scrivo per chiedervi un aiuto per la risoluzione di un problema.
Connettendomi tramite vpn client da un pc verso il mio router la connessione vpn si stabilisce semnza problemi.
Dal pc riesco a pingare il router, ci entro per eventuali configurazione, e su tutti i server della rete.
Il problema nasce quando da un qualsiasi pc della rete o dal router provo a pingare il pc connesso tramite vpnclient.
Per caso è un problema di ACL o rotte??
Vi posto la config per eventuali soluzioni
Grazie mille
Codice: Seleziona tutto
Current configuration : 3362 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Security
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$h8y5$RiKGd2Nm1HRxC8XbophQH.
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
!
!
!
!
aaa session-id common
!
dot11 syslog
ip source-route
!
!
!
ip dhcp excluded-address xxx.xxx.xxx.254
ip dhcp excluded-address xxx.xxx.xxx.116
ip dhcp excluded-address xxx.xxx.xxx.1
ip dhcp excluded-address xxx.xxx.xxx.2
!
ip dhcp pool home-pool
network xxx.xxx.xxx.0 255.255.255.0
default-router xxx.xxx.xxx.254
dns-server 193.70.152.15 193.70.152.25
!
!
ip cef
ip name-server 193.70.152.15
ip name-server 193.70.152.25
ip ddns update method dyndns
HTTP
add http://xxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 28 0 0 0
!
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FCZ123813KU
username xxx privilege 15 password 7 000912140754
!
redundancy
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxx
key xxx
pool vpnpool
acl 102
!
!
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 1
set transform-set vpnset
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 1 ipsec-isakmp dynamic dynmap
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address xxx.xxx.xxx.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ip policy route-map nostatic
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Dialer0
mtu 1452
ip ddns update hostname xxx.dyndns.org
ip ddns update dyndns host xxx.dyndns.org
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp chap hostname xxx
ppp chap password 7 095F42080A0D
ppp pap sent-username xxx password 7 14041E0A1F0C
crypto map clientmap
!
ip local pool vpnpool 10.10.10.1 10.10.10.5
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source static tcp xxx.xxx.xxx.116 5001 interface Dialer0 5001
ip nat inside source route-map nonat interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging esm config
access-list 101 deny ip xxx.xxx.xxx.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip xxx.xxx.xxx.0 0.0.0.255 any
access-list 102 permit ip xxx.xxx.xxx.0 0.0.0.255 10.10.10.0 0.0.0.255
!
!
!
!
route-map nostatic permit 10
match ip address 102
set ip next-hop 1.1.1.2
!
route-map nonat permit 10
match ip address 101
!
!
!
!
control-plane
!
!
line con 0
password 7 1511021F0725
logging synchronous
line aux 0
line vty 0 4
password 7 094F471A1A0A
transport input telnet
!
scheduler allocate 20000 1000
end
Security#
