VPN che non mi va ...

[riccardo1982]

Ciao mi sto cimentando con l'aiuto di un gentile utente del forum a mettere su una VPN tra due cisco posti a circa 4 cm l'uno dall'altro .

Quesa è la configurazione del primo router e quella del secondo è speculare se non fosse per l'etherne0 che invece di avere 192.168.0.1 ha un fantasioso 192.168.1.0

Fatto sta che non và... che ne dite ?

837spc#sh run
Building configuration...

Current configuration : 3532 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 837spc
!
boot-start-marker
boot-end-marker
!
logging monitor notifications
enable secret 5
enable password 7
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip name-server 62.94.0.1
ip name-server 62.94.0.2
ip ips po max-events 100
no ftp-server write-enable
!
!
partition flash 2 10 2
!
username
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ****** address 81.200.***.***
no crypto isakmp ccm
!
!
crypto ipsec transform-set T1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
! Incomplete
description Tunnel verso Router 2
set peer 81.200.***.***
set transform-set T1
match address 101
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.0.1-255.255.
255.0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
description connessione ad internet ( PPPoA Eutelia )
ip address 81.200.***.*** 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname ***
ppp chap password 7 ***
ppp pap sent-username ***r password 7***
crypto map SDM_CMAP_1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
!
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 5000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 23 interface Dialer0 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 remark SDM_ACL Category=4
access-list 101 remark IPSec Rule
access-list 103 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=2
dialer-list 1 protocol ip permit
snmp-server community visiospc RO
snmp-server trap-source Ethernet0
snmp-server host 192.168.1.253 visiospc
!
route-map SDM_RMAP_2 permit 1
match ip address 103
!
!
control-plane
!
!
line con 0
no modem enable
stopbits 1
line aux 0
line vty 0 3
exec-timeout 120 0
password 7 ***
login local
length 0
line vty 4
access-class 23 out
exec-timeout 120 0
password 7 ***
login local
length 0
transport input telnet
transport output telnet
!
scheduler max-task-time 5000
end

[emanuele.ciani]

Non esiste l'access-list 101

devi inserire il traffico interessante per la VPN

access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

e nell'altro router la inserisci speculare

Ciao

[riccardo1982]

ti ringrazio per la risposta ma ho risolto poco dopo aver postato.. me la sono riletta tutta e sono giunto alla tua stessa conclusione... anche se dopo aver fatto un bell'erase di tutto.. per imparare non ce niente di meglio di riscrivere tutto ogni volta...

ti ringrazio cmq per la risposta.