La mia necessità è una performante connessione ADSL2 (e dici poco) e una VPN con il Netasq in ufficio. Vorrei che le due reti si vedessero completamente, da ogni ip a ogni ip.
Inoltre, non so come mai, il ping passando da uno Zyxel scrausissimo è peggiorato di circa 8ms, passando da 18 a 26. In VPN addirittura supero i 50. Premetto che qui ho una Tiscali 24/1 Business ed in ufficio una fibra a 100mbit.
Mi potete dare una mano, dando una ripulita alla seguente configurazione e lasciando solo l'indispensabile? Io ho fatto un pò di copia e incolla da vari tutorial, vi lascio immaginare il risultato. Però funziona! ;
La mia rete locale è 192.168.103.x (WAN 82.85.x.y), la rete in ufficio è 192.168.100.x (WAN 83.103.w.z).
Codice: Seleziona tutto
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname _____________
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
memory-size iomem 10
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-_________
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-_________
revocation-check none
rsakeypair TP-self-signed-_________
!
!
crypto pki certificate chain TP-self-signed-_________
certificate self-signed 01
bla bla bla
quit
ip source-route
!
!
!
!
ip cef
ip domain name __________
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn _____________
license agent notify http://192.168.103.37:9710/clm/servlet/HttpListenServlet dummy dummy 2.0
!
!
username _____________ privilege 15 secret 5 ________
!
!
!
!
!
!
crypto isakmp policy 30
encr 3des
hash md5
authentication pre-share
lifetime 43200
crypto isakmp key ________ address 83.103.w.z no-xauth
!
!
crypto ipsec transform-set patra esp-des esp-md5-hmac
!
crypto map main 20 ipsec-isakmp
set peer 83.103.w.z
set transform-set patra
match address 111
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.103.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname _____
ppp chap password 0 _____
ppp pap sent-username _____ password 0 _____
crypto map main
!
ip default-gateway 82.85.x.y
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 102 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 30 remark Hosts per telnet
access-list 30 permit 192.168.0.0 0.0.255.255
access-list 102 remark NAT Acl
access-list 102 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.103.0 0.0.0.255 any
access-list 111 remark ACL x VPN verso ufficio
access-list 111 permit ip 192.168.103.0 0.0.0.255 192.168.0.0 0.0.255.255
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
!
endUn'ultima cosa: perché non mi prende la linea
no crypto isakmp ccm
che andava benissimo con un 837?
