sono nuovo del forum e vi saluto tutti. Vorrei chiedervi aiuto su una situazione che non riesco a risolvere.
Rete:
ROUTER (78.x.x.x wan e 192.168.1.1 vlan) - RETE LAN 1 (192.168.1.x) - ROUTER CISCO (192.168.1.3 wan e 192.168.10.1 vlan) - RETE LAN 2 (192.168.10.x)
Caratteristiche:
- tutte le due reti hanno netmask 255.255.255.0
- il router 192.168.1.1 a cui non ho accesso natta 1:1 l'ip pubblico su 192.168.1.3 (router cisco)
- il router cisco è un vecchio 851 con IOS c850-advsecurityk9-mz.124-9.T7.bin
- il router cisco gestisce 2 PPTP, una come client "vpdn-group 1" (per accedere ai due server 192.168.2.10 e 192.168.254.10) all'atro capo della VPN e una come server "vpdn-group 2" ai cui client assegna il pool 192.168.10.200 - 192.168.10.205.
Configurazione attiva:
Codice: Seleziona tutto
!
! Last configuration change at 11:19:17 GMT+1 Thu Feb 10 2011 by michael
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname spazio4u
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
clock timezone GMT+1 1
clock summer-time SUMMER-TIME recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip gratuitous-arps
no ip dhcp use vrf connected
!
ip dhcp pool my-dhcp-pool
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 208.67.222.222
!
!
ip cef
ip multicast-routing
vpdn enable
!
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip xxx.xxx.xxx.xxx
!
vpdn-group 2
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
username michael privilege 15 password 0 xxxxxxxx
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN Interface
ip address 192.168.1.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Virtual-Template1
description PPTP Server Interface
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly
ip mroute-cache
peer default ip address pool dial-in
no keepalive
ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
description Inside Interface
ip address 192.168.10.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
description PPTP Client Interface
mtu 1450
ip address 192.168.20.10 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp chap hostname xxxxxx
ppp chap password 0 xxxxxxx
!
ip local pool dial-in 192.168.10.200 192.168.10.205
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.2.10 255.255.255.255 Dialer0
ip route 192.168.254.10 255.255.255.255 Dialer0
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source static tcp 192.168.10.1 1723 interface FastEthernet4 1723
!
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 101 deny ip any 192.168.20.0 0.0.0.255 log
access-list 101 deny ip any host 192.168.254.10 log
access-list 101 deny ip any host 192.168.2.10 log
access-list 101 permit ip any any
access-list 102 permit ip any 192.168.20.0 0.0.0.255
access-list 102 permit ip any host 192.168.254.10
access-list 102 permit ip any host 192.168.2.10
access-list 102 deny ip any any log
no cdp run
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 1 in
privilege level 15
login local
transport input ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.105
end
- entrando in PPTP da fuori la rete sul router cisco, l'accesso va a buon fine, mi viene assegnato l'ip 192.168.10.200, riesco a pingare 192.168.10.1 ma non il resto della RETE LAN 2 (192.168.10.x) e neanche la RETE LAN 1 (192.168.1.x)
- ho provato a fare un nat con "ip nat inside source static tcp 192.168.1.2 22 interface FastEthernet4 22" ma alla connessione SSH non riesco a raggiungere l'host indicato.
Come sicuramente potete capire ho poca conoscenza di configurazione cisco, sono poche settimane che ci provo da autoditatta. Spero possiate darmi una mano a risolvere il problema.
Grazie.
