CISCO 877 client cisco

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
dmdworks
n00b
Messaggi: 2
Iscritto il: mar 05 giu , 2012 4:37 pm

Salve a tutti. ho un grosso problema con la creazione di una vpn con un 877. premettendo che sono un neofita e autodidatta, sono però riuscito a configurare il router con tutti i parametri e ad attivare la VPN. Attraverso il cisco client la connessione viene effettuata correttamente, ma una volta connesso non riesco a esplorare la rete. come errore di ritorno ottengo sul log del client "errore 160 impossibile stabilire la route". ho cercato errori simili e ho applicato le varie correzioni, ma ho sempre lo stesso risultato. ho provato da pc con client 64 e 32 bit, sia seven che xp. Sinceramente non so più come uscirne. spero qualcuno possa aiutarmi. se serve posto sia configurazione che log del client. Grazie in anticipo a tutti quanti!
Rizio
Messianic Network master
Messaggi: 1158
Iscritto il: ven 12 ott , 2007 2:48 pm
Contatta:

Parti dal presupposto che non sò nulla di VPN però devi postare la configurazione perchè così la vedo dura per tutti aiutarti.

Rizio
Si vis pacem para bellum
dmdworks
n00b
Messaggi: 2
Iscritto il: mar 05 giu , 2012 4:37 pm

Current configuration : 6110 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$LWu/$vgt0EiwWVm81ZQekRA87c/
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization network groupauthor local
!

aaa session-id common
clock timezone CET 1
clock summer-time ROMA recurring last Sun Mar 2:00 last Sun Oct 2:00
!
crypto pki trustpoint TP-self-signed-3780572656
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3780572656
revocation-check none
rsakeypair TP-self-signed-3780572656
!
!
crypto pki certificate chain TP-self-signed-3780572656
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373830 35373236 3536301E 170D3032 30333031 30333037
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37383035
37323635 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A6C8 053075B5 C52FDDBF 0B1303E1 0B69A44E 27783262 CBEDEC5D 352FC8FF
3E444749 E21F472C B8092937 46262969 3B73234C 98CDC351 CD6F87F2 3895F278
35C0B49C 5568058D 7F7019E3 90513DA2 C98716A1 02D08A25 0FDEFFB4 D358514C
9DECA472 C9DDBF85 9E9C3C54 26AD6992 00DC974E 7AEA6CEC BDFDBD94 D488BE2D
2E7D0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
551D1104 1A301882 16434953 434F4E45 5743532E 6E657763 732E6C6F 63616C30
1F060355 1D230418 30168014 50AA3BF7 8228B1BF ACB73EF7 5BB6BE8B 2FD13AEE
301D0603 551D0E04 16041450 AA3BF782 28B1BFAC B73EF75B B6BE8B2F D13AEE30
0D06092A 864886F7 0D010104 05000381 81006653 8152093C 39417B12 4E071AEF
79923903 D58342A9 4D6ECF2F 4E59A97E 596192F3 795146C9 B7A4496C E099ACCB
585A8C9A D062400D 4E89408B 14F48D62 3929624B 1AB1FC32 93B1F30E 4B4C4C25
AE75CE42 0696D617 3008C836 0FDEC479 98C4DFE6 A6BFBCDB DD2D0B67 FC2430D9
6A3B01AA 54D0780A 0C786BE7 FB50C31D C150
quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.254
!
ip dhcp pool XXXXXXXX
import all
network 192.168.0.0 255.255.255.0
dns-server 151.99.125.2 151.99.0.100
default-router 192.168.0.254
domain-name XXXXXXXXXXXX
!
!
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall icmp
ip inspect name firewall telnet
ip inspect name firewall rcmd
no ip domain lookup
ip domain name XXXXXXXXXX
ip name-server 151.99.125.2
ip name-server 151.99.100.1
ip name-server 83.37.17.55
ip name-server 85.38.28.93
!
!
!
username XXXXXXXXXXX privilege 15 password 0 XXXXXXXXXXX
username XXXXXXX password 0 XXXXXXXXX
username XXXXXXX password 0 XXXXXXXXX
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group XXXXXXXXX
key XXXXXXXX
dns 10.10.10.1
wins 10.10.10.1
domain xxxxxxxxxxx
pool xxxxxxx
acl 101
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
!
!
crypto map clientmap client authentication list default
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
!
!
!
interface Loopback0
no ip address
!
interface ATM0
no ip address
no ip unreachables
no ip proxy-arp
no ip route-cache cef
no ip route-cache
no atm ilmi-keepalive
dsl sync interval 60
dsl operating-mode auto
!
interface ATM0.4 point-to-point
description $ES_WAN$
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 2
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $Interfaccia per gestione remota via HTTP$
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Vlan2
description Internal LAN
ip address 10.10.10.91 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
crypto map clientmap
!
interface Dialer1
ip address XXXXXXXXXXXXX 255.255.255.0
ip access-group 100 in
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp pap sent-username XXXXXXXXXXXXXXXXXX password 0 XXXXXXXXX
crypto map clientmap
!
ip local pool test 10.10.10.92 10.10.10.99
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation pptp-timeout 420
ip nat translation icmp-timeout 1
ip nat translation max-entries 1000
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list 100 interface Dialer1 overload
ip nat inside source list 112 interface Vlan2 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq 9000
access-list 100 permit tcp any any eq pop3
access-list 100 permit ip any any
access-list 100 permit tcp any any eq telnet
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
access-list 111 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 permit ip any any
access-list 112 permit ip 192.168.0.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 112 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
transport output telnet ssh
!
scheduler max-task-time 5000
end

ecco la configurazione del router. Non l'ho postata prima perchè non ce l'avevo sotto mano.sicuramente ci saranno un sacco di errori e strafalcioni, ma come ridico è configurato da un'autodidatta.

Saluti e grazie a chiunque voglia darmi una mano
Rispondi