Credo di aver risolto ...
Ho ripristinato le configurazioni dei router alle semplici connessioni adsl.
Ho trovato molto utile la seguente documentazione:
http://www.cisco.com/c/en/us/td/docs/io ... 1632258F65
Quindi l'ho applicata al mio caso ...
Ora devo testare le condivisioni, oltre poi a integrare regole di firewall ecc ... ma quello è un altro discorso, per il quale chiederò sicuramente aiuto in questo forum.
Linea Tiscali
.
.
authentication pre-share
group 2
crypto isakmp key CHIAVE address 95.X.X.X
!
!
crypto ipsec transform-set T1 esp-3des esp-sha-hmac
!
crypto ipsec profile P1
set transform-set T1
!
!
!
!
!
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
ip ospf mtu-ignore
load-interval 30
tunnel source 217.X.X.X
tunnel destination 95.X.X.X
tunnel mode ipsec ipv4
tunnel protection ipsec profile P1
.
.
ip route 192.168.60.0 255.255.255.0 Tunnel0
Linea Telecom
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key CHIAVE address 217.X.X.X
!
!
crypto ipsec transform-set T1 esp-3des esp-sha-hmac
!
crypto ipsec profile P1
set transform-set T1
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
ip ospf mtu-ignore
load-interval 30
tunnel source 95.X.X.X
tunnel destination 217.X.X.X
tunnel mode ipsec ipv4
tunnel protection ipsec profile P1
ip route 192.168.0.0 255.255.255.0 Tunnel 0
#sh crypto session
Crypto session current status
Interface: Tunnel0
Session status: UP-ACTIVE
Peer: 95.X.X.X port 500
IKE SA: local 217.X.X.X/500 remote 95.X.X.X/500 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
o#sh crypto isakmp sa
dst src state conn-id slot status
95.X.X.X 217.X.X.X QM_IDLE 1 0 ACTIVE
#sh crypto ipsec sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 217.X.X.X
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 95.X.X.X port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 24, #pkts encrypt: 24, #pkts digest: 24
#pkts decaps: 23, #pkts decrypt: 23, #pkts verify: 23
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 217.X.X.X, remote crypto endpt.: 95.X.X.X
path mtu 1514, ip mtu 1514, ip mtu idb Tunnel0
current outbound spi: 0xF3377CCF(4080499919)
inbound esp sas:
spi: 0xC0440187(3225682311)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 3003, flow_id: FPGA:3, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4502154/2439)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
Paolo pensi che l'applicazione della crypto map direttamente sulla Dialer0, come facevo in precedenza, possa non produrre gli effetti desiderati con connessioni adsl nostrane??