problemi server vpn cisco887

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
hardwareservice
n00b
Messaggi: 2
Iscritto il: ven 29 lug , 2011 8:53 pm

Salve, sono nuovo in questo forun e nel modo cisco.
sto attualmente iniziando il corso CCNA Security e di mio volevo iniziare a configurare il Cisco che ho acquistato per l'ufficio.
Siccome possiedo una line alice business, ho dovuto configurare il Cisco in cascata con l'alice gate.
Il mio problema è che pur procedendo alla configurazione del router come server VPN tramite CCP, non riesco a raggiungere la sede tramite il software cisco client sul pc.
Ho eliminato anche la configurazione del firewall credendo di aver bloccato qualcosa.
allego la configurazione attuale del mio apparato.

grazie



Current configuration : 5055 bytes
!
! Last configuration change at 10:41:36 UTC Wed Aug 10 2011 by Valentino
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FoY/$WV7eDKvKvUJdavvIGSp6G/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-425874897
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-425874897
revocation-check none
rsakeypair TP-self-signed-425874897
!
!
crypto pki certificate chain TP-self-signed-425874897
certificate self-signed 01
30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323538 37343839 37301E17 0D313130 38303931 39343734
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3432 35383734
38393730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
F9980221 C855F32A 33E6353E 3F65DCF8 3E9AFBA0 43491088 58782423 9E31C48D
DC34DD8F 4CF3B753 6FEC4D6F 1573B8CB FD4B81B9 CE275F3B 0D64CDCE F3B40704
B072827B 679979CD F41283B8 195D3230 81C3DC7E 083D0F4C 35DD92F7 0A7FECAF
76FDF384 DDBAC937 49E5C78D 9A3ADCB9 31613C73 C49829CF 16883B01 CC378D51
02030100 01A36E30 6C300F06 03551D13 0101FF04 05300301 01FF3019 0603551D
11041230 10820E72 312E6873 6D6F676F 726F2E69 74301F06 03551D23 04183016
80144AF9 7C094C13 3D3C0063 B9CA9CC9 58260EAA B11F301D 0603551D 0E041604
144AF97C 094C133D 3C0063B9 CA9CC958 260EAAB1 1F300D06 092A8648 86F70D01
01040500 03818100 79CFFAAF 122638FC 9C4ABAD7 153A758F 4F945984 62D509B3
158F798E 6D31D301 64EB6A16 0E96164A 8BEF2BB7 57334152 F3E43ADD A2B2C87D
86472DCF 9B4C9A2A C9745AD2 716D009C 7C2FEA21 5A632E7A FD410332 30458659
7F6A8CD9 6065C360 78D533BD 9383CDF1 BF237EA7 05482896 AC984035 0755F33C
2E1351F2 6EAD69F6
quit
ip source-route
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.99
ip dhcp excluded-address 192.168.2.151 192.168.2.254
!
ip dhcp pool DHCP_INTERNO
import all
network 192.168.2.0 255.255.255.0
dns-server 151.99.0.100 151.99.125.2
default-router 192.168.2.1
!
!
ip cef
no ip domain lookup
ip domain name hsmogoro.it
no ipv6 cef
!
!
license udi pid CISCO887-K9 sn FCZ1520C2X7
!
!
username Valentino privilege 15 secret 5 $1$5n3Z$zPfmaRwzqcGYgHbeKTstn1
username remoto01 secret 5 $1$8W.f$Ixf0k6FTZGeMgL4sUMVH70
!
!
ip ssh authentication-retries 2
ip ssh logging events
ip ssh version 2
zone security LAN
zone security INTERNET
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Vpn-Access
key hardwareservice
pool SDM_POOL_2
max-users 10
netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
match identity group Vpn-Access
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 86400
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
!
!
bridge irb
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 10
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
ip unnumbered BVI1
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
no ip address
bridge-group 1
!
interface Vlan10
no ip address
bridge-group 10
!
interface BVI1
description $FW_OUTSIDE$
ip address 192.168.1.254 255.255.255.0
ip nat outside
ip virtual-reassembly
!
interface BVI10
description $FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool SDM_POOL_1 192.168.2.100 192.168.2.150
ip local pool SDM_POOL_2 192.168.2.180 192.168.2.200
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source route-map SDM_RMAP_1 interface BVI1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip access-list extended NAT_ENABLE
permit ip 192.168.2.0 0.0.0.255 any
!
logging 192.168.1.3
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address NAT_ENABLE
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner motd ^CCAccesso non Autorizzato^C
!
line con 0
exec-timeout 5 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 5 0
transport input all
!
scheduler max-task-time 5000
end
Rispondi