Salve a tutti,ho il seguente problema con una vpn tra un Cisco 2620 e un Allnet ALL00277DSLA:in pratica ho configurato entrambi gli apparati (ci sono due connessioni adsl con ip statico) ma la vpn si "attiva" solo quando a iniziarla è l'allnet,mentre non funziona nel verso opposto.
Qualche suggerimento (che non sia direttamente di sostituire l'allnet,so che non è il massimo ma vorrei capire il problema)??
Problema VPN Lan to Lan
Moderatore: Federico.Lagni
-
lfurlanetto
- n00b
- Messaggi: 3
- Iscritto il: ven 24 mar , 2006 6:18 pm
Sarebbe utile tu postassi la configurazione del cisco per favore.
Grazie
Grazie
|
||| Leonardo Furlanetto
||||| CCNA II/06
||| Leonardo Furlanetto
||||| CCNA II/06
-
Richi_one
- Cisco pathologically enlightened user
- Messaggi: 175
- Iscritto il: sab 10 set , 2005 2:51 pm
- Località: Bologna
Current configuration : 10457 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router2620
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
enable secret xxxxx
!
memory-size iomem 15
clock timezone GMT 1
clock summer-time GMT date Mar 31 2000 0:00 Sep 30 2000 0:00 59
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp policy 30
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxx address xxx.xxx.xxx.xxx no-xauth
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
!
crypto map rtp client authentication list userauthen
crypto map rtp isakmp authorization list groupauthor
crypto map rtp client configuration address respond
crypto map rtp 110 ipsec-isakmp
description xxx
set peer xxx.xxx.xxx.xxx
set transform-set rtpset
match address 123
!
!
!
!
interface Ethernet0
ip address xxx.xxx.xxx.xxx
ip nat outside
half-duplex
crypto map rtp
!
interface FastEthernet0
ip address xxx.xxx.xxx.xxx
ip nat inside
speed auto
!
ip nat translation timeout 1800
ip nat inside source route-map nonat interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route 10.0.0.0 255.0.0.0 FastEthernet0
ip route 10.0.1.0 255.255.255.0 Ethernet0
ip route 10.0.2.0 255.255.255.0 Ethernet0
ip route 10.5.0.0 255.255.0.0 Ethernet0
no ip http server
ip pim bidir-enable
!
!
ip access-list extended addr-pool
ip access-list extended default-domain
ip access-list extended dns-servers
ip access-list extended idletime
ip access-list extended inacl
ip access-list extended key-exchange
ip access-list extended protocol
ip access-list extended service
ip access-list extended timeout
ip access-list extended tty6
ip access-list extended tty7
ip access-list extended tty8
ip access-list extended tunnel-password
ip access-list extended wins-servers
!
access-list 120 deny ip 10.0.8.0 0.0.3.255 10.0.1.0 0.0.0.255
access-list 120 deny ip 10.0.8.0 0.0.3.255 10.0.11.0 0.0.0.255
access-list 120 deny ip 10.0.0.0 0.0.0.255 10.5.0.0 0.0.255.255
access-list 120 deny ip 10.0.8.0 0.0.3.255 10.5.0.0 0.0.255.255
access-list 120 deny ip 10.0.20.0 0.0.0.255 10.5.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.0.2.0 0.0.0.255
access-list 120 deny ip 10.0.8.0 0.0.3.255 10.0.2.0 0.0.0.255
access-list 120 permit ip 10.0.0.0 0.255.255.255 any
access-list 123 permit ip 10.0.0.0 0.255.255.255 10.0.2.144 0.0.0.7
access-list 195 permit ip 10.5.0.0 0.0.255.255 any
access-list 195 permit ip 10.0.10.0 0.0.0.255 any
access-list 195 permit ip 10.0.0.0 0.0.3.255 any
!
route-map nonat permit 10
match ip address 120
!
line con 0
exec-timeout 0 0
password
line aux 0
line vty 0 4
password
!
no scheduler allocate
end
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router2620
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
enable secret xxxxx
!
memory-size iomem 15
clock timezone GMT 1
clock summer-time GMT date Mar 31 2000 0:00 Sep 30 2000 0:00 59
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp policy 30
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxx address xxx.xxx.xxx.xxx no-xauth
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
!
crypto map rtp client authentication list userauthen
crypto map rtp isakmp authorization list groupauthor
crypto map rtp client configuration address respond
crypto map rtp 110 ipsec-isakmp
description xxx
set peer xxx.xxx.xxx.xxx
set transform-set rtpset
match address 123
!
!
!
!
interface Ethernet0
ip address xxx.xxx.xxx.xxx
ip nat outside
half-duplex
crypto map rtp
!
interface FastEthernet0
ip address xxx.xxx.xxx.xxx
ip nat inside
speed auto
!
ip nat translation timeout 1800
ip nat inside source route-map nonat interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route 10.0.0.0 255.0.0.0 FastEthernet0
ip route 10.0.1.0 255.255.255.0 Ethernet0
ip route 10.0.2.0 255.255.255.0 Ethernet0
ip route 10.5.0.0 255.255.0.0 Ethernet0
no ip http server
ip pim bidir-enable
!
!
ip access-list extended addr-pool
ip access-list extended default-domain
ip access-list extended dns-servers
ip access-list extended idletime
ip access-list extended inacl
ip access-list extended key-exchange
ip access-list extended protocol
ip access-list extended service
ip access-list extended timeout
ip access-list extended tty6
ip access-list extended tty7
ip access-list extended tty8
ip access-list extended tunnel-password
ip access-list extended wins-servers
!
access-list 120 deny ip 10.0.8.0 0.0.3.255 10.0.1.0 0.0.0.255
access-list 120 deny ip 10.0.8.0 0.0.3.255 10.0.11.0 0.0.0.255
access-list 120 deny ip 10.0.0.0 0.0.0.255 10.5.0.0 0.0.255.255
access-list 120 deny ip 10.0.8.0 0.0.3.255 10.5.0.0 0.0.255.255
access-list 120 deny ip 10.0.20.0 0.0.0.255 10.5.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.0.2.0 0.0.0.255
access-list 120 deny ip 10.0.8.0 0.0.3.255 10.0.2.0 0.0.0.255
access-list 120 permit ip 10.0.0.0 0.255.255.255 any
access-list 123 permit ip 10.0.0.0 0.255.255.255 10.0.2.144 0.0.0.7
access-list 195 permit ip 10.5.0.0 0.0.255.255 any
access-list 195 permit ip 10.0.10.0 0.0.0.255 any
access-list 195 permit ip 10.0.0.0 0.0.3.255 any
!
route-map nonat permit 10
match ip address 120
!
line con 0
exec-timeout 0 0
password
line aux 0
line vty 0 4
password
!
no scheduler allocate
end
-
Richi_one
- Cisco pathologically enlightened user
- Messaggi: 175
- Iscritto il: sab 10 set , 2005 2:51 pm
- Località: Bologna
Aggiornamento:ho eseguito un test con un Digicom Home 54 (che a livello hw è identico all'Allnet che mi dà problemi) connesso a una adsl Tiscali e con un firmware più aggiornato...risultato tutto in questo caso funziona correttamente.L'unica differenza tra i due apparati era l'MTU,ho provato a modificarlo ma non è cambiato nulla.A questo punto penso si tratti di un bug dell'Allnet...ho provato a contattare il supporto vi farò sapere!
