CiscoForums.it

Cisco Users Group
https://www.ciscoforums.it/

vpn cisco 1801 e vpn client funziona tutto tranne ping

https://www.ciscoforums.it/viewtopic.php?f=16&t=11469

Pagina 1 di 1

vpn cisco 1801 e vpn client funziona tutto tranne ping

Inviato: ven 14 ago , 2009 4:38 pm
da kese87
ri eccomi a scrivere sul forum, finalmente riesco a salvare la config, adesso sono riuscito tramite un po di cisco e notizie sul forum a far funzionare la vpn tra il cisco 1801 e un client vpn cisco.

tutto funziona, riesco ad accedere ai servizi della rete principale ma, al ping mi risponde solo il router e non gli host della rete dietro al router.

qualcuno sa darmi una manina??

posto la configurazione altrimenti di cosa parliamo? :D

Codice: Seleziona tutto

sh ru
Building configuration...

Current configuration : 3494 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname *********
!
boot-start-marker
boot-end-marker
!
enable secret 5 *********
enable password *********
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local 
!
aaa session-id common
!
resource policy
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.199.96 172.16.199.254
!
ip dhcp pool voipsi
   import all
   network 172.16.199.0 255.255.255.0
   dns-server 88.149.128.12 208.67.222.222 
   domain-name *********.localdomain
   default-router 172.16.199.254 
   lease 0 2
!
!
ip domain name *********.localdomain
ip name-server 88.149.128.12
ip name-server 208.67.222.222
!
!
!
username admin privilege 15 password 0 *********
username kese87 password 0 ciao
!
! 
crypto logging session
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90

!
crypto isakmp client configuration group vpnuser
 key *********
 dns 208.67.222.222
 domain *********.localdomain
 pool vpnpool
 acl 158
 save-password
 split-dns *********.localdomain
 max-users 10
 max-logins 1
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac 
!
crypto dynamic-map remote-dyn 10
 set transform-set VPN-CLI-SET 
!
!
crypto map remotemap local-address Dialer0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn 
!
!
!
!
interface FastEthernet0
 ip address 192.168.5.253 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface BRI0
 no ip address
 ip broadcast-address 0.0.0.0
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
 no ip address
 ip broadcast-address 0.0.0.0
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.1 point-to-point
 no snmp trap link-status
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
!
interface Vlan1
 ip address 172.16.199.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
interface Dialer0
 ip address ********* 255.255.255.252
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username ********* password 0 *********
 crypto map remotemap
!
ip local pool vpnpool 172.16.254.1 172.16.254.254
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Dialer0 overload
!
access-list 101 deny   ip 172.16.199.0 0.0.0.255 172.16.254.0 0.0.0.255
access-list 101 permit ip 172.16.199.0 0.0.0.255 any
access-list 158 permit ip 172.16.199.0 0.0.0.255 172.16.254.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
 password *********
line vty 0 4
 password *********
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

che coglione che sono :D

Inviato: sab 15 ago , 2009 1:03 am
da kese87
funzionava tutto mi sono accorto solo ora, il problema era solo il firewall di windows.... ora sono molto piĆ¹ contento :D
Tutti gli orari sono UTC+01:00
Pagina 1 di 1

Creato da phpBB® Forum Software © phpBB Limited

Traduzione Italiana phpBB-Store.it