CiscoForums.it

Cisco Users Group
https://ciscoforums.it/

VPN tra 2 Cisco 877

https://ciscoforums.it/viewtopic.php?f=16&t=9716

Pagina 1 di 1

VPN tra 2 Cisco 877

Inviato: ven 31 ott , 2008 9:44 am
da giskard78
Salve a tutti!!!
Vi spiego il problema.
Non sono molto esperto( diciamo quasi per niente).
Devo configurere una vpn site to site con 2 cisco 877 tra 2 sedi differenti una con rete 192.168.1.0 e l'altra con 192.168.2.0.

Siccome non sono molto esperto ho configurato le i due ruouter tramite sdm.

Nessun problema per la connessione, la vpn configurata con pre shared key in un baleno e sembrava tutto ok(nel senso che diceva che era in piedi).

Purtroppo io non riesco a pingare nulla ne da una parte ne dall'altra!

Cosi a resettato il router e sono partito con l'intenzione di configurare tutto da telnet.

Ora atm e vlan sono configurate, ma non so proprio dove iniziare con la vpn.

Vi posto le due config:

Sede 1:

Codice: Seleziona tutto

Building configuration...

Current configuration : 4844 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname mariottideruta
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$FK6i$GUIC9.Q6T10CtJha8eovT1
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-856213648
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-856213648
 revocation-check none
 rsakeypair TP-self-signed-856213648
!
!
crypto pki certificate chain TP-self-signed-856213648
 certificate self-signed 01
  3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 38353632 31333634 38301E17 0D303230 33303130 30303633 
  375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3835 36323133 
  36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  C2E83037 FF825E35 90F65D4D D41206FD F6E3B722 0A8DD5AB B702BA6E 3E4B4F46 
  00C4D6AE 488E78C1 29FA5211 FCE9AE6C 35721877 EAB615DE 1EA6BCA4 DBC5ACDE 
  57E106A6 300DEA42 C77FA4D0 D24C50A9 3DF9F07C 2D8E9AED 54DFB18B 67E4B6A7 
  126402AF 1B0FD5B7 52625CAE C7808522 24411D8C 81AE1F82 AA1A2C32 A2F72B85 
  02030100 01A37830 76300F06 03551D13 0101FF04 05300301 01FF3023 0603551D 
  11041C30 1A82186D 6172696F 74746964 65727574 612E6369 73636F2E 636F6D30 
  1F060355 1D230418 30168014 2F892D5C 321723A4 5727CD8D 09AB1CE3 48531E23 
  301D0603 551D0E04 1604142F 892D5C32 1723A457 27CD8D09 AB1CE348 531E2330 
  0D06092A 864886F7 0D010104 05000381 810070B1 EC45C7F3 9FE03E9B 0BC525B2 
  297A2D03 B634ABC3 569F4CAD 146D01C8 2C53E0CD 727913F4 CA6B3154 4A4FD2FB 
  14BE0CB5 2282781C 1B2E509C F8A3B448 2E7CAA48 DD95233C 591D5284 A1BD5D9A 
  D605FF31 7204EDDB BF85DA27 A6F2F8BE 384ADBAA DA1CB8CA ACFE01CA 4AB9DC08 
  C6D91A07 7F33DA7D 38A10F9D 1E77BECE DBEB
  	quit
dot11 syslog
no ip source-route
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
ip domain name cisco.com
ip name-server 151.99.125.1
ip name-server 151.99.125.2
!
!
!
username administrator privilege 15 secret 5 $1$Dh5Q$WsHporiK5A0hZxIQYpL1W1
! 
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 ip address 94.82.57.210 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 pvc 8/35 
  encapsulation aal5snap
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.252 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Sede 2

Codice: Seleziona tutto


Building configuration...

Current configuration : 4839 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname mariottipg
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$f46S$gdP75Lw1fwt0NHOvVCaqp0
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-1653938604
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1653938604
 revocation-check none
 rsakeypair TP-self-signed-1653938604
!
!
crypto pki certificate chain TP-self-signed-1653938604
 certificate self-signed 01
  3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31363533 39333836 3034301E 170D3032 30333031 30303036 
  32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36353339 
  33383630 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  81009CB3 0C3E3D02 BC417802 D767FE89 90066ED9 C699A493 8E6F4559 D5540A39 
  55F606EE 2CCBA60D BBB9E6C8 A9581E7F FCF75DAA DFDCC074 84B1A82E 8B32376C 
  E5605B7D 219E205A 575275DB 7543F730 E40635C1 6DFF790A B7420E28 18B8B4F8 
  63BA5098 5941F019 5ED25075 E5051568 1D239C05 E5D1E911 3F5F04AC 71AF0C0E 
  59170203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D1104 18301682 146D6172 696F7474 6970672E 63697363 6F2E636F 6D301F06 
  03551D23 04183016 80147F6E 50D3CAFA 3357C1C8 C84FE2B5 A2BBAE4F B165301D 
  0603551D 0E041604 147F6E50 D3CAFA33 57C1C8C8 4FE2B5A2 BBAE4FB1 65300D06 
  092A8648 86F70D01 01040500 03818100 087D87B0 C5D64D6E 7D8D5F91 2E56DBCF 
  A480B34E 0C977668 86ADF4D8 318CECCB 3E5E7EFB 2C851269 6BC9D1F0 AC385142 
  F6E4B275 F044B551 8B9F2E93 1DE2D8F1 7D81A4A1 65A9EB2E B94442A7 E8F0D5C0 
  C324734E 8E1E821E 32E43C6F D1F70FBF 905DA9C9 3BA52AE4 C9BD663F D3F6CEB2 
  87762B50 261D82C1 91F05C47 B77A15A9
  	quit
dot11 syslog
no ip source-route
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
ip domain name cisco.com
ip name-server 151.99.125.1
ip name-server 151.99.125.2
!
!
!
username administrator privilege 15 secret 5 $1$gSOk$zjTuo/rFc58/ecThB7DNr1
! 
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 ip address 88.44.46.162 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 pvc 8/35 
  encapsulation aal5snap
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.2.253 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
no cdp run
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end


Mi dareste una mano?

Grazie Aniticipatamente.

Ah non mi servono firewall o altro.

Inviato: lun 03 nov , 2008 1:25 am
da zot
Guarda ti rispondo come uno che qualche tempo fa doveva fare una VPN e non sapeva da dove cominciare...poi ho ricevuto un grosso aiuto dal moderatore di questa sezione ,e da lì mi sono messo a fare configurazioni VPN sempre più incasinate.........ho il forte sospetto che questa persona mi abbia aiutato in quanto ho fatto di tutto per capire come fare,perdendo notti di sonno e studiando parecchio sul sito CISCO.Ergo se vuoi un aiuto concreto proponi domande concrete ed evita di generalizzazioni del tipo :"devo fare una VPN,mi date una mano?".
Tutti gli orari sono UTC+01:00
Pagina 1 di 1

Creato da phpBB® Forum Software © phpBB Limited

Traduzione Italiana phpBB-Store.it