Mi accodo a questo post per non appensantire il thread, dal momento che ho un prob simile.
Ho 2 cisco 837 configurati in modo da navigare via ADSL, e da questo punto funzionano (per ora). Adesso sto impazzendo per farli funzionare in VPN-site-to-site. La VPN funziona, riesco a pingare i pc da entrambi i lati, PERÒ quando accedo alle cartelle condivise o cerco di trasferire file la conn diventa lentissima/instabile/casca. Posto la conf di uno dei due router (depurata dei dati sensibili). Vi chiedo aiuto perché sto incominciando a disperare...
=====
AUTHORIZED ACCESS ONLY
This system is the property of XXX S.R.L.
Disconnect IMMEDIATELY as you are not an authorized user!
Contact
[email protected]
Be an Hacker, not a Cracker!
User Access Verification
Username: XXX
Password:
router2#show run
Building configuration...
Current configuration : 4708 bytes
!
! Last configuration change at 18:07:45 Berlin Fri Mar 10 2006 by XXX
! NVRAM config last updated at 15:42:16 Berlin Fri Mar 10 2006
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router2
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$3Un/$ThZa2aEE5ic.QG46UV63D.
!
username XXX privilege 15 secret 5 XXX
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
no aaa new-model
ip subnet-zero
!
!
ip tcp mss 1460
ip tcp synwait-time 10
ip name-server 212.216.112.112
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key XXX address XXX.255.XXX.182
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toXXX.255.XXX.182
set peer XXX.255.XXX.182
set transform-set ESP-3DES-SHA
match address 100
!
!
!
!
interface Ethernet0
description $FW_INSIDE$
ip address XXX.168.X.1 255.255.255.0
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXX
ppp chap password 7 XXX
ppp pap sent-username XXX password 7 105A1B100112000C5B53
crypto map SDM_CMAP_1
!
ip nat translation timeout 900
ip nat translation tcp-timeout 900
ip nat inside source static udp XXX.168.X.11 48911 interface Dialer0 48911
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static tcp XXX.168.X.30 13308 interface Dialer0 13308
ip nat inside source static udp XXX.168.X.30 13308 interface Dialer0 13308
ip nat inside source static udp XXX.168.X.30 48910 interface Dialer0 48910
ip nat inside source static tcp XXX.168.X.30 48910 interface Dialer0 48910
ip nat inside source static udp XXX.168.X.30 48557 interface Dialer0 48557
ip nat inside source static tcp XXX.168.X.30 48557 interface Dialer0 48557
ip nat inside source static udp XXX.168.X.30 4672 interface Dialer0 4672
ip nat inside source static tcp XXX.168.X.30 4662 interface Dialer0 4662
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
logging trap debugging
logging XXX.168.X.1
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit XXX.168.X.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip XXX.168.X.0 0.0.0.255 XXX.115.XXX.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip XXX.168.X.0 0.0.0.255 XXX.115.XXX.0 0.0.0.255
access-list 101 permit ip XXX.168.X.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
privilege level 15
login local
length 0
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler interval 500
!
end
=====