CiscoForums.it

Ho problemi a connettermi con i client ad un Cisco 857 configurato come Easy VPN server: ho impostato l'autenticazione, gli utenti, riesco a pingare il router dall'esterno ma il client VPN Cisco continua a dirmi che non trova il server VPN. Qualche idea su dove può essere il problema?

Se posti la conf glia diamo una occhiata

- EHM - chiedo scusa, la fretta è cattiva consigliera, ero convinto di avere incollato la configurazione ma l'avevo solo copiata...
La conf è stata fatta quasi interamente con SDM, tranne la definizione
delle interfacce e magari è proprio lì che ho cannato qualcosa...
Avevo già configurato delle VPN con router Zywall e WatchGuard Firebox
e francamente è la prima volta che trovo tutte queste difficoltà...

P.S. se volessi usare il VPN client standard di windows anzichè il client Cisco? è possibile?

marangoni#sh runn
Building configuration...

Current configuration : 3806 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname marangoni
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$C839$SVNqrOkzSZuO/7TApoEGb1
!
username marangoni privilege 15 secret 5 $1$/w/2$aneZwK3/VWW6BVMVlOvXf/
username giemme secret 5 $1$MvsV$FqG7HE7iItMd0AAqoZy3J1
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name marangoni.local
ip name-server 193.70.192.25
ip name-server 193.70.152.25
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group prova
key marangoni
pool SDM_POOL_1
max-users 200
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA1
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode ansi-dmt
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip address 85.36.131.14 255.255.255.252
ip access-group 101 in
ip access-group 102 out
ip nat outside
ip virtual-reassembly
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.0.0.1 255.255.255.0 secondary
ip address 192.168.123.250 255.255.255.0 secondary
ip address 85.36.163.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
crypto map SDM_CMAP_1
!
interface Dialer0
no ip address
no cdp enable
!
ip local pool SDM_POOL_1 10.10.10.1 10.10.10.254
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
transport preferred all
transport output telnet
line aux 0
transport preferred all
transport output telnet
line vty 0 4
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

marangoni#
marangoni#

....speravo tanto che qualcuno mi potesse dare una dritta....grazie lo stesso...

prova a togliere le access list dall'interfaccia ATM0.1 point-to-point e potrabbe funzionare tutto

ciao