Ciao a tutti.
Ho un router CISCO 97 in azienda configurato per fare un PPTP Tunnelling su un server Microsoft Server 2003 che tramite RRAS gestisce la VPN.
Tutto è sempre funzionato benissimo fino a quando ho cambiato il router di casa e ho messo un CISCO SOHO 97!!
Da casa non riesco più a collegarmi con successo dal mio Windows XP: si collega ma al momento della verifica di nome utente e pwd si perde via e si disconnette con errore.
Andando oltre nei test ho scoperto che qs. problema me lo da solo se uso dal lato client un altro router cisco, con tutti gli altri router va!!
Any idea?!
Configurazione Router Azienda:
Building configuration...
Current configuration : 2952 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
no logging buffered
enable secret 5 $1$Ar3j$yuX15lCJRy3dGYAMTCfmG0
!
username CRWS_Shashi privilege 15 password 0 $1$W1fA$o1oSEpa1799569589
username Router password 0 admin
ip subnet-zero
ip name-server 151.99.125.1
ip name-server 151.99.125.2
ip dhcp excluded-address 192.168.1.1
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
partition flash 2 6 2
!
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.1.254-255.25
5.255.0
ip address 192.168.1.254 255.255.255.0 secondary
ip address 192.168.3.180 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
dsl power-cutback 0
!
interface ATM0.1 point-to-point
ip address x.x.x.x 255.255.255.0
ip access-group 103 in
ip nat outside
ip inspect myfw out
pvc 8/35
encapsulation aal5snap
!
!
ip nat inside source list 102 interface ATM0.1 overload
ip nat inside source static 192.168.1.1 x.x.x.x
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip http server
!
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 permit tcp any any established
access-list 103 permit udp any eq domain any
access-list 103 permit tcp any host x.x.x.x eq 1723
access-list 103 permit gre any any
access-list 111 permit tcp any any eq 5900
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
!
line con 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
end
Grazie 1000!!
AraMiS
Rompicapo: PPTP Tunneling Cisco SOHO 97
Moderatore: Federico.Lagni
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
2 cose:
- abilita l' ip inspect per il protocollo pptp
- crea delle acl in entrata che facciano passare la porta 1723 tcp e il protocollo gre
Facci sapere
- abilita l' ip inspect per il protocollo pptp
- crea delle acl in entrata che facciano passare la porta 1723 tcp e il protocollo gre
Facci sapere
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
