Salve a tutti ragazzi,
anche io come diversi partecipanti al forum, sono un novello nell'utilizzo dei router cisco e sto tentando di configurare il mio router SOHO97.
Quello cui vorrei arrivare, è fargli fare da server VPN L2TP su IPSEC ma fino ad ora sono solo riuscito a configurarlo per il semplice utilizzo internet per la navigazione.
nell'attesa che riesca a capire come risolvere il mio problema vorrei almeno per fargli fare il VPN Pass Through, sfruttando, sempre fino a quando non riesco a capire come funzia il SOHO, un server VPN interno alla mia rete.
Ho provato con:
ip nat inside source static tcp ip_server_VPN 1723 interface Dialer1 1723
ip nat inside source static udp ip_server_VPN 1723 interface Dialer1 1723
dove Dialer1 è l'interfaccia configurata per il collegamento DSL e ip_server_VPN è l'indirizzo statico del mio server, ma non riesco a "passare".
Qualcuno mi può dire se è sufficiente questa riga di configurazione per il PASS e quindi non dipende dal cisco, oppure se ho dimenticato (per mia ignoranza) di aggiungere qualcosa?
Grazie a tutti in anticipo per l'aiuto
VPN Pass Through
Moderatore: Federico.Lagni
-
alpha
- n00b
- Messaggi: 9
- Iscritto il: lun 05 giu , 2006 12:30 pm
- Località: Roma
- Contatta:
------------------------
e-mail: [email protected]
e-mail: [email protected]
-
TheIrish
- Site Admin
- Messaggi: 1840
- Iscritto il: dom 14 mar , 2004 11:26 pm
- Località: Udine
- Contatta:
Potresti postare la configurazione per intero?
-
alpha
- n00b
- Messaggi: 9
- Iscritto il: lun 05 giu , 2006 12:30 pm
- Località: Roma
- Contatta:
certo..........nessun problema.
Scusami del ritardo ma oltre che dilettante cerco di risolvermi i prob quando posso, da autodidatta.
p.s. non metterti le mani nei capelli quando vedi la conf...........
ciao e grazie per la risposta.
Using 5295 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
no logging console
enable secret secret_pass
!
username Router password user_login
username user_collegamento_remoto password Pass_collegamento_remoto
vpdn enable
no vpdn ip udp ignore checksum
!
vpdn-group remoti
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
l2tp tunnel password shared_pas_L2TP_su_IPSEC
!
ip subnet-zero
ip dhcp excluded-address a.b.c.d
!
ip dhcp pool CLIENT
import all
network 192.168.2.0 255.255.255.0
default-router ip_router
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
!
!
!
!
!
interface Tunnel1
ip unnumbered Dialer1
tunnel source Dialer1
tunnel destination ip_server_interno
!
interface Ethernet0
ip address a.b.c.d 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Virtual-Template1
ip unnumbered Ethernet0
ip nat inside
peer default ip address pool remoti
ppp authentication chap
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user_per_dsl
ppp chap password pass_per_dsl
ppp pap sent-username user_per_dsl password pass_per_dsl
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip local pool remoti 192.168.3.1 192.168.3.10
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.3.0 255.255.255.0 Tunnel1
ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp ip_server_interno 80 interface Dialer1 80
ip nat inside source static udp ip_server_interno 1701 interface Dialer1 1701
ip nat inside source static tcp ip_server_interno 1701 interface Dialer1 1701
ip nat inside source static tcp ip_server_interno 22 interface Dialer1 22
ip nat inside source static udp ip_server_interno 22 interface Dialer1 22
ip nat inside source static tcp ip_server_interno 1703 interface Dialer1 1703
ip nat inside source static udp ip_server_interno 1703 interface Dialer1 1703
ip nat inside source static tcp ip_server_interno 8089 interface Dialer1 8089
!
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 102 permit ip a.b.c.0 0.0.0.255 any
access-list 111 permit tcp any any eq www
access-list 111 permit udp any any eq 1701
access-list 111 permit tcp any any eq 1701
access-list 111 permit tcp any any eq 22
access-list 111 permit udp any any eq 22
access-list 111 permit tcp any any eq 1703
access-list 111 permit udp any any eq 1703
access-list 111 permit tcp any any eq 8089
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
Scusami del ritardo ma oltre che dilettante cerco di risolvermi i prob quando posso, da autodidatta.
p.s. non metterti le mani nei capelli quando vedi la conf...........
ciao e grazie per la risposta.
Using 5295 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
no logging console
enable secret secret_pass
!
username Router password user_login
username user_collegamento_remoto password Pass_collegamento_remoto
vpdn enable
no vpdn ip udp ignore checksum
!
vpdn-group remoti
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
l2tp tunnel password shared_pas_L2TP_su_IPSEC
!
ip subnet-zero
ip dhcp excluded-address a.b.c.d
!
ip dhcp pool CLIENT
import all
network 192.168.2.0 255.255.255.0
default-router ip_router
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
!
!
!
!
!
interface Tunnel1
ip unnumbered Dialer1
tunnel source Dialer1
tunnel destination ip_server_interno
!
interface Ethernet0
ip address a.b.c.d 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Virtual-Template1
ip unnumbered Ethernet0
ip nat inside
peer default ip address pool remoti
ppp authentication chap
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user_per_dsl
ppp chap password pass_per_dsl
ppp pap sent-username user_per_dsl password pass_per_dsl
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip local pool remoti 192.168.3.1 192.168.3.10
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.3.0 255.255.255.0 Tunnel1
ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp ip_server_interno 80 interface Dialer1 80
ip nat inside source static udp ip_server_interno 1701 interface Dialer1 1701
ip nat inside source static tcp ip_server_interno 1701 interface Dialer1 1701
ip nat inside source static tcp ip_server_interno 22 interface Dialer1 22
ip nat inside source static udp ip_server_interno 22 interface Dialer1 22
ip nat inside source static tcp ip_server_interno 1703 interface Dialer1 1703
ip nat inside source static udp ip_server_interno 1703 interface Dialer1 1703
ip nat inside source static tcp ip_server_interno 8089 interface Dialer1 8089
!
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 102 permit ip a.b.c.0 0.0.0.255 any
access-list 111 permit tcp any any eq www
access-list 111 permit udp any any eq 1701
access-list 111 permit tcp any any eq 1701
access-list 111 permit tcp any any eq 22
access-list 111 permit udp any any eq 22
access-list 111 permit tcp any any eq 1703
access-list 111 permit udp any any eq 1703
access-list 111 permit tcp any any eq 8089
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
------------------------
e-mail: [email protected]
e-mail: [email protected]
