Ciao a tutti,
da qualche giorno cerco di mettere su una vpn, su linea adsl (telecom e tiscali con ip statici) tra due le 2 sedi della mia azienda utilizzando cisco 2801 e cisco 1801.
L'adsl funziona perfettamente, la vpn sempre DOWN. Mi date una mano a comprendere il mio errore?? 
Vi ringrazio
Fabio 
queste sono le configurazioni da ma impostate:
ROUTER 1 LINEA TISCALI
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname host
!
boot-start-marker
boot system flash:c2801-advipservicesk9-mz.124-16.bin
boot-end-marker
!
enable secret 5 $1$IJY3caHg44DpbtWDLLL6PnZ3.
!
no aaa new-model
network-clock-participate wic 2
ip cef
!
!
!
!
ip name-server 213.205.32.70
ip name-server 213.205.36.70
!
!
voice-card 0
username user privilege 15 password 7 e74305070B070A5F2F1F1C594850
!
!
ip tcp mss 1460
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key KEY address 95.XXX.XXX.XXX #ip altro punto
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map mymap 10 ipsec-isakmp
 set peer 95.XXX.XXX.XXX #ip altro punto
 set transform-set myset
 match address 100
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 hold-queue 100 out
!
interface Service-Engine0/0
 no ip address
 shutdown
interface FastEthernet0/1
 ip address 192.168.69.50 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface ATM0/1/0
 description Atm line
 no ip address
 no ip route-cache cef
 no ip route-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0/1/0.1 point-to-point
 no ip route-cache
 no snmp trap link-status
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface BRI0/2/0
 no ip address
!
interface BRI0/2/1
 no ip address
interface Dialer0
 ip address negotiated
 ip nat outside
 no ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp chap hostname [email protected]
 ppp chap password 7 06575D7DD81B5F
 ppp pap sent-username [email protected] password 7 124DDD44465E5A
 crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.69.0 0.0.0.255
access-list 100 permit ip 192.168.69.0 0.0.0.255 192.168.5.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 66
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
 exec-timeout 120 0
 login local
!
scheduler allocate 20000 1000
end
ROUTER 2 LINEA TELECOM
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
boot system flash:c180x-adventerprisek9-mz.124-15.T.bin
service password-encryption
!
hostname host2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$yrdM$I28UV2ee333ByuUNqbjT8F51
!
no aaa new-model
!
!
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key KEY address 217.XXX.XXX.XXX # ip altro punto
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map mymap 10 ipsec-isakmp
 set peer 217.XXX.XXX.XXX # ip linea tiscali
 set transform-set myset
 match address 100
!
!
!
ip cef
!
!
ip name-server 8.8.8.8
ip name-server 151.99.125.1
!
multilink bundle-name authenticated
username utente privilege 15 password 7 070C714F441509471C585E547B7E
archive
 log config
  hidekeys
!
!
ip tcp mss 1460
!
!
!
interface FastEthernet0
 ip address 192.168.5.4 255.255.255.0 secondary
 ip address 192.168.60.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 hold-queue 100 out
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface ATM0
 description ATM line
 no ip address
 no ip route-cache cef
 no ip route-cache
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 no ip route-cache
 no snmp trap link-status
 pvc 8/35
  encapsulation aal5snap
  protocol ppp dialer
  dialer pool-member 1
 !
!
interface Vlan1
 no ip address
!
interface Dialer0
 ip address negotiated
 ip nat outside
 no ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp pap sent-username XXXX-USER @alicebiz.it password 7 0000000000C0E0410
 crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source list 2 interface Dialer0 overload
!
access-list 1 permit 192.168.60.0 0.0.0.255
access-list 2 permit 192.168.5.0 0.0.0.255
access-list 100 permit ip 192.168.5.0 0.0.0.255 192.168.69.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 exec-timeout 120 0
 login local
            
			
									
									
						VPN site-to-site semmpre down
Moderatore: Federico.Lagni
- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Ciao.
Posta il risultato dei comandi
Paolo
            
			
									
									Posta il risultato dei comandi
Codice: Seleziona tutto
show crypto isakmp sa
show crypto ipsec saNon cade foglia che l'inconscio non voglia (S.B.)
						- 
				marfab
- n00b
- Messaggi: 11
- Iscritto il: mer 11 feb , 2015 12:15 pm
Grazie per la celere risposta:
di seguito quanto richiesto.
Router1 linea telecom:
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
IPv6 Crypto ISAKMP SA
sh crypto ipsec sa
interface: Dialer0
Crypto map tag: mymap, local addr 95.XXX,XXX,XXX
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
current_peer 217.XXX.XXX.XXX port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 95.XXX.XXX.XXX, remote crypto endpt.: 217.XXX.XXX.XXX
path mtu 1500, ip mtu 1500, ip mtu idb Dialer0
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access2
Crypto map tag: mymap, local addr 0.0.0.0
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
current_peer 217.XXX.XXX.XXX port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 0.0.0.0, remote crypto endpt.: 217.XXX.XXX.XXX
path mtu 1500, ip mtu 1500, ip mtu idb Virtual-Access2
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
sh crypto session
Crypto session current status
Interface: Virtual-Access2
Session status: DOWN
Peer: 217.XXX.XXX.XXX port 500
IPSEC FLOW: permit ip 192.168.5.0/255.255.255.0 192.168.69.0/255.255.255.0
Active SAs: 0, origin: crypto map
Interface: Dialer0
Session status: DOWN
Peer: 217.XXX.XXX.XXX port 500
IPSEC FLOW: permit ip 192.168.5.0/255.255.255.0 192.168.69.0/255.255.255.0
Active SAs: 0, origin: crypto map
ROUTER 2 Linea Tiscali
#sh crypto isakmp sa
dst src state conn-id slot status
#sh crypto ipsec sa
interface: Dialer0
Crypto map tag: mymap, local addr 217.XXX.XXX.XXX
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
current_peer 95.XXX.XXX.XXX port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 217.XXX.XXX.XXX, remote crypto endpt.: 95.XXX.XXX.XXX
path mtu 1500, ip mtu 1500, ip mtu idb Dialer0
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access2
Crypto map tag: mymap, local addr 0.0.0.0
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
current_peer 95.XXX.XXX.XXX port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 0.0.0.0, remote crypto endpt.: 95.XXX.XXX.XXX
path mtu 1492, ip mtu 1492, ip mtu idb Virtual-Access2
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
#sh crypto session
Crypto session current status
Interface: Dialer0
Session status: DOWN
Peer: 95.XXX.XXX.XXX port 500
IPSEC FLOW: permit ip 192.168.69.0/255.255.255.0 192.168.5.0/255.255.255.0
Active SAs: 0, origin: crypto map
Interface: Virtual-Access2
Session status: DOWN
Peer: 95.XXX.XXX.XXX port 500
IPSEC FLOW: permit ip 192.168.69.0/255.255.255.0 192.168.5.0/255.255.255.0
Active SAs: 0, origin: crypto map
outbound pcp sas:
TI ringrazio per la disponibilità.
            
			
									
									
						di seguito quanto richiesto.
Router1 linea telecom:
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
IPv6 Crypto ISAKMP SA
sh crypto ipsec sa
interface: Dialer0
Crypto map tag: mymap, local addr 95.XXX,XXX,XXX
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
current_peer 217.XXX.XXX.XXX port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 95.XXX.XXX.XXX, remote crypto endpt.: 217.XXX.XXX.XXX
path mtu 1500, ip mtu 1500, ip mtu idb Dialer0
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access2
Crypto map tag: mymap, local addr 0.0.0.0
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
current_peer 217.XXX.XXX.XXX port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 0.0.0.0, remote crypto endpt.: 217.XXX.XXX.XXX
path mtu 1500, ip mtu 1500, ip mtu idb Virtual-Access2
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
sh crypto session
Crypto session current status
Interface: Virtual-Access2
Session status: DOWN
Peer: 217.XXX.XXX.XXX port 500
IPSEC FLOW: permit ip 192.168.5.0/255.255.255.0 192.168.69.0/255.255.255.0
Active SAs: 0, origin: crypto map
Interface: Dialer0
Session status: DOWN
Peer: 217.XXX.XXX.XXX port 500
IPSEC FLOW: permit ip 192.168.5.0/255.255.255.0 192.168.69.0/255.255.255.0
Active SAs: 0, origin: crypto map
ROUTER 2 Linea Tiscali
#sh crypto isakmp sa
dst src state conn-id slot status
#sh crypto ipsec sa
interface: Dialer0
Crypto map tag: mymap, local addr 217.XXX.XXX.XXX
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
current_peer 95.XXX.XXX.XXX port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 217.XXX.XXX.XXX, remote crypto endpt.: 95.XXX.XXX.XXX
path mtu 1500, ip mtu 1500, ip mtu idb Dialer0
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access2
Crypto map tag: mymap, local addr 0.0.0.0
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
current_peer 95.XXX.XXX.XXX port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 0.0.0.0, remote crypto endpt.: 95.XXX.XXX.XXX
path mtu 1492, ip mtu 1492, ip mtu idb Virtual-Access2
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
#sh crypto session
Crypto session current status
Interface: Dialer0
Session status: DOWN
Peer: 95.XXX.XXX.XXX port 500
IPSEC FLOW: permit ip 192.168.69.0/255.255.255.0 192.168.5.0/255.255.255.0
Active SAs: 0, origin: crypto map
Interface: Virtual-Access2
Session status: DOWN
Peer: 95.XXX.XXX.XXX port 500
IPSEC FLOW: permit ip 192.168.69.0/255.255.255.0 192.168.5.0/255.255.255.0
Active SAs: 0, origin: crypto map
outbound pcp sas:
TI ringrazio per la disponibilità.
- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Non cade foglia che l'inconscio non voglia (S.B.)
						- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Hai risolto?
            
			
									
									Non cade foglia che l'inconscio non voglia (S.B.)
						- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Non restituisce niente il debug? Hai provato a pingare la parte remota della VPN con il debug attivo?
Paolo
            
			
									
									Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
						- 
				marfab
- n00b
- Messaggi: 11
- Iscritto il: mer 11 feb , 2015 12:15 pm
Si, Paolo, ho provato a pingare un pc remoto (anche la stessa fast0 del router remoto) affinche si inizializzasse la vpn.
Il comando debug crypto isakmp non restituisce nessun debug.
Ho riconfigurato il router decine di volte.
Hai notato errori nella configurazione che a me sono sfuggiti??
Potrebbe dipendere dalla versione ios?
O come ti dicevo prima, dall'impstazione dell'mtu?
grazie per l'attenzione
Fabio
            
			
									
									
						Il comando debug crypto isakmp non restituisce nessun debug.
Ho riconfigurato il router decine di volte.
Hai notato errori nella configurazione che a me sono sfuggiti??
Potrebbe dipendere dalla versione ios?
O come ti dicevo prima, dall'impstazione dell'mtu?
grazie per l'attenzione
Fabio
- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
L'unica cosa che mi viene in mente è che l'IOS non supporta IPsec site-to-site. Sicuro che ha tale features?
MTU non dovrebbe inibire l'avvio della sezione.
Paolo
            
			
									
									MTU non dovrebbe inibire l'avvio della sezione.
Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
						- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Ho rivisto la configurazione, l'unico errore che ho visto è che devi escludere dal NAT i pacchetti della VPN.
            
			
									
									Non cade foglia che l'inconscio non voglia (S.B.)
						- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Penso che il problema sta li  . Cancella la ACL 2 e creane una estesa che non fa nattare la comunicazione tra gli IP della VPN, e natta tutto il resto
. Cancella la ACL 2 e creane una estesa che non fa nattare la comunicazione tra gli IP della VPN, e natta tutto il resto
Paolo
            
			
									
									 . Cancella la ACL 2 e creane una estesa che non fa nattare la comunicazione tra gli IP della VPN, e natta tutto il resto
. Cancella la ACL 2 e creane una estesa che non fa nattare la comunicazione tra gli IP della VPN, e natta tutto il restoPaolo
Non cade foglia che l'inconscio non voglia (S.B.)
						- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Hai provato?
            
			
									
									Non cade foglia che l'inconscio non voglia (S.B.)
						- 
				marfab
- n00b
- Messaggi: 11
- Iscritto il: mer 11 feb , 2015 12:15 pm
Ciao Paolo,
scusami per il ritardo ma ero fuori sede.
Le mie configurazioni ora sono queste:
.
Linea telecom
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key CHIAVE address 217.XXX.XXX.XXX
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 217.XXX.XXX.XXX
set transform-set myset
match address VPN-ACL
.
.
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended VPN-ACL
permit ip 192.168.5.0 0.0.0.255 192.168.69.0 0.0.0.255
!
access-list 1 permit 192.168.60.0 0.0.0.255
Linea Tiscali
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key CHIAVE address 95.XXX.XXX.XXX
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 95.XXX.XXX.XXX
set transform-set myset
match address VPN-ACL
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended VPN-ACL
permit ip 192.168.69.0 0.0.0.255 192.168.5.0 0.0.0.255
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
il resto rimane invariato.
Purtroppo rimane invariato anche il fatto che la VPN resta down. 
   
 
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
IPv6 Crypto ISAKMP SA
#sh crypto ipsec sa
interface: Dialer0
Crypto map tag: mymap, local addr 95.224.56.126
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
current_peer 217... port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 95..., remote crypto endpt.: 217...
path mtu 1500, ip mtu 1500, ip mtu idb Dialer0
current outbound spi: 0x0(0)
            
			
									
									
						scusami per il ritardo ma ero fuori sede.
Le mie configurazioni ora sono queste:
.
Linea telecom
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key CHIAVE address 217.XXX.XXX.XXX
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 217.XXX.XXX.XXX
set transform-set myset
match address VPN-ACL
.
.
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended VPN-ACL
permit ip 192.168.5.0 0.0.0.255 192.168.69.0 0.0.0.255
!
access-list 1 permit 192.168.60.0 0.0.0.255
Linea Tiscali
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key CHIAVE address 95.XXX.XXX.XXX
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 95.XXX.XXX.XXX
set transform-set myset
match address VPN-ACL
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended VPN-ACL
permit ip 192.168.69.0 0.0.0.255 192.168.5.0 0.0.0.255
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
il resto rimane invariato.
Purtroppo rimane invariato anche il fatto che la VPN resta down.
 
   
 sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
IPv6 Crypto ISAKMP SA
#sh crypto ipsec sa
interface: Dialer0
Crypto map tag: mymap, local addr 95.224.56.126
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.5.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.69.0/255.255.255.0/0/0)
current_peer 217... port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 95..., remote crypto endpt.: 217...
path mtu 1500, ip mtu 1500, ip mtu idb Dialer0
current outbound spi: 0x0(0)
- 
				paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Che IOS hai?
Paolo
            
			
									
									Paolo
Non cade foglia che l'inconscio non voglia (S.B.)
						
