296
!
!
crypto pki certificate chain TP-self-signed-607796296
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 36303737 39363239 36301E17 0D303230 33303130 30343131
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3630 37373936
32393630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A6462DC7 245540F4 CD0AF532 30BA680C 7A33A7A3 D3A6D582 374E0C15 0A5BA5E7
11EBF368 7DA364F1 4AEBAAA5 1BDA20D9 B3982007 3AE892ED FA146AFA 58155BA0
4D535DB5 4195A4F0 97A2E740 51913ADE B25595B4 2ACA4A92 CBF40EE0 B6781980
1105D4CE 31C8777B 25C888E0 EE37C7C2 8F8652D5 67A16767 E43B98EE 6763AFBF
02030100 01A37430 72300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
11041830 16821446 35414453 4C2D526F 75746572 2E6E6769 2E697430 1F060355
1D230418 30168014 D6A68B77 BFC34F81 DB7F2B9D BE7B225A 00139D26 301D0603
551D0E04 160414D6 A68B77BF C34F81DB 7F2B9DBE 7B225A00 139D2630 0D06092A
864886F7 0D010104 05000381 81001746 61D161BC 4EBD7486 7786EB39 9F38A643
EAA92A0C 2B785E30 05D51193 7099E3D1 3827105C BBF7472B 70D61C22 B1D77615
92C59B5B D2996B22 1C77E35B AD88ED3B 8DBBCEFA 88AD7A6F D0E1DB6F A503D5F8
E15B49DE 6D1E412F 3840FDDC 7E48954D 929ED76C C1D5C2C4 883F6053 F8C40894
5E0A5381 0FB2B145 74E33337 25AD
quit
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.32
!
ip dhcp pool LOCAL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 88.149.128.12 88.149.128.22
lease 0 2
update arp
!
!
ip cef
ip domain name ngi.it
ip name-server 88.149.128.12
ip name-server 88.149.128.22
!
!
!
username davide password 0 xxxxxxx
username vpnuser password 0 xxxxxxx
!
crypto keyring spokes
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group testgroup
key xxxxxxxxx
pool ippool
crypto isakmp profile VPNclient
description VPN clients profile
match identity group testgroup
client authentication list clientauth
isakmp authorization list groupauthor
client configuration address respond
crypto isakmp profile L2L
description LAN-to-LAN for spoke router(s) connection
keyring spokes
match identity address 0.0.0.0
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 5
set transform-set myset
set isakmp-profile VPNclient
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile L2L
!
!
crypto map mymap 10 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description Virtual LAN Interface #1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username 4820932479 password 0 xxxxxxxxxxxx
crypto map mymap
!
ip local pool ippool 192.168.1.40 192.168.1.44
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 101 interface Dialer0 overload
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input ssh
!
scheduler max-task-time 5000
end