Ciao a tutti,
sono nuovo del sito e da poco ho iniziato ad affrontare le vpn, come primo "cliente" ho utilizzato me stesso per testare la funzionalità e le potenzialità della cosa.
tramite le guide che si trovano in rete sono riuscito a far connettere il client al server (router cisco 857), ma praticamente non riesco a fare niente...
Non ho accesso alle risorse locali, dal client vpn non pingo gli host, ma neppure dagli host si riesce a pingare il client vpn..
eppure ho controllato e ricontrollato tutto un sacco di volte ma non riesco a capire dove sbaglio..
C'è qualcuno che mi può dare una mano..?
posto la configurazione
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterAle
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret 5 $1$sXQC$RgF8bLg91nwepsMUIPxpl/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login VpnCasaNostra local
aaa authorization exec default local
aaa authorization network VpnCasaNostra local
!
!
aaa session-id common
clock timezone GMT+1 1
clock summer-time summertime recurring last Sun Mar 3:00 last Sun Oct 3:00
!
crypto pki trustpoint alessio
enrollment selfsigned
subject-name CN=cn=IOS-Self-Signed-Certificate-1286547895
revocation-check none
rsakeypair alessio
!
!
crypto pki certificate chain alessio
certificate self-signed 01
3082022F 308201D9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
61313230 30060355 04031329 636E3D49 4F532D53 656C662D 5369676E 65642D43
65727469 66696361 74652D31 32383635 34373839 35312B30 2906092A 864886F7
0D010902 161C4167 65536F66 6669616E 6F2E616C 69636562 7573696E 6573732E
6974301E 170D3131 30343230 31303430 33325A17 0D323030 31303130 30303030
305A3061 31323030 06035504 03132963 6E3D494F 532D5365 6C662D53 69676E65
642D4365 72746966 69636174 652D3132 38363534 37383935 312B3029 06092A86
4886F70D 01090216 1C416765 536F6666 69616E6F 2E616C69 63656275 73696E65
73732E69 74305C30 0D06092A 864886F7 0D010101 0500034B 00304802 4100BBBC
17AB6222 EAC5894C C3B249A3 766341D4 25F4B80B B7FA8E42 8B1C0DC7 758DAE92
A4F3BDE6 680E4DA7 3FCD909A 4DB92F46 B0554FB7 A733BB8B 70C1A904 38E90203
010001A3 7C307A30 0F060355 1D130101 FF040530 030101FF 30270603 551D1104
20301E82 1C416765 536F6666 69616E6F 2E616C69 63656275 73696E65 73732E69
74301F06 03551D23 04183016 80146A1E E2912AE8 86778ADC 7B9F6CE3 A6F44D2E
D84B301D 0603551D 0E041604 146A1EE2 912AE886 778ADC7B 9F6CE3A6 F44D2ED8
4B300D06 092A8648 86F70D01 01040500 03410089 336DAD89 CA7BE32E C8C01650
D4A2CE4F C8A33272 0352AB90 BBD8C314 B6681CED 34E1C153 1EB59802 F83B923A
371232DA ED165794 FD83AD33 1C407B31 5009A7
quit
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.0.1 192.168.0.99
!
ip dhcp pool DHCP
import all
network 192.168.0.0 255.255.255.0
dns-server 151.99.125.1 151.99.0.100
default-router 192.168.0.1
domain-name Cisco857DHCP
!
!
ip cef
ip inspect log drop-pkt
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall ftp
ip inspect name firewall sqlnet
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name Cisco857DHCP
ip name-server 151.99.125.1
ip name-server 151.99.0.100
login block-for 3000 attempts 3 within 60
login on-failure log
login on-success log
!
!
!
username alessio privilege 15 password 7 135247020A1F173D14252E30
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Vpn
key xxxxxxxxxx
dns 151.99.125.1
pool vpnpool
acl 101
max-logins 1
netmask 255.255.255.0
!
!
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
!
crypto dynamic-map casamap 1
set transform-set esp-3des-sha
reverse-route
!
!
crypto map ccasamap client authentication list VpnCasaNostra
crypto map ccasamap isakmp authorization list VpnCasaNostra
crypto map ccasamap client configuration address respond
crypto map ccasamap 65535 ipsec-isakmp dynamic casamap
!
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh source-interface ATM0
ip ssh version 1
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode adsl2+
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1444
!
interface Dialer0
description Alice Adsl
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp chap hostname [email protected]
ppp chap password 7 014456145A1815181E4D480A
ppp pap sent-username [email protected] password 7 08761C5E080A16002D0A0A07
crypto map ccasamap
!
ip local pool vpnpool 192.168.1.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.255.0 Vlan1
!
no ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer0 overload
ip nat inside source route-map nonat interface Dialer0 overload
!
!
access-list 15 permit 192.168.0.0 0.0.0.255 log
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 111 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
route-map nonat permit 65535
match ip address 111
!
!
control-plane
!
banner motd ^CC
**************************************************
* FAMIGLIA FRIZZI FABBRI *
* Rete privata 192.168.0.0 uso domestico *
* *
* Locazione: Camerina Armadio: Libreria *
* Router: Cisco mod.857 sn.FCZ120892KG *
* IpAddr. 192.168.0.1 *
* Ogni accesso NON autorizzato sara' perseguito *
* e vi verranno pure tagliati i cosiddetti .. *
* quindi OCCHIO..!! *
**************************************************^C
!
line con 0
no modem enable
line aux 0
line vty 0 1
password 7 110A0B1C140012
transport input ssh
line vty 2 4
access-class 15 in
password 7 094F5C101A170E
transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.232
end
ciao e grazie a tutti.