VPN funziona ma non riesco a raggiungere gli host della rete

[alessio_frizzi]

Ciao a tutti, ho un problema a cui non riesco a venire a capo, ho configurato un router 877 per l'accesso a internet e una vpn a cui è riservato un unico indirizzo (.203) all'interno della stessa rete degli host.
Con il client Cisco mi collego regolarmente ma non riesco in alcun modo a raggiungere (neanche il ping) i vari host. questa è la configurazione.
Building configuration...

Current configuration : 5379 bytes
!
! Last configuration change at 16:05:55 CET Thu Apr 28 2011 by innofondi
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxxxx
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$K4v3$hVwC0KjjjjSQcEa.IZHUl1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login fondiaria local
aaa authorization exec default local
aaa authorization network fondiaria local
!
!
aaa session-id common
clock timezone CET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint innocenti
enrollment selfsigned
subject-name CN=cn=IOS-Self-Signed-Certificate-1286547895
revocation-check none
rsakeypair innocenti
!
!
crypto pki certificate chain innocenti
certificate self-signed 01
3082022F 308201D9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
61313230 30060355 04031329 636E3D49 4F532D53 656C662D 5369676E 65642D43
65727469 66696361 74652D31 32383635 34373839 35312B30 2906092A 864886F7
0D010902 161C4167 65536F66 6669616E 6F2E616C 69636562 7573696E 6573732E
6974301E 170D3131 30343230 31303430 33325A17 0D323030 31303130 30303030
305A3061 31323030 06035504 03132963 6E3D494F 532D5365 6C662D53 69676E65
642D4365 72746966 69636174 652D3132 38363534 37383935 312B3029 06092A86
4886F70D 01090216 1C416765 536F6666 69616E6F 2E616C69 63656275 73696E65
73732E69 74305C30 0D06092A 864886F7 0D010101 0500034B 00304802 4100BBBC
17AB6222 EAC5894C C3B249A3 766341D4 25F4B80B B7FA8E42 8B1C0DC7 758DAE92
A4F3BDE6 680E4DA7 3FCD909A 4DB92F46 B0554FB7 A733BB8B 70C1A904 38E90203
010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603 551D1104
20301E82 1C416765 536F6666 69616E6F 2E616C69 63656275 73696E65 73732E69
74301F06 03551D23 04183016 80146A1E E2912AE8 86778ADC 7B9F6CE3 A6F44D2E
D84B301D 0603551D 0E041604 146A1EE2 912AE886 778ADC7B 9F6CE3A6 F44D2ED8
4B300D06 092A8648 86F70D01 01040500 03410089 336DAD89 CA7BE32E C8C01650
D4A2CE4F C8A33272 0352AB90 BBD8C314 B6681CED 34E1C153 1EB59802 F83B923A
371232DA ED165794 FD83AD33 1C407B31 5009A7
quit
dot11 syslog
ip source-route
!
!
ip cef
ip domain name alicebusiness.it
ip name-server 151.99.125.1
ip name-server 151.99.125.2
!
!
!
!
username xxxxxxx privilege 15 password 7 06370B255F1D5F4B2D0E
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group xxx
key xxxxxxxx
dns 10.51.121.193 10.51.121.245
pool fondiariapool
netmask 255.255.255.192
!
!
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
!
crypto dynamic-map fondiariamap 1
set transform-set esp-3des-sha
reverse-route
!
!
crypto map cfondiariamap client authentication list fondiaria
crypto map cfondiariamap isakmp authorization list fondiaria
crypto map cfondiariamap client configuration address respond
crypto map cfondiariamap 65535 ipsec-isakmp dynamic fondiariamap
!
archive
log config
hidekeys
!
!
!
!
!
interface Tunnel0
ip unnumbered Dialer0
keepalive 10 3
tunnel source Dialer0
tunnel destination 2.118.148.170
tunnel mode ipip
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.51.121.196 255.255.255.192
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address 79.34.0.231 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp chap hostname [email protected]
ppp chap password 7 1203524F17195A
crypto map cfondiariamap
!
ip local pool fondiariapool 10.51.121.203
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.30.0.0 255.255.0.0 10.51.121.194
ip route 10.50.0.0 255.255.0.0 10.51.121.194
ip route 10.55.121.192 255.255.255.240 Tunnel0
ip route 10.60.0.0 255.255.0.0 10.51.121.194
ip route 10.128.0.0 255.128.0.0 10.51.121.194
no ip http server
no ip http secure-server
!
ip nat inside source static tcp 10.51.121.200 10099 interface Dialer0 10099
ip nat inside source static tcp 10.51.121.200 3478 interface Dialer0 3478
ip nat inside source static udp 10.51.121.200 3478 interface Dialer0 3478
ip nat inside source static udp 10.51.121.200 8003 interface Dialer0 8003
ip nat inside source static udp 10.51.121.200 8002 interface Dialer0 8002
ip nat inside source static udp 10.51.121.200 8001 interface Dialer0 8001
ip nat inside source static udp 10.51.121.200 8000 interface Dialer0 8000
ip nat inside source static tcp 10.51.121.200 5060 interface Dialer0 5060
ip nat inside source static udp 10.51.121.200 5060 interface Dialer0 5060
ip nat inside source static tcp 10.51.121.200 443 interface Dialer0 443
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 10.51.121.192 0.0.0.63
no cdp run

!
!
!
!
control-plane
!
!
line con 0
password 7 112035244640580F0B24382B2436
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password 7 132C3B335A5E573E2E28263621
transport input telnet ssh
!
scheduler max-task-time 5000
ntp server 193.204.114.232
end

C'è qualche anima buona che mi può dare una mano...?
Grazie a tutti.

[alessio_frizzi]

risolto. Grazie lo stesso anche se non mi ha risposto nessuno, vorrà dire che non posterò la soluzione. ciao a tutti.

[Rizio]

risolto. Grazie lo stesso anche se non mi ha risposto nessuno, vorrà dire che non posterò la soluzione. ciao a tutti.

Spero che tu stia scherzando perchè è un bel discorso del cazzo se ci credi davvero e sarà un piacere lasciare vuoti tutti i tuoi eventuli futuri post.

Rizio

[alessio_frizzi]

Oh Rizio, come sei agitato...
eccoti la soluzione.

Tramite l'interfaccia dialer0

Accesso a 2 linee urbane voip eutelia.
Tunnel con sede remota.
Accesso internet.
VPN su un unico indirizzo della stessa rete
Accesso in Telnet, sia su indirizzo privato tramite VPN, che su indirizzo pubblico.
Accesso ad altre reti sia in locale che in VPN (il gateway in questo caso va insito a mano)

Building configuration...

Current configuration : 5585 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$K4v3$hVwC0KjjjjSQcEa.IZHUl1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login fondiaria local
aaa authorization exec default local
aaa authorization network fondiaria local
!
!
aaa session-id common
clock timezone CET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint innocenti
enrollment selfsigned
subject-name CN=cn=IOS-Self-Signed-Certificate-1286547895
revocation-check none
rsakeypair innocenti
!
!
crypto pki certificate chain innocenti
certificate self-signed 01
3082022F 308201D9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
61313230 30060355 04031329 636E3D49 4F532D53 656C662D 5369676E 65642D43
65727469 66696361 74652D31 32383635 34373839 35312B30 2906092A 864886F7
0D010902 161C4167 65536F66 6669616E 6F2E616C 69636562 7573696E 6573732E
6974301E 170D3131 30343230 31303430 33325A17 0D323030 31303130 30303030
305A3061 31323030 06035504 03132963 6E3D494F 532D5365 6C662D53 69676E65
642D4365 72746966 69636174 652D3132 38363534 37383935 312B3029 06092A86
4886F70D 01090216 1C416765 536F6666 69616E6F 2E616C69 63656275 73696E65
73732E69 74305C30 0D06092A 864886F7 0D010101 0500034B 00304802 4100BBBC
17AB6222 EAC5894C C3B249A3 766341D4 25F4B80B B7FA8E42 8B1C0DC7 758DAE92
A4F3BDE6 680E4DA7 3FCD909A 4DB92F46 B0554FB7 A733BB8B 70C1A904 38E90203
010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603 551D1104
20301E82 1C416765 536F6666 69616E6F 2E616C69 63656275 73696E65 73732E69
74301F06 03551D23 04183016 80146A1E E2912AE8 86778ADC 7B9F6CE3 A6F44D2E
D84B301D 0603551D 0E041604 146A1EE2 912AE886 778ADC7B 9F6CE3A6 F44D2ED8
4B300D06 092A8648 86F70D01 01040500 03410089 336DAD89 CA7BE32E C8C01650
D4A2CE4F C8A33272 0352AB90 BBD8C314 B6681CED 34E1C153 1EB59802 F83B923A
371232DA ED165794 FD83AD33 1C407B31 5009A7
quit
dot11 syslog
ip source-route
!
!
ip cef
ip domain name alicebusiness.it
ip name-server 151.99.125.1
ip name-server 151.99.125.2
!
!
!
!
username xxxxxxx privilege 15 password 7 06370B255F1D5F4B2D0E
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxx
key xxxxxxxxxxxx
dns 10.51.121.193 10.51.121.245
pool fondiariapool
acl 101
netmask 255.255.255.192
!
!
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
!
crypto dynamic-map fondiariamap 1
set transform-set esp-3des-sha
reverse-route
!
!
crypto map cfondiariamap client authentication list fondiaria
crypto map cfondiariamap isakmp authorization list fondiaria
crypto map cfondiariamap client configuration address respond
crypto map cfondiariamap 65535 ipsec-isakmp dynamic fondiariamap
!
archive
log config
hidekeys
!
!
!
!
!
interface Tunnel0
ip unnumbered Dialer0
keepalive 10 3
tunnel source Dialer0
tunnel destination 2.xx.xx.170
tunnel mode ipip
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.51.121.196 255.255.255.192
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address 79.xx.xx.231 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp chap hostname [email protected]
ppp chap password 7 1203524F17195A
crypto map cfondiariamap
!
ip local pool fondiariapool 10.51.121.203
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.30.0.0 255.255.0.0 10.51.121.194
ip route 10.50.0.0 255.255.0.0 10.51.121.194
ip route 10.55.121.192 255.255.255.240 Tunnel0
ip route 10.60.0.0 255.255.0.0 10.51.121.194
ip route 10.128.0.0 255.128.0.0 10.51.121.194
ip http server
ip http secure-server
!
ip nat inside source static tcp 10.51.121.200 10099 interface Dialer0 10099
ip nat inside source static tcp 10.51.121.200 3478 interface Dialer0 3478
ip nat inside source static udp 10.51.121.200 3478 interface Dialer0 3478
ip nat inside source static udp 10.51.121.200 8003 interface Dialer0 8003
ip nat inside source static udp 10.51.121.200 8002 interface Dialer0 8002
ip nat inside source static udp 10.51.121.200 8001 interface Dialer0 8001
ip nat inside source static udp 10.51.121.200 8000 interface Dialer0 8000
ip nat inside source static tcp 10.51.121.200 5060 interface Dialer0 5060
ip nat inside source static udp 10.51.121.200 5060 interface Dialer0 5060
ip nat inside source static tcp 10.51.121.200 443 interface Dialer0 443
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source route-map nonat interface Dialer0 overload
!
access-list 101 permit ip 10.51.121.192 0.0.0.63 host 10.51.121.203
access-list 111 deny ip 10.51.121.192 0.0.0.63 host 10.51.121.203
access-list 111 permit ip 10.51.121.192 0.0.0.63 any
no cdp run

!
!
!
route-map nonat permit 65535
match ip address 111
!
!
control-plane
!
!
line con 0
password 7 112035244640580F0B24382B2436
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password 7 132C3B335A5E573E2E28263621
transport input telnet ssh
!
scheduler max-task-time 5000
ntp server 193.204.114.232
end

Speriamo che serva a qualcuno, e che magari questo qualcuno la prossima volta aiuti me...