dovrei configurare una VPN con client verso un 1801, ho provato a configurare il tutto, la VPN sale riesco a pingare la loopback ma non il resto della rete..
ecco la mia conf:
Codice: Seleziona tutto
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group cVPN
key !Cl0udVPN!
pool SDM_POOL_1
acl 101
crypto isakmp profile ciscocp-ike-profile-1
match identity group cVPN
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address respond
virtual-template 5
!
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set VPN-CLI-SET
set isakmp-profile ciscocp-ike-profile-1
!
!
!
!
ip tcp synwait-time 10
no ip rcmd domain-lookup
ip rcmd rcp-enable
ip rcmd remote-host sdmRc721ddb5 10.69.69.1 Lc721ddb5 enable
ip rcmd remote-username sdmRc721ddb5
!
!
!
interface Loopback4
ip address 10.70.70.254 255.255.255.0
!
interface Null0
no ip unreachables
!
interface ATM0
description ADSL - TGU: xxxxxxxxxxx
mtu 1500
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$
mtu 1500
ip address 85.x.x.x 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip mroute-cache
pvc 8/35
encapsulation aal5snap
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
shutdown
!
interface FastEthernet0
description $FW_INSIDE$
ip address 82.x.x.x 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
!
interface FastEthernet1
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface Virtual-Template5 type tunnel
ip unnumbered Loopback4
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
description $FW_INSIDE$
ip address 10.69.69.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
ip local pool SDM_POOL_1 10.70.70.1 10.70.70.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip nat inside source list 100 interface ATM0.1 overload
!
logging trap debugging
access-list 2 remark HTTP Access-class list
access-list 2 permit 82.188.254.8 0.0.0.7
access-list 2 permit 10.69.69.0 0.0.0.255
access-list 2 deny any
access-list 100 remark *** ACL PER PAT ***
access-list 100 deny ip 10.69.69.0 0.0.0.255 10.70.70.0 0.0.0.255
access-list 100 permit ip 82.188.254.8 0.0.0.7 any
access-list 100 permit ip 10.69.69.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=4
access-list 101 permit ip 10.69.69.0 0.0.0.255 any
access-list 101 permit ip 10.69.69.0 0.0.0.255 10.70.70.0 0.0.0.255
no cdp run
!
!
!
!
!
!
control-plane
!
banner login ^CMOTD^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
transport input telnet ssh
!
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
