configurazione CLIENT vpn l2tp-ipsec

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
consultazione
Cisco pathologically enlightened user
Messaggi: 203
Iscritto il: lun 31 ott , 2005 6:10 pm

vorrei configurare un router per fare da client l2tp/ipsec

ho provato varie configurazioni, ma non va, il tunnel viene distrutto

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system usbflash0:c2800nm-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
l2tp-class l2tpclass1
hidden
authentication
password ***********CHIAVE_PRE_SHARED************
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
redundancy
!
!
pseudowire-class pwclass1
encapsulation l2tpv2
protocol l2tpv2 l2tpclass1
ip local interface GigabitEthernet0/0
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 81.xx.xx.75 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto


interface Virtual-PPP1
ip address negotiated
ip mtu 1460
ip flow ingress
ip flow egress
ip virtual-reassembly in
ip tcp adjust-mss 1420
ppp chap hostname ******USERNAME********
ppp chap password 0 ******PASSWORD********
pseudowire ******SERVER_VPN_IP******* 10 pw-class pwclass1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

i dati che ho sono:
- nome utente
- password
- ip del server vpn
- chiave precondivisa


avevo fatte varie prove senza successo, questa e' una delle ultime.. stavo provando a far dialogare il client (questo) con il server (un altro router) stesso in rete locale, senza uscire su internet per escludere problemi esterni ma non va

mi date una mano ?
vi posso postare anche la configurazione del server vpn, che funziona bene, infatti posso connettermi da pc windows, linux, cellualare android ecc senza problemi
Ultima modifica di consultazione il lun 31 lug , 2017 11:14 pm, modificato 1 volta in totale.
consultazione
Cisco pathologically enlightened user
Messaggi: 203
Iscritto il: lun 31 ott , 2005 6:10 pm

questa e' la configurazione del server vpn (funzionante)
version 15.1
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot system flash c2800nm-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
!
enable secret 5 ...............................
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization network default local if-authenticated
!
!
!
!
!
aaa session-id common
!
clock timezone Rome 1 0
clock summer-time Rome recurring last Sun Mar 2:00 last Sun Oct 3:00
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip name-server 151.99.0.100
ip name-server 151.99.125.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!+
archive
log config
hidekeys
username YYYYYYYYYYYYY password 0 XXXXXXXXXXXXXXX


!
redundancy
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ***********CHIAVE_PRE_SHARED**************** address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set ipnetconfig esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map ipnetconfig-map 10
set nat demux
set transform-set ipnetconfig
!
!
crypto map cisco 10 ipsec-isakmp dynamic ipnetconfig-map
!
!
!
!
!
!
interface GigabitEthernet0/0
description lan interna
ip address 192.168.14.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description lan pubblica
ip address 81.xx.xx.74 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map cisco
!

interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
ip nat inside
ip virtual-reassembly in
peer default ip address pool poolipnetconfig
ppp encrypt mppe 40
ppp authentication ms-chap-v2
!
ip local pool poolipnetconfig 192.168.14.50 192.168.14.100
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool BB 81.xx.xx.74 81.xx.xx.74 netmask 255.255.255.248
ip nat inside source list 20 pool BB overload
ip route 0.0.0.0 0.0.0.0 81.xx.xx.73
!
access-list 20 permit 192.168.0.0 0.0.255.255
no cdp run
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 240 0
transport input none
!
scheduler allocate 20000 1000
ntp server 212.45.144.88 prefer
end



mi date una mano a configurare un router come client vpn a questo server?
grazie mille
Rispondi