Ciao a tutti, il vostro forum è sempre stato ottimo per risolvere veramente il 90% delle problematiche con i cari Cisco. Ma oggi non riesco a venire fuori da questo problema.
Allora parliamo di Cisco 800 configurato per aprire una vpn vs Fornitore.
Il problema che ogni tanto (credo solo in caso di inattività) la vpn penso si disallinei (cioè luce VPN accesa sul router ma i pacchetti nn transitano) e le alternative sono 2 o aspetto cira 1 ora e poi riparte oppure eseguo un reload... di seguito la conf.. mi date qualche idea?
Thnks2All
Building configuration...
Current configuration : 4183 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-2135986334
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2135986334
revocation-check none
rsakeypair TP-self-signed-2135986334
!
!
crypto pki certificate chain TP-self-signed-2135986334
certificate self-signed 01
[....]
quit
username XXXXXXX privilege 15 secret 5 XXXXXXXXXXXXX
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key [...] address XX.XX.XX.XX no-xauth
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN_INTERNET 10 ipsec-isakmp
description VPN con FORNITORE
set peer XX.XX.XX.XX
set transform-set ESP-3DES-SHA
match address ACL_FORNITORE
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-LAN$
ip address 192.168.1.3 255.255.255.0
duplex auto
speed auto
crypto map VPN_INTERNET
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended ACL_FORNITORE
permit ip 10.10.10.0 0.0.0.255 XX.XX.XX.XX 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 XX.XX.XX.XX 0.0.0.15
!
no cdp run
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use
.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
