cisco easy vpn e 877w
Inviato: ven 24 lug , 2009 3:53 pm
Ciao Carissimi,
ho un po' di problemini con questa configurazione... si connette in vpn ma dalla classe 172.20.25.x non si raggiunge la 172.20.27.x e viceversa... dove sbaglio?
sto sclerando come un matto...
ho un po' di problemini con questa configurazione... si connette in vpn ma dalla classe 172.20.25.x non si raggiunge la 172.20.27.x e viceversa... dove sbaglio?
sto sclerando come un matto...Codice: Seleziona tutto
version 12.4
no service pad
service timestamps debug uptime
service timestamps log datetime msec localtime
service password-encryption
service internal
service sequence-numbers
!
hostname lugo
!
boot-start-marker
boot-end-marker
!
logging exception 100000
logging count
logging userinfo
logging queue-limit 10000
logging buffered 150000
enable secret 5 **********
!
no aaa new-model
clock timezone Italy 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
dot11 syslog
!
dot11 ssid walter48022
vlan 10
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 *********
!
no ip source-route
no ip gratuitous-arps
no ip icmp rate-limit unreachable
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.20.25.95
ip dhcp excluded-address 172.20.26.95
!
ip dhcp pool vlan1
network 172.20.25.0 255.255.255.128
default-router 172.20.25.95
dns-server 172.20.25.95
!
ip dhcp pool vlan10
network 172.20.26.0 255.255.255.128
default-router 172.20.26.95
dns-server 172.20.26.95
!
ip dhcp pool asus-manu-wifi
host 172.20.26.200 255.255.255.0
client-identifier ******
default-router 172.20.26.95
dns-server 172.20.26.95
!
ip dhcp pool asus-manu-wired
host 172.20.25.200 255.255.255.0
client-identifier ******
default-router 172.20.25.95
dns-server 172.20.25.95
!
ip dhcp pool quad-win7-gbit
host 172.20.25.203 255.255.255.0
client-identifier ******
default-router 172.20.25.95
dns-server 172.20.25.95
!
ip dhcp pool quad-ubuntu-gbit
host 172.20.25.202 255.255.255.0
hardware-address *******
default-router 172.20.25.95
dns-server 172.20.25.95
!
ip dhcp pool iphone3g-manu-wifi
host 172.20.26.201 255.255.255.0
client-identifier *******
default-router 172.20.26.95
dns-server 172.20.26.95
!
ip dhcp pool vlan2
network 172.20.27.0 255.255.255.128
default-router 172.20.27.95
dns-server 172.20.27.95
!
!
no ip bootp server
ip domain name ath.cx
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip ddns update method all.dnsomatic.com
HTTP
add http://*****:******@updates.dnsomatic.com/nic/update?hostname=<h>&myip=<a>
interval minimum 1 0 0 0
!
!
multilink bundle-name authenticated
password encryption aes
!
!
!
no spanning-tree vlan 1
no spanning-tree vlan 10
username manu privilege 15 secret 5 ******
username iphone password 7 ********
!
crypto logging session
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90
!
crypto isakmp client configuration group remote-vpn
key *******
pool remote-pool
acl 158
save-password
max-users 10
max-logins 10
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac
!
crypto dynamic-map remote-dyn 10
set transform-set VPN-CLI-SET
!
!
crypto map remotemap local-address Dialer0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn
!
archive
log config
hidekeys
!
!
ip ssh logging events
ip ssh version 2
ip scp server enable
!
!
!
interface ATM0
no ip address
ip mtu 1492
ip tcp adjust-mss 1452
no atm ilmi-keepalive
dsl operating-mode adsl2+
dsl noise-margin -1
dsl gain-setting rx-offset 2
dsl bitswap both
!
interface ATM0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip tcp adjust-mss 1452
no ip mroute-cache
pvc 8/35
oam-pvc 0
encapsulation aal5snap
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
ip mtu 1492
ip tcp adjust-mss 1452
!
encryption vlan 10 mode ciphers aes-ccm tkip
!
ssid walter48022
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
world-mode dot11d country IT indoor
!
interface Dot11Radio0.10
encapsulation dot1Q 10 native
ip address 172.20.26.95 255.255.255.0
ip mtu 1492
ip nat inside
no ip virtual-reassembly
ip tcp adjust-mss 1452
no cdp enable
!
interface Vlan1
ip address 172.20.25.95 255.255.255.0
ip directed-broadcast
ip mtu 1492
ip nat inside
no ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
!
interface Vlan2
ip address 172.20.27.95 255.255.255.0
ip mtu 1492
ip tcp adjust-mss 1452
no ip mroute-cache
!
interface Dialer0
ip ddns update hostname all.dnsomatic.com
ip ddns update all.dnsomatic.com host updates.dnsomatic.com
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip nat outside
no ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
no keepalive
no cdp enable
ppp pap sent-username aliceadsl password 7 ******
crypto map remotemap
!
ip local pool remote-pool 172.20.27.0 172.20.27.94
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 172.20.27.0 255.255.255.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip dns server
ip nat translation timeout 420
ip nat translation tcp-timeout 150
ip nat translation udp-timeout 150
ip nat translation finrst-timeout 150
ip nat translation syn-timeout 150
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 150
ip nat translation max-entries 200000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 172.20.25.255 9 interface Dialer0 15458
ip nat inside source static tcp 172.20.25.202 5900 interface Dialer0 5555
ip nat inside source static tcp 172.20.25.202 6881 interface Dialer0 6881
ip nat inside source static tcp 172.20.25.202 6882 interface Dialer0 6882
ip nat inside source static tcp 172.20.25.202 6883 interface Dialer0 6883
ip nat inside source static tcp 172.20.25.202 6884 interface Dialer0 6884
ip nat inside source static tcp 172.20.25.202 6885 interface Dialer0 6885
ip nat inside source static tcp 172.20.25.202 6886 interface Dialer0 6886
ip nat inside source static tcp 172.20.25.202 6887 interface Dialer0 6887
ip nat inside source static tcp 172.20.25.202 6888 interface Dialer0 6888
ip nat inside source static tcp 172.20.25.202 6889 interface Dialer0 6889
ip nat inside source static tcp 172.20.25.202 6890 interface Dialer0 6890
ip nat inside source static tcp 172.20.25.202 6891 interface Dialer0 6891
ip nat inside source static tcp 172.20.25.202 6892 interface Dialer0 6892
ip nat inside source static tcp 172.20.25.202 6893 interface Dialer0 6893
ip nat inside source static tcp 172.20.25.202 6894 interface Dialer0 6894
ip nat inside source static tcp 172.20.25.202 6895 interface Dialer0 6895
ip nat inside source static tcp 172.20.25.202 6896 interface Dialer0 6896
ip nat inside source static tcp 172.20.25.202 6897 interface Dialer0 6897
ip nat inside source static tcp 172.20.25.202 6898 interface Dialer0 6898
ip nat inside source static tcp 172.20.25.202 6899 interface Dialer0 6899
ip nat inside source static tcp 172.20.25.202 6900 interface Dialer0 6900
ip nat inside source static tcp 172.20.25.202 38932 interface Dialer0 38932
ip nat inside source static tcp 172.20.25.202 41233 interface Dialer0 41233
ip nat inside source static tcp 172.20.25.202 51413 interface Dialer0 51413
ip nat inside source static tcp 172.20.25.202 63190 interface Dialer0 63190
!
logging history notifications
logging trap critical
logging facility daemon
logging 172.20.25.202
access-list 1 permit 172.20.25.0 0.0.0.255
access-list 1 permit 172.20.26.0 0.0.0.255
access-list 1 permit 172.20.27.0 0.0.0.255
access-list 101 remark **** Antispoofing ****
access-list 101 permit ip 172.20.27.0 0.0.0.255 any
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 remark **** VPN ****
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 remark **** Ip pubblici aut. ****
access-list 101 permit ip ***.243.111.96 0.0.0.31 any
access-list 101 permit ip ***.209.214.160 0.0.0.31 any
access-list 101 remark **** Autorizzo ICMP ****
access-list 101 remark **** http://network-tools.com ****
access-list 101 permit icmp host 67.222.132.194 any
access-list 101 remark **** http://centralops.net/co/ ****
access-list 101 permit icmp host 70.84.211.98 any
access-list 101 remark **** Autorizzo ping esterni **
access-list 101 permit icmp any any echo-reply
access-list 101 remark **** Blocco tutto ICMP ****
access-list 101 deny icmp any any
access-list 101 remark **** Dns Telecom Opendns ****
access-list 101 permit udp host 151.99.0.100 eq domain any
access-list 101 permit udp host 208.67.222.222 eq domain any
access-list 101 permit udp host 208.67.220.220 eq domain any
access-list 101 remark **** Server NTP ****
access-list 101 permit udp host 193.204.114.232 eq ntp any
access-list 101 permit udp host 193.204.114.233 eq ntp any
access-list 101 remark **** Accesso VNC ovunque ****
access-list 101 permit tcp any any eq 5555
access-list 101 remark **** Pidgin Linux ****
access-list 101 permit tcp any any range 6881 6890
access-list 101 remark **** Amsn Linux ****
access-list 101 permit tcp any any range 6891 6900
access-list 101 remark **** WOL ****
access-list 101 permit udp any any eq 15458
access-list 101 remark **** Porte Emule ****
access-list 101 permit udp any any eq 38932
access-list 101 permit tcp any any eq 41233
access-list 101 remark **** Porte Torrent ****
access-list 101 permit udp any any eq 51413
access-list 101 permit tcp any any eq 51413
access-list 101 permit udp any any eq 63190
access-list 101 permit tcp any any eq 63190
access-list 101 permit tcp any any established
access-list 101 deny ip any any
access-list 158 permit ip 172.20.25.0 0.0.0.255 172.20.27.0 0.0.0.255
no cdp run
!
!
!
!
control-plane
!
!
line con 0
no modem enable
speed 115200
line aux 0
line vty 0 4
session-timeout 3600
privilege level 15
login local
transport input all
!
no scheduler max-task-time
ntp authentication-key 10 md5 151C1F1C0F2F32 7
ntp authenticate
ntp trusted-key 10
ntp clock-period 17175149
ntp master 10
ntp server 193.204.114.232
ntp server 193.204.114.233
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
