837-vpn client

[mariox79]

ragazzi devo fare una vpn un pò particolare:
in ufficio c'è un circuito adsl aggiuntivo inutilizzato che vorrei usare per fare vpn da casa.
Ho collegato questo circuito ad un cisco 837 settato con la configurazione opportuna per fare vpn con ip dinamico.
La eth dell'837 è collegata al router principale in modo che una volta che sono in vpn sull'837 posso accedere a tutte le risorse aziendali.
Il mio problema è che riesco tranquillamente a stabilire la connessione vpn con l'837 e a farmi assegnare correttamente un ind. ip, ma una volta stabilita tale connessione, non riesco più a navigare nè in internet nè sulle risorse interne del mio ufficio.
Se c'è bisogno posto la conf.
Grazie in anticipo!

[MaiO]

Guarda che l'Italiano non è un optional.

Cerca di spiegarti meglio senno come facciamo a darti una mano.

A proposito posta pure la configurazione che mi interessa questa "configurazione opportuna".

Ciao

[mariox79]

per quanto riguarda l'Italiano ho da obiettare:
1. Non è un forum di accademici della crusca...
2. Quando si parla di dettagli tecnici a volte bisogna sacrificare lo stile!

Che non si offenda nessuno ovviamente...
Ecco la conf:
p.s.:alcune acl,seppure definite, non sono applicate alle interfacce.


.

Current configuration : 4579 bytes
!
version 12.3
service nagle
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco-vpn
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxx xxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login LISTA-UTENTI-VPN local
aaa authorization network GRUPPO-UTENTI-VPN local
aaa session-id common
!
resource manager
!
clock timezone GMT 1
clock summer-time summertime recurring last Sun Mar 3:00 last Sun Oct 3:00
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
no ip dhcp use vrf connected
!
!
ip dhcp update dns both
ip tcp synwait-time 10
ip tcp path-mtu-discovery
ip cef
ip name-server 151.99.125.1
no ip ips deny-action ips-interface
ip ddns update method DynDNS
HTTP
add http://miouser:[email protected] ... .org&myip=
interval maximum 1 0 0 0
!
ip dhcp-client update dns server both
!
no ftp-server write-enable
!
!
username pippo password 0 pluto
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 5
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local VPN-CLIENT-POOL
!
crypto isakmp client configuration group cicciomvpn
key ciccio
dns 10.100.100.3
wins 10.100.100.3
pool VPN-CLIENT-POOL
netmask 255.255.255.0
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto ipsec transform-set myset1 esp-3des esp-md5-hmac
!
crypto ipsec profile CRYPTO-VPN
!
!
crypto dynamic-map VPNDYNAMIC 1
set transform-set myset
!
!
crypto map CRYPTO-VPN client authentication list LISTA-UTENTI-VPN
crypto map CRYPTO-VPN isakmp authorization list GRUPPO-UTENTI-VPN
crypto map CRYPTO-VPN client configuration address respond
crypto map CRYPTO-VPN 1 ipsec-isakmp dynamic VPNDYNAMIC
!
!
!
interface Ethernet0
ip address 10.100.100.220 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip mroute-cache
crypto map CRYPTO-VPN
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
ip ddns update hostname miodominio.dyndns.org
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
no fair-queue
ppp chap hostname hostxxxx
ppp chap password 0 miapwd
ppp pap sent-username hostxxx password 0 miapwd
crypto map CRYPTO-VPN
!
ip local pool VPN-CLIENT-POOL 10.100.100.193 10.100.100.195
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
!
ip nat inside source list 90 interface Dialer0 overload
!
access-list 1 permit 10.100.100.0 0.0.0.255
access-list 90 permit any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.0.0.255 any
access-list 100 permit ip any any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit tcp any any eq 7954
access-list 101 permit udp any any eq 23580
access-list 101 permit udp any any eq 4673
access-list 101 permit udp any any eq isakmp log
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 101 deny ip 10.100.100.0 0.0.0.255 any
access-list 101 permit tcp any any eq www
access-list 111 permit ip 10.100.100.0 0.0.0.255 any
no cdp run
!
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
line vty 0 4
password tttttt
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end


Con questa conf mi connetto in vpn sul router 837 ma non riesco nè a navigare sul web, nè sulle risorse aziendali.

[mariox79]

hola!!
Nessuno ha avuto il mio stesso problema?
Saluti

[mariox79]

risolto: il pool dhcp e il pool locale di indirizzi devono essere diversi!!!