Cisco 837 e Alice 7M

[[email protected]]

Ciao a tutti, sono qui per sottoporvi una problematica raccapricciante e che ancora non sono riuscito a risolvere;
Ho a casa una rete di 4 computer che escono su internet tramite un Cisco 837 ver IOS 12.4(21).
Il problema è il seguente:
2 PC vanno perfettamente, mentre gli altri 2 pc (e anche altri) vanno solo su Google e basta.
Premetto che funziona il telnet sulla porta 80, la posta e il mulo.
Ho provato anche un pc con linux, ma nada. Ho anche cambiato con un altro Cisco 837 che avevo in azienda, ma il problema rimane.
Ora ho messo un routerino dg834 della Netgear e non ho nessun problema.
Funziona anche se collego i pc al Cisco e gli faccio fare routing verso il Netgear.
Il problema ce l'ho da Venerdi senza aver cambiato la configurazione.
Grazie per l'eventuale aiuto.
Mario

Configurazione Cisco 837:

version 12.4
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Router_Casa
!
boot-start-marker
boot-end-marker
!
no logging console
no logging monitor
enable secret 5 XXX
enable password XXX
!
aaa new-model
!
!
aaa authentication login LISTA-UTENTI local
aaa authorization network GRUPPO-UTENTI-VPN local
!
aaa session-id common
clock timezone LEGALE 1
clock summer-time LEGALE recurring last Sat Mar 2:00 last Sat Oct 3:00
!
ip nbar pdlm flash://sip.pdlm
ip nbar pdlm flash://rtp-124.pdlm
ip nbar pdlm flash://rtcp.pdlm
!
ip nbar custom adiotcpbt tcp 59000
ip nbar custom adioudpbt udp 59000
ip nbar custom ftp tcp 21
no ip dhcp use vrf connected
ip dhcp excluded-address 10.20.0.1 10.20.0.9
ip dhcp excluded-address 10.20.0.253 10.20.0.254

ip dhcp pool casa
import all
network 10.20.0.0 255.255.255.0
update dns
default-router 10.20.0.1
dns-server 85.37.17.47
!
ip dhcp pool pc-adio
host 10.20.0.11 255.255.255.0
client-identifier xxxx.xxxx.xxxx.xx
client-name adio
!
ip dhcp pool pc-mario
host 10.20.0.10 255.255.255.0
client-identifier xxxx.xxxx.xxxx.xx
client-name mario
!
!
ip dhcp update dns both
ip cef
ip name-server 85.37.17.47
ip name-server 151.99.125.3
ip inspect name LOW icmp
ip inspect name LOW tcp
ip inspect name LOW udp
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip ddns update method DNS
HTTP
add http://xxx:[email protected]/nic/u ... h>&myip=<a>
interval maximum 2 0 0 0
!
!
!
!
username xxx privilege 15 password 7 xxx
!
!
ip ssh time-out 15
ip ssh version 2
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2

crypto isakmp client configuration group GRUPPO-UTENTI-VPN
key xxx
pool VPN-CLIENT-POOL
crypto isakmp profile VPNclient
match identity group GRUPPO-UTENTI-VPN
client authentication list LISTA-UTENTI
isakmp authorization list GRUPPO-UTENTI-VPN
client configuration address respond
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map VPNDYNAMIC 10
set transform-set ESP-3DES-SHA
set isakmp-profile VPNclient
!
crypto map VPN 10 ipsec-isakmp dynamic VPNDYNAMIC
!
!
interface Ethernet0
ip address 10.20.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly max-reassemblies 64
hold-queue 100 out
!

interface ATM0
no ip address
load-interval 30
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto

interface Dialer0
ip ddns update hostname xxx
ip ddns update DNS host xxx
ip address negotiated
ip access-group 101 in
ip nat outside
ip inspect LOW out
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
ppp pap sent-username xxx password 7 xxx
crypto map VPN

!
ip local pool VPN-CLIENT-POOL 172.18.10.10 172.18.10.50
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
no ip http secure-server
!
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat inside source list 140 interface Dialer0 overload
!

logging trap errors
access-list 1 permit 192.168.3.4
access-list 1 permit 172.18.10.0 0.0.0.255
access-list 1 permit 10.20.0.0 0.0.0.255
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit udp host 193.204.114.233 eq ntp any eq ntp
access-list 101 permit udp host 85.37.17.47 eq domain any
access-list 101 permit udp host 151.99.125.3 eq domain any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit tcp host 62.149.130.88 eq ftp-data any
access-list 101 permit gre any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit esp any any
access-list 101 permit udp any eq isakmp any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip host 219.142.154.205 any
access-list 101 deny ip host 221.232.169.222 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 140 deny ip 10.20.0.0 0.0.0.255 172.18.10.0 0.0.0.255
access-list 140 permit ip 10.20.0.0 0.0.0.255 any
no cdp run
!
control-plane
!
line con 0
exec-timeout 0 0
password 7 xxx
no modem enable
stopbits 1
speed 115200
line aux 0
line vty 0 4
access-class 1 in
login authentication LISTA-UTENTI
transport preferred ssh
transport input ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.233 version 3
end

[[email protected]]

Grazie alla soluzione di questo articolo http://www.ciscoforums.it/viewtopic.php?t=10382 ho risolto il problema.
Ciao a tutti