Cisco 877 vpn

[HdnLuca]

Salve a tutti,
sto provando a configurare un collegamento client-to-site con cisco 877.
La mia lan è una 192.168.1.x, il pc remoto è collegato ad un router 192.168.3.0 e la vpn assegna un indirizzo 192.168.2.0. Stavo provando a configurare un routing tra le lan ma nulla, avete consigli? Ciao grazie.

Current configuration : 4991 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$pir1$7jMZ6SwcaYrVZfX9njY28/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-1070015463
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1070015463
revocation-check none
rsakeypair TP-self-signed-1070015463
!
!
crypto pki certificate chain TP-self-signed-1070015463
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303730 30313534 3633301E 170D3032 30333031 30303035
31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30373030
31353436 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B4E0 53F9261E 84579AB5 6B67CC2F ECDFF6B3 229A4D40 D201BC9D 2EED0595
BB166BB6 55763FC0 E84ED7E9 50EEAAC4 3FD66685 E4F313B2 7058AC32 D5205C8F
DBEE7418 23AB065D D02F7AF9 54A23CD7 1644B884 5029D40D 210A3827 7D705835
7058C878 EC042F1D F1029BE1 ACCD8992 D97B0D0D ED97F5CB 89C1AF2A 9A531679
C56F0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14CA3D75 873E8B31 B679EDFD F3DB1C28 E8CCBF2C
37301D06 03551D0E 04160414 CA3D7587 3E8B31B6 79EDFDF3 DB1C28E8 CCBF2C37
300D0609 2A864886 F70D0101 04050003 81810011 885F33D5 5C914F5D 6114B6C3
CE162215 157A1D52 19794C81 E1EFAA13 792ABB8F A6DCEA2B 1B9BBFEC 810225B0
18B68F4E DAF83BF0 946BE3FC 0C8B00FA 482E1DCB A6285F2A F0B49E40 7569DEDB
793BD9C4 21689675 429326D6 D40FA0B5 14F143C4 6A77D229 08EDB6FD A5147BF3
BEE54C4D F4A054AA 23B43887 C004EA1F 6EA3A5
quit
username admin privilege 15 secret 5 $1$e7U0$alq/vfUHs9DdlplSfwaXN.
username dema secret 5 $1$GYmP$g7vdKIYr45UknQUyxLXS21
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Prova
key 8u545uhtwtjg89e0rtup4h89we
pool SDM_POOL_1
acl 100
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group Prova
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip address 88.XX.XX.XX 255.255.255.248
ip nat outside
ip virtual-reassembly
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
ip unnumbered ATM0.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 192.168.2.200 192.168.2.205
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

[Wizard]

Come al solito manca il nat0 e il routing