CiscoForums.it

Aiutooooo !!

ho fatto la VPN ma non navigo piu'. chi mi da una mano per trovare la soluzione? . e' tutto ok la VPN sale , entro con telnet , faccio pure il caffe' ma non navigo
grazie per il contributo

questa e' la mia configurazione del client ( lo stesso problema lo ho sul server )

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
no logging buffered
logging monitor notifications
enable password 7 xxxxxxxxxxxxxx
!
username xxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxx
no aaa new-model
ip subnet-zero
!
!
ip name-server 62.94.0.1
ip name-server 62.94.0.2
ip audit po max-events 100
no ftp-server write-enable
scripting tcl init http
scripting tcl encdir http
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn cliente
connect auto
group xxxxxx key xxxxxx
mode client
peer 81.200.x.y
!
!
partition flash 2 10 2
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
crypto ipsec client ezvpn cliente inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
description connessione ad internet ( PPPoA
ip address a.b.c.d 255.255.255.0
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxor password xxxxxxxxxxxxxxxxxxxx
crypto ipsec client ezvpn cliente
!
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 5000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 23 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
line con 0
privilege level 15
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 3
exec-timeout 120 0
privilege level 15
password 7 xxxxxxxxxxxxxxxx
login local
length 0
transport preferred all
transport input all
transport output all
line vty 4
access-class 23 out
exec-timeout 120 0
privilege level 15
password 7 xxxxxxxxxxxxxxxxxxx
login local
length 0
transport preferred all
transport input telnet ssh
transport output telnet
!
scheduler max-task-time 5000
!
end

forse sul server vpn non e' abilitato lo split tunnel o forse xke e' configurato male il nat o forse entrambe.

Non ho letto la configurazione...comunque sia una volta stabilito un tunnel VPN il client indirizzerà tutto il traffico nel tunnel stesso.

Andrea.Pezzotti ha scritto:Non ho letto la configurazione...comunque sia una volta stabilito un tunnel VPN il client indirizzerà tutto il traffico nel tunnel stesso.

non per forza...

ed allora come faccio?

posso usare la connessione ad internet del server ? come si fa?

ma la cfg del server?

eccola!!

version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxxxxxxx
!
boot-start-marker
boot-end-marker
!
logging monitor notifications
enable password xxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_2 local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
ip subnet-zero
!
!
!
!
ip name-server 62.94.0.1
ip name-server 62.94.0.2
ip ips po max-events 100
no ftp-server write-enable
!
!
partition flash 2 10 2
!
username xxxxxx privilege 15 password xxxxxxxxxxxxxxxxxxxx
username CRWS_Srini privilege 15 password 7 015757406C5A002E65431F062A2007135359
517B727D79666C
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
no crypto isakmp ccm
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group spclab
key gruppo
pool SDM_POOL_1
max-users 5
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
crypto dynamic-map SDM_DYNMAP_2 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
crypto map SDM_CMAP_2 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_2 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_2 client configuration address respond
crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2
!
!
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
crypto map SDM_CMAP_2
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
description connessione ad internet ( PPPoA
ip address 81.200.x.y 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname nome
ppp chap password cccccccccccccccc
ppp pap sent-username nome password xxxxxxxx
crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.0.10 192.168.0.20
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
no ip http secure-server
!
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 5000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 23 remark SDM_ACL Category=17
access-list 23 permit 192.168.0.2
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip any host 192.168.0.10
access-list 100 deny ip any host 192.168.0.11
access-list 100 deny ip any host 192.168.0.12
access-list 100 deny ip any host 192.168.0.13
access-list 100 deny ip any host 192.168.0.14
access-list 100 deny ip any host 192.168.0.15
access-list 100 deny ip any host 192.168.0.16
access-list 100 deny ip any host 192.168.0.17
access-list 100 deny ip any host 192.168.0.18
access-list 100 deny ip any host 192.168.0.19
access-list 100 deny ip any host 192.168.0.20
access-list 100 permit ip host 192.168.0.2 any
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map SDM_RMAP_2 permit 1
match ip address 100
!
!
control-plane
!
!
line con 0
privilege level 15
no modem enable
stopbits 1
line aux 0
line vty 0 3
exec-timeout 120 0
password xxxxxxxxxxxx
length 0
line vty 4
access-class 23 out
exec-timeout 120 0
password xxxxxxxxxxxxxxxxxxxxxx
transport input telnet ssh
transport output telnet
!
scheduler max-task-time 5000
end