VPN PPTP su 857k9

biapar · gio 04 dic , 2008 10:09 pm

Salve,

con la seguente config riesco ad effettuare pptp e navigazione dall'interno. Il client pptp riesce a connettersi e pingare la Vlan1 192.168.14.220, ma non riesco a pingare nessun client 192.16814.x. Inoltre nemmeno dallo stesso router non riesco a pingare il client pptp stesso, mentre i client nella LAN si. Perchè?

Config:

Current configuration : 6837 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname RTR-216-94-83-94
!
boot-start-marker
boot-end-marker

aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization network default local
!
!
aaa session-id common
clock timezone Rome 1
!
crypto pki trustpoint TP-self-signed-387193012
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-387193012
revocation-check none
rsakeypair TP-self-signed-387193012
!
!
crypto pki certificate chain TP-self-signed-387193012
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383731 39333031 32301E17 0D303230 33303130 30303635
305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3338 37313933
30313230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
F49FCF2C 858711C6 41A0DB1D 440DD109 DFB70467 F4166B90 2E32C8EC 22CE1428
9B8E2129 D4B43817 C4AE0D0B EFBB40B0 170E234F 9C513118 5F014739 43700F1B
73EFE3D0 4B543DF6 D7A82FCC 71076AB7 F0EFFEAA 24360473 82B3F5B2 4B6D9652
D2D49521 C93BBF7A E598A541 9A06D12D 45B251E0 8B840572 D2D1AF29 4685F665
02030100 01A37030 6E300F06 03551D13 0101FF04 05300301 01FF301B 0603551D
11041430 12821052 54522D32 31362D39 342D3833 2D393430 1F060355 1D230418
30168014 841DD259 4BCD856E 133231CF 6BA71BE5 9887D8A6 301D0603 551D0E04
16041484 1DD2594B CD856E13 3231CF6B A71BE598 87D8A630 0D06092A 864886F7
0D010104 05000381 81006535 2803A1F1 BF4DBD01 C5882238 177CC0C8 7F42FF0F
9F2AC2A8 CBA6670A E60DD085 55182A02 BB7F3366 6CA33074 B1861BFE 035A2CCA
DC0E008F C0318B13 D2CC58DD 9B72927C 00CC12C7 D4B79F7C 08B528F7 28C43617
46A421D7 CDFD7B0C 5B9A9705 A642C16B 2AB14758 E4178F84 CC39E527 074BDF9C
88253DB0 8C1D83E0 ADBC
quit
dot11 syslog
!
!
ip cef
ip name-server 151.99.125.3
ip name-server 151.99.125.2
ip ddns update method sdm_ddns1
DDNS both
!
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1

username pippo password 7 +++
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 192.168.14.10
!
crypto isakmp client configuration group pako
key admini
pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to192.168.14.10
set peer 192.168.14.10
set transform-set ESP-3DES-SHA1
match address 100
!
archive
log config
hidekeys
!
!
ip scp server enable
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
ip address x.y.z.k 255.255.255.252
ip nat outside
ip virtual-reassembly
pvc 8/35
oam-pvc manage
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered Vlan1
no ip redirects
ip route-cache flow
peer default ip address pool PPTP-1
no keepalive
ppp authentication chap ms-chap ms-chap-v2
!
interface Vlan1
ip address 192.168.14.220 255.255.255.0 secondary
ip address 94.83.x.y 255.255.255.248
ip access-group 101 in
ip access-group 102 out
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
ip local pool SDM_POOL_1 192.168.14.223 192.168.14.226
ip local pool PPTP-1 172.0.0.1 172.0.0.50
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat log translations syslog
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation max-entries 1200
ip nat pool NET-GARO 94.83.x.y 94.83.x.y netmask 255.255.255.248
ip nat inside source list 1 pool NET-GARO overload
ip nat inside source static tcp 994.83.x.y 22 94.83.x.y 22 extendable
ip nat inside source static tcp 94.83.94.217 23 94.83.x.y 23 extendable
ip nat inside source static tcp 192.168.14.220 1723 94.83.x.y 1723 extendable
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.14.0 0.0.0.255
access-list 1 permit any
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.14.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 4 remark SDM_ACL Category=2
access-list 4 permit 192.168.1.0 0.0.0.255
access-list 5 remark SDM_ACL Category=2
access-list 5 permit 192.168.14.0 0.0.0.255
access-list 6 remark SDM_ACL Category=2
access-list 6 permit 192.168.14.0 0.0.0.255
access-list 7 remark SDM_ACL Category=2
access-list 7 permit 192.168.14.0 0.0.0.255
access-list 8 remark SDM_ACL Category=2
access-list 8 permit 192.168.14.0 0.0.0.255
access-list 9 remark SDM_ACL Category=2
access-list 9 permit 192.168.14.0 0.0.0.255
access-list 20 permit 172.0.0.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit ip 94.83.94.216 0.0.0.7 any
access-list 101 permit ip any 94.83.x.y 0.0.0.7
access-list 101 permit ip any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 permit ip 172.0.0.0 0.255.255.255 192.168.14.0 0.0.0.255
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 102 permit ip any any
!

Grazie

Wizard · mar 09 dic , 2008 2:59 pm

Che schifo le config via sdm!!!!
Mancano le rotte e il nat 0 per il pool vpn

VPN PPTP su 857k9

Login • Iscriviti