testato che funzionava(il ping dal router verso internet) ho creato la vpn e ora la situazione è:
VPN= OK
router = ping internet (ovviamente) OK
Pc dietro router= VPN OK
pc dietro router= internet = NO
dal router con il ping normale pingo verso internet mentre con le estese e
selezionando vlan1 NON pingo verso internet
Cosa ho sbagliato?
Grazie a chi voglia darmi un aiuto!
Codice: Seleziona tutto
ip dhcp pool mypoolDHCP
network 192.168.3.0 255.255.255.0
domain-name mxxxxx
dns-server 192.168.1.21 151.99.125.2
default-router 192.168.3.1
lease infinite
!
!
ip cef
ip domain name yourdomain.com
ip name-server 151.99.125.2
ip name-server 208.67.222.222
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
!
crypto isakmp policy 3
authentication pre-share
crypto isakmp key XXXXXXXXX address 94.xxx.xxx.xxx 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel XXXX.XXX.XXX.XXXX
set peer 94.XXX.XXX.XXX
set transform-set ESP-3DES-SHA
match address 100
!
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
ip access-group 3 in
ip access-group 3 out
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.3.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer1
ip address negotiated
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 7 1108150C14170A081726
ppp pap sent-username aliceadsl password 7 060703284F4B081D161B
crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 3600000
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.3.0 0.0.0.255
access-list 3 remark INSIDE_IF=Vlan1
access-list 3 remark CCP_ACL Category=3
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 23 permit 94.XXX.XXX.XXX
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 deny ip 192.168.3.0 0.0.0.255 any
access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CCC