buona giornata a tutti
ho configurato 2 cisco 831 cosi'
router 1 :
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router_Rho
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
!
!
ip cef
no ip domain lookup
no ip ips deny-action ips-interface
!
!
!
username cisco password cisco
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
crypto isakmp key testkey1234 address 192.168.1.253
!
!
crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
! Transform unusable with IKE
!
!
!
crypto map aesmap 10 ipsec-isakmp
set peer 192.168.1.253
set transform-set aes-sha-transform
match address acl_vpn
!
!
!
!
interface Ethernet0
ip address 10.186.7.180 255.255.252.0
no cdp enable
no shutdown
!
interface Ethernet1
ip address 192.168.1.254 255.255.255.252
duplex auto
no cdp enable
crypto map aesmap
no shutdown
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip http server
no ip http secure-server
!
!
!
ip access-list extended acl_vpn
permit ip 10.186.7.180 0.0.3.255 10.186.34.240 0.0.0.255
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
exec-timeout 120 0
login local
!
scheduler max-task-time 5000
end
router 2 :
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router_Casorezzo
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
!
!
ip cef
no ip domain lookup
no ip ips deny-action ips-interface
!
!
!
username cisco password cisco
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
crypto isakmp key testkey1234 address 192.168.1.254
!
!
crypto ipsec transform-set aes-sha-transform esp-aes 256 esp-sha-hmac
! Transform unusable with IKE
!
!
crypto map aesmap 10 ipsec-isakmp
set peer 192.168.1.254
set transform-set aes-sha-transform
match address acl_vpn
!
!
!
!
interface Ethernet0
ip address 10.186.34.240 255.255.255.0
no cdp enable
no shutdown
!
interface Ethernet1
ip address 192.168.1.253 255.255.255.252
duplex auto
no cdp enable
crypto map aesmap
no shutdown
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip http server
no ip http secure-server
!
!
!
ip access-list extended acl_vpn
permit ip 10.186.34.240 0.0.0.255 10.0.0.0 0.255.255.255
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
exec-timeout 120 0
login local
!
scheduler max-task-time 5000
end
la vpn apparentemente funziona.
se pingo un ip di una macchina dalla console tutto funziona, ma se dalla macchina pingo un ip di un altra macchina collegata all'altro router non va.
se dalla macchina pingo l'ip del router dove e' connessa risponde, ma non va oltre
cosa sbaglio ?
grazie mille
cisco 831 ... cosa sbaglio ?
Moderatore: Federico.Lagni
-
paradiseit
- n00b
- Messaggi: 10
- Iscritto il: sab 19 gen , 2008 12:40 pm
- Località: Novara
- Contatta:
-
paradiseit
- n00b
- Messaggi: 10
- Iscritto il: sab 19 gen , 2008 12:40 pm
- Località: Novara
- Contatta:
il 3 è un errore di inserimento, nella configurazione c'è lo 0 ovvero 0.0.0.255ip access-list extended acl_vpn
permit ip 10.186.7.180 0.0.3.255 10.186.34.240 0.0.0.255
