Cisco 837 problemi con Alice Business e Corporate

[Riker]

Salve a tutti!! sono nuovo del forum, ho un problema, sembra che ci siano i fantasmi nel cavo mi spiego meglio: ho un router 837 configurato su una linea ADSL con 1 IP Fisso di Alice Corporate che funge anche da VPN con una sede remota, il primo problema è che non va la posta la posta in uscita tranne che per il dominio 'alice', ho preso un'altra linea denominata alice Business 4mb con 8 IP Fissi, l'ho configurata, ma non mi va la VPN e la posta va alle volte ??? ho provato a fare 1000 prove ma niente, telecom dice che va tutto bene, c'e' qualcuno che ha qualche idea o ha avuto i miei stessi problemi?
posto la configurazione delle due linee:
ALICE CORPORATE funziona la VPN ma non la posta in out:

version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Equinox
!
enable secret 'xxxx'
!
username Router password 7 131703001102072D293E
username simona password 7 05180B01731A1807141F
aaa new-model
!
!
aaa authentication login userauthentication local
aaa authorization network groupauthorization local
aaa session-id common
ip subnet-zero
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group giacobazzi
key 0 vpnnpvzbg6
dns 192.168.10.1
wins 192.168.10.1
domain zincaturificiomr.it
pool ippool_giacobazzi
!
!
crypto ipsec transform-set transformset_giacobazzi esp-3des esp-md5-hmac
!
!
crypto dynamic-map dynamicmap_giacobazzi 10
set transform-set transformset_giacobazzi
!
!
!
!
crypto map cryptomap_giacobazzi client authentication list userauthentication
crypto map cryptomap_giacobazzi isakmp authorization list groupauthorization
crypto map cryptomap_giacobazzi client configuration address respond
crypto map cryptomap_giacobazzi 10 ipsec-isakmp dynamic dynamicmap_giacobazzi
!
!
!
!
interface Ethernet0
description Interfaccia Ethernet Interna
ip address 192.168.10.254 255.255.255.0
ip access-group 130 in
ip nat inside
no ip route-cache
no ip mroute-cache
hold-queue 100 out
no shutdown
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
no shutdown

!
interface ATM0.1 point-to-point
description Interfaccia WAN Esterna
ip address 82.90.73.53 255.255.255.0
ip access-group 120 in
ip nat outside
ip inspect myfw out
no ip route-cache
no ip mroute-cache
no shutdown

pvc 8/35
encapsulation aal5snap
!
crypto map cryptomap_giacobazzi
!
interface FastEthernet1
no ip address
duplex auto
speed auto
no shutdown

!
interface FastEthernet2
no ip address
duplex auto
speed auto
no shutdown

!
interface FastEthernet3
no ip address
duplex auto
speed auto
no shutdown

!
interface FastEthernet4
no ip address
duplex auto
speed auto
no shutdown
!
ip local pool ippool_giacobazzi 192.168.11.1 192.168.11.254
ip nat pool IP_NAT_OUTSIDE 82.90.73.53 82.90.73.53 netmask 255.255.255.0
ip nat inside source list 100 pool IP_NAT_OUTSIDE overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http secure-server
!
!
ip access-list extended Router on vty0 (212.97.56.42)
ip access-list extended Router on vty2 (212.97.56.42)
access-list 23 remark *** ACL per Teleassistenza
access-list 23 permit 80.17.83.21
access-list 23 permit 192.168.10.0 0.0.0.255
access-list 100 remark *** ACL per IP_NAT_OUTSIDE
access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 120 permit tcp host 212.97.56.42 host 82.90.73.53 eq 22
access-list 120 remark *** ACL controllo ingressi ATM0.1 (controllo ingressi)
access-list 120 permit icmp any any administratively-prohibited
access-list 120 permit icmp any any echo
access-list 120 permit icmp any any echo-reply
access-list 120 permit icmp any any packet-too-big
access-list 120 permit icmp any any time-exceeded
access-list 120 permit icmp any any traceroute
access-list 120 permit icmp any any unreachable
access-list 120 permit esp any host 82.90.73.53
access-list 120 permit udp any host 82.90.73.53 eq isakmp
access-list 120 deny ip any any
access-list 130 remark *** ACL controllo ingressi Ethernet0 (controllo uscite)
access-list 130 permit icmp 192.168.10.0 0.0.0.255 any
access-list 130 permit tcp host 192.168.10.253 any
access-list 130 permit tcp host 192.168.10.1 any
access-list 130 permit udp host 192.168.10.1 any
access-list 130 permit tcp 192.168.10.0 0.0.0.255 any eq 22
access-list 130 permit udp 192.168.10.0 0.0.0.255 any eq domain
access-list 130 permit tcp 192.168.10.0 0.0.0.255 any eq domain
access-list 130 permit tcp host 192.168.10.11 any eq www
access-list 130 permit tcp host 192.168.10.11 any eq 443
access-list 130 permit tcp host 192.168.10.11 any eq smtp
access-list 130 permit tcp host 192.168.10.11 any eq pop3
access-list 130 permit tcp host 192.168.10.11 any eq ftp
access-list 130 permit ip host 192.168.10.123 any
access-list 130 deny ip any any
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
length 0
!
scheduler max-task-time 5000
!
end

ALICE BUSINESS non funziona la VPN e la posta i out:

version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Equinox
!
enable secret xxx
!
username Router password 7 131703001102072D293E
username simona password 7 05180B01731A1807141F
username INFORES password xxxx
username Paperino password xxxx

aaa new-model
!
!
aaa authentication login userauthentication local
aaa authorization network groupauthorization local
aaa session-id common
ip subnet-zero
!
!
ip domain-name zincaturificio.local
cry key generate rsa
ip ssh time-out 60
ip ssh authentication-retries 2
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group giacobazzi
key 0 vpnnpvzbg6
dns 192.168.10.1
wins 192.168.10.1
domain zincaturificiomr.it
pool ippool_giacobazzi
!
!
crypto ipsec transform-set transformset_giacobazzi esp-3des esp-md5-hmac
!
!
crypto dynamic-map dynamicmap_giacobazzi 10
set transform-set transformset_giacobazzi
!
!
!
!
crypto map cryptomap_giacobazzi client authentication list userauthentication
crypto map cryptomap_giacobazzi isakmp authorization list groupauthorization
crypto map cryptomap_giacobazzi client configuration address respond
crypto map cryptomap_giacobazzi 10 ipsec-isakmp dynamic dynamicmap_giacobazzi
!
!
!
!
interface Ethernet0
description Interfaccia Ethernet Interna
ip address 192.168.10.254 255.255.255.0
ip access-group 130 in
ip nat inside
no ip route-cache
no ip mroute-cache
hold-queue 100 out
no shutdown
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
no shutdown

!
interface ATM0.1 point-to-point
description Interfaccia WAN Esterna
ip address 88.38.211.240 255.255.255.0
ip access-group 120 in
ip nat outside
ip inspect myfw out
no ip route-cache
no ip mroute-cache
no shutdown
pvc 8/35
encapsulation aal5snap
!
crypto map cryptomap_giacobazzi
!
interface FastEthernet1
no ip address
duplex auto
speed auto
no shutdown

!
interface FastEthernet2
no ip address
duplex auto
speed auto
no shutdown

!
interface FastEthernet3
no ip address
duplex auto
speed auto
no shutdown

!
interface FastEthernet4
no ip address
duplex auto
speed auto
no shutdown
!
ip local pool ippool_giacobazzi 192.168.11.1 192.168.11.254
ip nat pool IP_NAT_OUTSIDE 88.48.211.241 88.48.211.241 netmask 255.255.255.248
ip nat inside source list 100 pool IP_NAT_OUTSIDE overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http secure-server
!
!
ip access-list extended Router on vty0 (212.97.56.42) --> non va
ip access-list extended Router on vty2 (212.97.56.42) --> non va errore su on
access-list 23 remark *** ACL per Teleassistenza

access-list 100 remark *** ACL per IP_NAT_OUTSIDE
access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 120 permit tcp host 212.97.56.42 host 82.90.73.53 eq 22
access-list 120 remark *** ACL controllo ingressi ATM0.1 (controllo ingressi)
access-list 120 permit icmp any any administratively-prohibited
access-list 120 permit icmp any any echo
access-list 120 permit icmp any any echo-reply
access-list 120 permit icmp any any packet-too-big
access-list 120 permit icmp any any time-exceeded
access-list 120 permit icmp any any traceroute
access-list 120 permit icmp any any unreachable
access-list 120 permit esp any host 82.90.73.53
access-list 120 permit udp any host 82.90.73.53 eq isakmp
access-list 120 deny ip any any
access-list 130 remark *** ACL controllo ingressi Ethernet0 (controllo uscite)
access-list 130 permit icmp 192.168.10.0 0.0.0.255 any
access-list 130 permit tcp host 192.168.10.253 any
access-list 130 permit tcp host 192.168.10.1 any
access-list 130 permit udp host 192.168.10.1 any
access-list 130 permit tcp 192.168.10.0 0.0.0.255 any eq 22
access-list 130 permit udp 192.168.10.0 0.0.0.255 any eq domain
access-list 130 permit tcp 192.168.10.0 0.0.0.255 any eq domain
access-list 130 permit tcp host 192.168.10.11 any eq www
access-list 130 permit tcp host 192.168.10.11 any eq 443
access-list 130 permit tcp host 192.168.10.11 any eq smtp
access-list 130 permit tcp host 192.168.10.11 any eq pop3
access-list 130 permit tcp host 192.168.10.11 any eq ftp
access-list 130 permit ip host 192.168.10.123 any
access-list 130 deny ip any any
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
length 0
!
scheduler max-task-time 5000
!
end

Grazie 1000

[Wizard]

ALICE CORPORATE funziona la VPN ma non la posta in out:

no ip inspect name myfw smtp timeout 3600

ALICE BUSINESS non funziona la VPN e la posta i out:

no ip inspect name myfw smtp timeout 3600

Per la VPN (client) hai cambiato anche le impostazioni nel pcf? (profilo del vpn client) dato che è cambiato l'ip pubblico

[Riker]

Non mi dire che è il timeout troppo alto?
almeno questo parametro dovrebbe essere quello...

--- no ip inspect name myfw smtp timeout 3600 ---

Si, al CiscoClient cambio l'indirizzo IP pubblico, il resto uguale, ho fatto pero' una new entry, dice semplicemente che non ha trovato l'hosrt remoto, Sob!!
La configurazione della VPN è identica, alle volte sembra che l'instradamento si perda da qualche parte e i pacchetti non tornino indietro....

[Wizard]

Togli l' ip inspect sull smtp per prova, non controlla solo il timeout ma è proprio una regola con controlla pacchetti del protocollo smtp.

[Riker]

OK! la prossima settimana provo......
cosa ne pensi della VPN che su una linea funziona e sull'altra no?

[Riker]

Grande ha funzionato al primo colpo, ora non mi resta che provare la VPN sulla linea nuova a 4mbit cambiando solo gli indirizzi IP pubblici.