Ciao a tutti,
chiedo aiuto per un problema singolare: riesco a connettermi ma una volta connesso non riesco a pingare nè a vedere nessuno degli host sulla rete. Qualcuno può aiutarmi?
Grazie
Non pinga una volta connesso in vpn
Moderatore: Federico.Lagni
-
TheIrish
- Site Admin
- Messaggi: 1840
- Iscritto il: dom 14 mar , 2004 11:26 pm
- Località: Udine
- Contatta:
Ho raccolto una zucca blu... com'è possibile?
Scusa la stupida ironia, però non ci stai dando alcun elemento per comprendere le possibili cause del problema.
Se ci posti la configurazione forse possiamo darti una mano.
Scusa la stupida ironia, però non ci stai dando alcun elemento per comprendere le possibili cause del problema.
Se ci posti la configurazione forse possiamo darti una mano.
-
CbcUser
- Cisco fan
- Messaggi: 36
- Iscritto il: ven 29 set , 2006 10:56 am
Scusa, dimenticavo. Ecco la configurazione:
PIX Version 7.0(4)
!
hostname Ra
domain-name CBC
enable password PVSASRJovmamnVkD encrypted
names
!
interface Ethernet0
speed 100
nameif outside
security-level 0
ip address 80.39.124.100 255.255.255.248
!
interface Ethernet1
speed 100
nameif inside
security-level 100
ip address 192.168.7.210 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
passwd Owo3Y8stBKQ1SpVk encrypted
banner exec Benvenuto su Ra
ftp mode passive
access-list ACLOUT extended permit icmp any any unreachable
access-list ACLOUT extended permit icmp any any echo-reply
access-list ACLOUT extended permit icmp any any echo
access-list ACLOUT extended permit icmp any any source-quench
access-list ACLOUT extended permit icmp any any time-exceeded
access-list inside_nat0_outbound extended permit ip any 192.168.7.192 255.255.255.224
access-list outside_cryptomap_dyn_20 extended permit ip any 192.168.7.192 255.255.255.224
access-list outside_cryptomap_dyn_40 extended permit ip any 192.168.7.192 255.255.255.224
access-list VPNIN extended permit esp any any
access-list VPNIN extended permit udp any any eq isakmp
access-list VPNIN extended permit udp any any eq 4500
access-list VPNIN extended permit udp any eq isakmp any
access-list VPNIN extended permit udp any eq 4500 any
access-list VPNIN extended permit tcp any any eq 10000
access-list VPNIN extended permit ip any any
access-list VPNIN extended permit icmp any any
access-list vpnpubblica2_splitTunnelAcl standard permit any
access-list outside_cryptomap_dyn_60 extended permit ip any 192.168.7.192 255.255.255.224
access-list ConsoleIn extended permit ip host 83.73.161.114 interface outside
access-list consolein extended permit tcp host 83.73.161.114 interface outside
access-list outside_cryptomap_dyn_80 extended permit ip any 192.168.7.192 255.255.255.224
pager lines 24
logging enable
logging trap warnings
logging asdm informational
logging host inside 192.168.7.9
logging host inside 192.168.7.205
mtu outside 1500
mtu inside 1500
ip local pool PoolVPN 192.168.7.206-192.168.7.209 mask 255.255.255.0
ERROR: Command requires failover license
ERROR: Command requires failover license
icmp permit any outside
asdm image flash:/asdm504.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
access-group VPNIN in interface outside
route outside 0.0.0.0 0.0.0.0 80.39.124.97 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy PublicVpn internal
group-policy vpnpubblica2 internal
group-policy vpnpubblica2 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpnpubblica2_splitTunnelAcl
group-policy VpnPubblica internal
group-policy VpnPubblica attributes
dns-server value 194.243.154.62
default-domain value CBC
group-policy vpnpubblica internal
group-policy vpnpubblica attributes
dns-server value 151.99.125.2 151.99.125.3
default-domain value CBC
username UtenteVPN password nG7lDwM.d3vrq93b encrypted privilege 0
username administrator password Owo3Y8stBKQ1SpVk encrypted privilege 15
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.7.0 255.255.255.0 inside
http 192.168.7.126 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 80 match address outside_cryptomap_dyn_80
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
tunnel-group VpnPubblica type ipsec-ra
tunnel-group VpnPubblica general-attributes
address-pool PoolVPN
default-group-policy VpnPubblica
tunnel-group VpnPubblica ipsec-attributes
pre-shared-key *
tunnel-group vpnpubblica2 type ipsec-ra
tunnel-group vpnpubblica2 general-attributes
address-pool PoolVPN
default-group-policy vpnpubblica2
tunnel-group vpnpubblica2 ipsec-attributes
pre-shared-key *
tunnel-group vpnpubblica type ipsec-ra
tunnel-group vpnpubblica general-attributes
address-pool PoolVPN
default-group-policy vpnpubblica
tunnel-group vpnpubblica ipsec-attributes
pre-shared-key *
telnet 83.73.161.114 255.255.255.255 outside
telnet 192.168.7.142 255.255.255.255 inside
telnet 192.168.7.205 255.255.255.255 inside
telnet 192.168.7.126 255.255.255.255 inside
telnet timeout 5
ssh 83.73.161.114 255.255.255.255 outside
ssh 192.168.7.142 255.255.255.255 inside
ssh 192.168.7.205 255.255.255.255 inside
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
PIX Version 7.0(4)
!
hostname Ra
domain-name CBC
enable password PVSASRJovmamnVkD encrypted
names
!
interface Ethernet0
speed 100
nameif outside
security-level 0
ip address 80.39.124.100 255.255.255.248
!
interface Ethernet1
speed 100
nameif inside
security-level 100
ip address 192.168.7.210 255.255.255.0
!
interface Ethernet2
shutdown
no nameif
no security-level
no ip address
!
passwd Owo3Y8stBKQ1SpVk encrypted
banner exec Benvenuto su Ra
ftp mode passive
access-list ACLOUT extended permit icmp any any unreachable
access-list ACLOUT extended permit icmp any any echo-reply
access-list ACLOUT extended permit icmp any any echo
access-list ACLOUT extended permit icmp any any source-quench
access-list ACLOUT extended permit icmp any any time-exceeded
access-list inside_nat0_outbound extended permit ip any 192.168.7.192 255.255.255.224
access-list outside_cryptomap_dyn_20 extended permit ip any 192.168.7.192 255.255.255.224
access-list outside_cryptomap_dyn_40 extended permit ip any 192.168.7.192 255.255.255.224
access-list VPNIN extended permit esp any any
access-list VPNIN extended permit udp any any eq isakmp
access-list VPNIN extended permit udp any any eq 4500
access-list VPNIN extended permit udp any eq isakmp any
access-list VPNIN extended permit udp any eq 4500 any
access-list VPNIN extended permit tcp any any eq 10000
access-list VPNIN extended permit ip any any
access-list VPNIN extended permit icmp any any
access-list vpnpubblica2_splitTunnelAcl standard permit any
access-list outside_cryptomap_dyn_60 extended permit ip any 192.168.7.192 255.255.255.224
access-list ConsoleIn extended permit ip host 83.73.161.114 interface outside
access-list consolein extended permit tcp host 83.73.161.114 interface outside
access-list outside_cryptomap_dyn_80 extended permit ip any 192.168.7.192 255.255.255.224
pager lines 24
logging enable
logging trap warnings
logging asdm informational
logging host inside 192.168.7.9
logging host inside 192.168.7.205
mtu outside 1500
mtu inside 1500
ip local pool PoolVPN 192.168.7.206-192.168.7.209 mask 255.255.255.0
ERROR: Command requires failover license
ERROR: Command requires failover license
icmp permit any outside
asdm image flash:/asdm504.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
access-group VPNIN in interface outside
route outside 0.0.0.0 0.0.0.0 80.39.124.97 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy PublicVpn internal
group-policy vpnpubblica2 internal
group-policy vpnpubblica2 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpnpubblica2_splitTunnelAcl
group-policy VpnPubblica internal
group-policy VpnPubblica attributes
dns-server value 194.243.154.62
default-domain value CBC
group-policy vpnpubblica internal
group-policy vpnpubblica attributes
dns-server value 151.99.125.2 151.99.125.3
default-domain value CBC
username UtenteVPN password nG7lDwM.d3vrq93b encrypted privilege 0
username administrator password Owo3Y8stBKQ1SpVk encrypted privilege 15
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.7.0 255.255.255.0 inside
http 192.168.7.126 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 80 match address outside_cryptomap_dyn_80
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
tunnel-group VpnPubblica type ipsec-ra
tunnel-group VpnPubblica general-attributes
address-pool PoolVPN
default-group-policy VpnPubblica
tunnel-group VpnPubblica ipsec-attributes
pre-shared-key *
tunnel-group vpnpubblica2 type ipsec-ra
tunnel-group vpnpubblica2 general-attributes
address-pool PoolVPN
default-group-policy vpnpubblica2
tunnel-group vpnpubblica2 ipsec-attributes
pre-shared-key *
tunnel-group vpnpubblica type ipsec-ra
tunnel-group vpnpubblica general-attributes
address-pool PoolVPN
default-group-policy vpnpubblica
tunnel-group vpnpubblica ipsec-attributes
pre-shared-key *
telnet 83.73.161.114 255.255.255.255 outside
telnet 192.168.7.142 255.255.255.255 inside
telnet 192.168.7.205 255.255.255.255 inside
telnet 192.168.7.126 255.255.255.255 inside
telnet timeout 5
ssh 83.73.161.114 255.255.255.255 outside
ssh 192.168.7.142 255.255.255.255 inside
ssh 192.168.7.205 255.255.255.255 inside
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Abilita il nat traversal
Controlla il nat0 e lo split tunnel
Controlla il nat0 e lo split tunnel
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
