vpn - client 1841

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
scansione
Cisco fan
Messaggi: 32
Iscritto il: mer 30 mag , 2012 8:38 pm
Località: Provincia di MB

ciao a tutti
ho configurato una connessione vpn client, da browser accedo al router, altri device presenti sulla rete remota non riesco a pingarli.
qualche idea?

hostname c1841
!
boot-start-marker
boot-end-marker
!
enable password 7 <removed>
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
!
aaa session-id common
ip cef
!
!
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.10.1 192.168.10.99
!
ip dhcp pool villadhcp
network 192.168.10.0 255.255.255.0
domain-name cisco
default-router 192.168.10.1
dns-server 88.149.128.12 88.149.128.22
lease infinite
!
!
ip name-server 88.149.128.12
ip name-server 88.149.128.22
vpdn enable
!
!
!
crypto pki trustpoint TP-self-signed-2088314514
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2088314514
revocation-check none
rsakeypair TP-self-signed-2088314514
!
!
crypto pki certificate chain TP-self-signed-2088314514
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303838 33313435 3134301E 170D3132 30363131 31343035
33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30383833
31343531 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100ED72 C845F091 83389465 81888AAD AAF6EBD9 804425D9 737E405B A6E69E71
83E94C57 FE21E17C 0EE66F87 95928F47 D786CEFD 7AD21130 93E1741A 1BD945B3
BE4AE9EB 20DB5B87 DF4A6536 7E46465E 956B2C37 8345B15F 4987B441 45ED959B
995ACC24 44947301 A335410E 8089DB64 B2EE0BFF C55B12B8 BA3BCF54 4F7D088C
382D0203 010001A3 65306330 0F060355 1D130101 FF040530 030101FF 30100603
551D1104 09300782 05633138 3431301F 0603551D 23041830 168014E0 9214FC25
12D1E1DF EAB9703D A7A8BDE3 F1E84430 1D060355 1D0E0416 0414E092 14FC2512
D1E1DFEA B9703DA7 A8BDE3F1 E844300D 06092A86 4886F70D 01010405 00038181
0041CFB7 01B3BFE3 B68BD58A B3C5AC14 980A81C0 4922BCF5 CD8ACB85 387FD70E
E0B76C88 EFE0FB38 90AF373F 44D58C05 4EE768DB D5EECBF8 F8769026 A210F711
3A3BE839 BAABE75D 9668D19B 65096FB9 8BC4B7C0 4B36E3A3 CEC57730 33EB251E
4E97E75A 7775674E 6AC61050 4876111D DD5FF5BF D688063C 81931FA6 45651326 9C
quit
username xxxxxx privilege 15 password 0 <removed>
username xxxxxxxx privilege 15 secret 5 <removed>
username xxxxxxxx privilege 11 secret 5 <removed>
archive
log config
hidekeys
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local SDM_POOL_1
!
crypto isakmp client configuration group XXXXXXXXXX
key XXXXXXXXXX
dns 88.149.128.12 88.149.128.22
pool SDM_POOL_1
acl 100
include-local-lan
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list ciscocp_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list ciscocp_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0/0
description ADSL Lan interface$ES_LAN$
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
description ADSL WAN EOLO
no ip address
no ip redirects
no ip proxy-arp
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dialer1
description ADSL WAN Dialer
ip address negotiated
no ip unreachables
ip mtu 1400
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXX
ppp chap password 0 XXXXXXX
ppp pap sent-username XXXXXXXXXX password 0 XXXXXXxX
ppp ipcp route default
crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.10.145 192.168.10.165
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source static tcp 192.168.10.31 7000 interface Dialer1 7000
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
!
access-list 10 remark CCP_ACL Category=16
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=2
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.145
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.146
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.147
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.148
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.149
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.150
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.151
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.152
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.153
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.154
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.155
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.156
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.157
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.158
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.159
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.160
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.161
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.162
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.163
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.164
access-list 101 deny ip 192.168.10.0 0.0.0.255 host 192.168.10.165
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
!
control-plane
!

!
line con 0
line aux 0
line vty 0 4

grazie
in anticipo
Rispondi