la configurazione che posto di seguito è perfettamente funzionante con client Win7
e con client VPN su cellulari con Android 2.2 e 2.3.
Il problema...purtroppo
sorge con Android 4.0 dove il client VPN dello stesso chiede l'inserimento della chiave precondivisa "pre shared key" per questo motivo non riesco a far funzionare la VPN.Sapreste darmi una mano ?
Grazie mille in anticipo!!!
Codice: Seleziona tutto
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname VPN-S
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 MIASECRETPASS
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp VPN-1 local
aaa session-id common
clock timezone Italy 1
clock summer-time Italy recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip subnet-zero
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip dhcp update dns
no vlan accounting input
vpdn enable
!
vpdn-group VPN-1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
username fabio password 7 MIAPASSWORD
!
!
!
crypto keyring L2TP
pre-shared-key address 0.0.0.0 0.0.0.0 key pippopippo
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-1
key pippopippo
pool pool-VPN-1
save-password
max-users 10
max-logins 10
!
crypto ipsec transform-set 3DES-SHA-TRANS esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map L2TP 10
! Incomplete
set nat demux
set transform-set 3DES-SHA-TRANS
match address L2TP
!
!
crypto map INTERNET 65000 ipsec-isakmp dynamic L2TP
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
speed auto
crypto map INTERNET
!
interface Serial0
no ip address
shutdown
!
interface Virtual-Template1
ip unnumbered FastEthernet0
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
peer default ip address pool pool-VPN-1
ppp mtu adaptive
ppp authentication chap ms-chap VPN-1
!
ip local pool pool-VPN-1 192.168.12.2 192.168.12.20
ip default-gateway 192.168.1.254
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip access-list extended L2TP
!
!
control-plane
!
banner motd ^C
Unauthorized access strictly prohibited
and prosecuted to the full extent of the law
^C
!
line con 0
line aux 0
line vty 0 4
!
ntp clock-period 17179958
ntp server 193.204.114.232
end
EDIT:
dimentivavo, eseguendo il debug:
Codice: Seleziona tutto
VPN-S#sh debug
VPN:
L2X protocol events debugging is on
L2X data packets debugging is on
L2X protocol errors debugging is on
VPDN events debugging is on
VPDN errors debugging is on
L2TP data sequencing debugging is on
PPP:
PPP authentication debugging is on
PPP protocol negotiation debugging is on
Cryptographic Subsystem:
Crypto ISAKMP debugging is on
Crypto Engine debugging is on
Crypto IPSEC debugging is on
VPN-S#
Codice: Seleziona tutto
Feb 18 16:25:48.025: L2X: Punting to L2TP control message queue
Feb 18 16:25:48.025: L2TP: I SCCRQ from anonymous tnl 44207
Feb 18 16:25:48.029: Tnl 60330 L2TP: Tunnel Authorization started for host anonymous
Feb 18 16:25:48.029: Tnl 60330 L2TP: New tunnel created for remote anonymous, address 176.247.XX.XXX
Feb 18 16:25:48.033: L2X: Tunnel author reply L2X info not found
Feb 18 16:25:48.033: Tnl 60330 L2TP: O SCCRP to anonymous tnlid 44207
Feb 18 16:25:48.037: Tnl 60330 L2TP: Control channel retransmit delay set to 1 seconds
Feb 18 16:25:48.037: Tnl 60330 L2TP: Tunnel state change from idle to wait-ctl-reply
Feb 18 16:25:49.037: Tnl 60330 L2TP: O Resend SCCRP, flg TLS, ver 2, len 110, tnl 44207, ns 0, nr 1
Feb 18 16:25:49.037: Tnl 60330 L2TP: Control channel retransmit delay set to 2 seconds
Feb 18 16:25:51.037: Tnl 60330 L2TP: O Resend SCCRP, flg TLS, ver 2, len 110, tnl 44207, ns 0, nr 1
Feb 18 16:25:51.037: Tnl 60330 L2TP: Control channel retransmit delay set to 4 seconds
Feb 18 16:25:55.037: Tnl 60330 L2TP: O Resend SCCRP, flg TLS, ver 2, len 110, tnl 44207, ns 0, nr 1
Feb 18 16:25:55.037: Tnl 60330 L2TP: Control channel retransmit delay set to 8 seconds
Feb 18 16:26:03.037: Tnl 60330 L2TP: O Resend SCCRP, flg TLS, ver 2, len 110, tnl 44207, ns 0, nr 1
