ho un problema con il suddetto collegamento.
La VPN e' su ma non riesco a raggiungere la rete 192.168.2.0
Codice: Seleziona tutto
RouterVPN#show crypto isakmp sa
dst src state conn-id slot status
95.240.xxx.133 82.90.xxx.145 QM_IDLE 26 0 ACTIVE
Codice: Seleziona tutto
RouterVPN#show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0
Session status: UP-ACTIVE
Peer: 82.90.xxx.145 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 82.90.xxx.145
Desc: (none)
IKE SA: local 95.240.xxx.133/500 remote 82.90.xxx.145/500 Active
Capabilities:(none) connid:37 lifetime:00:58:49
IPSEC FLOW: permit ip 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 135 drop 0 life (KB/Sec) 4484157/3530
Outbound: #pkts enc'ed 118 drop 0 life (KB/Sec) 4484160/3530
Codice: Seleziona tutto
RouterVPN#show running-config
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterVPN
!
boot-start-marker
boot-end-marker
!
enable password 7 xxxxxxxxxxxxxxx
!
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
ip cef
!
!
!
!
username admin privilege 15 password 7 xxxxxxxxxxxxxxx
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key xxxxxxxx address 82.90.xxx.145 no-xauth
!
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto map VPN 10 ipsec-isakmp
set peer 82.90.xxx.145
set transform-set vpn
match address 115
!
!
!
interface FastEthernet0
ip address 95.240.xxx.133 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPN
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 95.240.xxx.133
no ip http server
no ip http secure-server
!
ip nat inside source route-map nonat interface FastEthernet0 overload
!
!
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
route-map nonat permit 10
match ip address 110
control-plane
!
banner login ^C*****************************************************************
* *
* Authorized access only *
* Disconnect IMMEDIATELY if you are not an authorized user! *
* *
*****************************************************************^C
!
line con 0
line 1
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
login local
!
end
