salve,
ho un pix con vpn client che per 2 anni ha funzionato benissimo, chiedendo username e password ad ogni collegamento.
Ultimamente ho installato un'altro pix in un'altra sede ed ho configurato la vpn tra i due ed il tutto funziona ma da quel momento il client vpn non ha chiesto piu' lo username.
avete idee in merito?
teko
vpnclient non chiede piu' utente
Moderatore: Federico.Lagni
-
MaiO
- Messianic Network master
- Messaggi: 1083
- Iscritto il: sab 15 ott , 2005 10:55 am
- Località: Milano
- Contatta:
Ha il show run in merito?
Ciao
Ciao
-=] MaiO [=-
-
teko
- n00b
- Messaggi: 5
- Iscritto il: mar 15 nov , 2005 12:37 pm
ciao,
ometto le parti che non ci interessano e posto solo la parte relativa all' ipsec.
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 30 set transform-set myset
crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 110
crypto map newmap 10 set peer y.y.y.y
crypto map newmap 10 set transform-set myset
crypto map newmap 20 ipsec-isakmp
crypto map newmap 20 match address 120
crypto map newmap 20 set peer z.z.z.z
crypto map newmap 20 set transform-set myset
crypto map newmap 30 ipsec-isakmp dynamic dynmap
crypto map newmap interface outside
crypto map dynmap client configuration address initiate
crypto map dynmap client configuration address respond
crypto map dynmap client authentication LOCAL
isakmp enable outside
isakmp key torete1 address y.y.y.y netmask 255.255.255.255
isakmp key tovpncl address 0.0.0.0 netmask 0.0.0.0
isakmp key torete2 address z.z.z.z netmask 255.255.255.255
isakmp identity address
isakmp client configuration address-pool local pptp-pool outside
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
vpngroup vpnclient address-pool pptp-pool
vpngroup vpnclient dns-server 10.1.1.3
vpngroup vpnclient wins-server 10.1.1.3
vpngroup vpnclient default-domain cisco.it
vpngroup vpnclient split-tunnel tunnel-acl
vpngroup vpnclient idle-time 1800
vpngroup vpnclient password vpnpassword
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
console timeout 0
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client configuration dns 10.1.1.3
vpdn group 1 client configuration wins 10.1.1.3
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username test password test
vpdn enable outside
username test password test privilege 2
terminal width 80
saluti
teko
ometto le parti che non ci interessano e posto solo la parte relativa all' ipsec.
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 30 set transform-set myset
crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 110
crypto map newmap 10 set peer y.y.y.y
crypto map newmap 10 set transform-set myset
crypto map newmap 20 ipsec-isakmp
crypto map newmap 20 match address 120
crypto map newmap 20 set peer z.z.z.z
crypto map newmap 20 set transform-set myset
crypto map newmap 30 ipsec-isakmp dynamic dynmap
crypto map newmap interface outside
crypto map dynmap client configuration address initiate
crypto map dynmap client configuration address respond
crypto map dynmap client authentication LOCAL
isakmp enable outside
isakmp key torete1 address y.y.y.y netmask 255.255.255.255
isakmp key tovpncl address 0.0.0.0 netmask 0.0.0.0
isakmp key torete2 address z.z.z.z netmask 255.255.255.255
isakmp identity address
isakmp client configuration address-pool local pptp-pool outside
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption des
isakmp policy 30 hash md5
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
vpngroup vpnclient address-pool pptp-pool
vpngroup vpnclient dns-server 10.1.1.3
vpngroup vpnclient wins-server 10.1.1.3
vpngroup vpnclient default-domain cisco.it
vpngroup vpnclient split-tunnel tunnel-acl
vpngroup vpnclient idle-time 1800
vpngroup vpnclient password vpnpassword
telnet 10.1.1.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 60
console timeout 0
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client configuration dns 10.1.1.3
vpdn group 1 client configuration wins 10.1.1.3
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username test password test
vpdn enable outside
username test password test privilege 2
terminal width 80
saluti
teko
