cisco 1751 aiuto vpn

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
renato1984
n00b
Messaggi: 2
Iscritto il: gio 13 mar , 2014 10:46 pm

salve volevo che qualcuno mi aiutasse a configurare una vpn con questo router e sbloccare il vpn di windows server 2003, se instauro una connessione con indirizzo ip della rete riesco a collegarmi al vpn del mio server invece da indirizzo ip pubblico no.. perche??

comunque mi interessa configurare il cisco come server vpn e fare connessioni anche dal telefonino ..

grazie vi posto la mia attuale configurazione
Building configuration...

Building configuration...

Current configuration : 7478 bytes
!
! Last configuration change at 00:22:38 UTC Mon Mar 24 2014
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
no logging buffered
!
username xxx privilege 15 password 0 xxx
memory-size iomem 25
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa session-id common
ip subnet-zero
!
!
ip name-server 79.29.45.54
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool Elabsistemi.it
import all
network 192.168.1.0 255.255.255.0
domain-name elabsistemi.it
dns-server 151.99.0.100
default-router 192.168.1.1
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group VPN
key 0 renatotassone
pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
crypto dynamic-map SDM_DYNMAP_2 1
set transform-set ESP-3DES-SHA1
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
crypto map SDM_CMAP_2 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_2 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_2 client configuration address respond
crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2
!
!
!
!
interface FastEthernet0/0
description Lan$ETH-LAN$
ip address 192.168.1.1 255.255.255.0
ip access-group sdm_fastethernet0/0_in_100 in
ip access-group sdm_fastethernet0/0_out out
ip nat inside
ip tcp adjust-mss 1412
speed auto
no keepalive
crypto map SDM_CMAP_2
!
interface BRI0/0
no ip address
shutdown
!
interface ATM1/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM1/0.4 point-to-point
pvc 8/35
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface Dialer2
ip address xxxxxxxx 255.255.255.0
ip access-group sdm_dialer2_in in
ip access-group sdm_dialer2_out out
ip mtu 1452
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxx
ppp chap password 0 xxxxxx
ppp pap sent-username xxxxxxxx password 0 xxxxx
!
ip local pool SDM_POOL_1 10.0.0.1 10.0.0.100
ip nat inside source list nat interface Dialer2 overload
ip nat inside source static tcp 192.168.1.10 43 interface Dialer2 43
ip nat inside source static tcp 192.168.1.10 1423 interface Dialer2 1423
ip nat inside source static tcp 192.168.1.10 80 interface Dialer2 80
ip nat inside source static tcp 192.168.1.10 21 interface Dialer2 21
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer2
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list extended nat
remark SDM_ACL Category=18
permit tcp 192.168.1.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
permit icmp 192.168.1.0 0.0.0.255 any
ip access-list extended sdm_dialer2_in
remark SDM_ACL Category=1
permit tcp any host 79.29.45.158 eq whois
permit tcp any host 79.29.45.158 eq 1423
permit tcp host 192.168.1.10 host 79.29.45.158 eq www
permit ip any any
permit tcp host 192.168.1.10 host 79.29.45.158 eq ftp
permit tcp any eq www host 79.29.45.158 eq www
ip access-list extended sdm_dialer2_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_fastethernet0/0_in_100
remark SDM_ACL Category=1
permit ip host 10.0.0.1 any
permit ip host 10.0.0.2 any
permit ip host 10.0.0.3 any
permit ip host 10.0.0.4 any
permit ip host 10.0.0.5 any
permit ip host 10.0.0.6 any
permit ip host 10.0.0.7 any
permit ip host 10.0.0.8 any
permit ip host 10.0.0.9 any
permit ip host 10.0.0.10 any
permit ip host 10.0.0.11 any
permit ip host 10.0.0.12 any
permit ip host 10.0.0.13 any
permit ip host 10.0.0.14 any
permit ip host 10.0.0.15 any
permit ip host 10.0.0.16 any
permit ip host 10.0.0.17 any
permit ip host 10.0.0.18 any
permit ip host 10.0.0.19 any
permit ip host 10.0.0.20 any
permit ip host 10.0.0.21 any
permit ip host 10.0.0.22 any
permit ip host 10.0.0.23 any
permit ip host 10.0.0.24 any
permit ip host 10.0.0.25 any
permit ip host 10.0.0.26 any
permit ip host 10.0.0.27 any
permit ip host 10.0.0.28 any
permit ip host 10.0.0.29 any
permit ip host 10.0.0.30 any
permit ip host 10.0.0.31 any
permit ip host 10.0.0.32 any
permit ip host 10.0.0.33 any
permit ip host 10.0.0.34 any
permit ip host 10.0.0.35 any
permit ip host 10.0.0.36 any
permit ip host 10.0.0.37 any
permit ip host 10.0.0.38 any
permit ip host 10.0.0.39 any
permit ip host 10.0.0.40 any
permit ip host 10.0.0.41 any
permit ip host 10.0.0.42 any
permit ip host 10.0.0.43 any
permit ip host 10.0.0.44 any
permit ip host 10.0.0.45 any
permit ip host 10.0.0.46 any
permit ip host 10.0.0.47 any
permit ip host 10.0.0.48 any
permit ip host 10.0.0.49 any
permit ip host 10.0.0.50 any
permit ip host 10.0.0.51 any
permit ip host 10.0.0.52 any
permit ip host 10.0.0.53 any
permit ip host 10.0.0.54 any
permit ip host 10.0.0.55 any
permit ip host 10.0.0.56 any
permit ip host 10.0.0.57 any
permit ip host 10.0.0.58 any
permit ip host 10.0.0.59 any
permit ip host 10.0.0.60 any
permit ip host 10.0.0.61 any
permit ip host 10.0.0.62 any
permit ip host 10.0.0.63 any
permit ip host 10.0.0.64 any
permit ip host 10.0.0.65 any
permit ip host 10.0.0.66 any
permit ip host 10.0.0.67 any
permit ip host 10.0.0.68 any
permit ip host 10.0.0.69 any
permit ip host 10.0.0.70 any
permit ip host 10.0.0.71 any
permit ip host 10.0.0.72 any
permit ip host 10.0.0.73 any
permit ip host 10.0.0.74 any
permit ip host 10.0.0.75 any
permit ip host 10.0.0.76 any
permit ip host 10.0.0.77 any
permit ip host 10.0.0.78 any
permit ip host 10.0.0.79 any
permit ip host 10.0.0.80 any
permit ip host 10.0.0.81 any
permit ip host 10.0.0.82 any
permit ip host 10.0.0.83 any
permit ip host 10.0.0.84 any
permit ip host 10.0.0.85 any
permit ip host 10.0.0.86 any
permit ip host 10.0.0.87 any
permit ip host 10.0.0.88 any
permit ip host 10.0.0.89 any
permit ip host 10.0.0.90 any
permit ip host 10.0.0.91 any
permit ip host 10.0.0.92 any
permit ip host 10.0.0.93 any
permit ip host 10.0.0.94 any
permit ip host 10.0.0.95 any
permit ip host 10.0.0.96 any
permit ip host 10.0.0.97 any
permit ip host 10.0.0.98 any
permit ip host 10.0.0.99 any
permit ip host 10.0.0.100 any
permit udp any host 192.168.1.1 eq non500-isakmp
permit udp any host 192.168.1.1 eq isakmp
permit esp any host 192.168.1.1
permit ahp any host 192.168.1.1
permit ip any any
ip access-list extended sdm_fastethernet0/0_out
remark SDM_ACL Category=1
permit ip any any
dialer-list 1 protocol ip permit
!
radius-server authorization permit missing Service-Type
!
line con 0
speed 115200
line aux 0
line vty 0 4
transport input telnet ssh
!
!
end
Rispondi