Hirdetés

Új hozzászólás Aktív témák

  • mogyesz

    aktív tag

    Hello,

    megint lenne egy kis gondom...

    otthoni ADSL, Cisco1841 router.
    próbáltam remote access vpn-t létrehozni, félig-meddig sikerült is. VPN felépül, ám nem tudok távolról egy belső IP-t sem pingelni / elérni.
    Egy nálam hozzáértőbb - gyakorlatilag szinte bárki - megnézné mi a gond?
    íme a conf:

    version 12.4
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname xxx.no-ip.org
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 80000 debugging
    no logging console
    enable secret 5 xxx
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login userauthen local
    aaa authorization exec default local
    aaa authorization network groupauthor local
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone CEST 1
    clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    ip subnet-zero
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.99
    ip dhcp excluded-address 192.168.1.201 192.168.1.254
    !
    ip dhcp pool lan
    import all
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    dns-server 192.168.1.1 8.8.8.8
    lease infinite
    !
    !
    no ip ftp passive
    ip domain name xxx.local
    ip name-server 192.168.1.1
    ip name-server 8.8.8.8
    ip name-server 8.8.4.4
    ip ssh time-out 60
    ip ddns update method no-ip
    HTTP
    add http://xxx:xxx@dynupdate.no-ip.com/nic/update?hostname=<h>
    interval maximum 0 0 5 0
    !
    login block-for 120 attempts 5 within 60
    vpdn enable
    !
    !
    !
    crypto pki trustpoint TP-self-signed-xxxx
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-xxxx
    revocation-check none
    rsakeypair TP-self-signed-xxxx
    !
    !
    crypto pki certificate chain TP-self-signed-xxxx
    certificate self-signed 01
    xxx
    quit
    username xx secret 5 xx.
    username xx privilege 15 secret 5 xxx
    !
    !
    !
    crypto isakmp policy 10
    encr aes 256
    authentication pre-share
    group 2
    lifetime 28800
    !
    crypto isakmp invalid-spi-recovery
    !
    crypto isakmp client configuration group xVPNGROUPx
    key xxx
    pool REMOTE_VPN_POOL
    acl split_tunnel
    crypto isakmp profile vpnclient
    match identity group xVPNGROUPx
    client authentication list userauthen
    isakmp authorization list groupauthor
    client configuration address respond
    !
    !
    crypto ipsec transform-set remote-set esp-3des esp-md5-hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set remote-set
    set isakmp-profile vpnclient
    reverse-route
    !
    !
    crypto map 101MAP 65535 ipsec-isakmp dynamic dynmap
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 192.168.1.1 255.255.255.0
    ip nbar protocol-discovery
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1402
    ip policy route-map btel
    duplex auto
    speed auto
    no cdp enable
    !
    interface FastEthernet0/1
    no ip address
    duplex auto
    speed auto
    pppoe enable group global
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Serial0/0/0
    no ip address
    shutdown
    clock rate 2000000
    !
    interface Serial0/0/1
    no ip address
    shutdown
    clock rate 2000000
    !
    interface Dialer1
    ip ddns update hostname xxx.no-ip.org
    ip ddns update no-ip
    ip address negotiated
    ip mtu 1492
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp chap refuse
    ppp ms-chap refuse
    ppp pap sent-username xxx@xxx.com password 0 xxx
    ppp ipcp dns request accept
    crypto map 101MAP
    !
    ip local pool REMOTE_VPN_POOL 192.168.3.1 192.168.3.50
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    !
    !
    no ip http server
    ip http secure-server
    ip nat inside source list 1 interface Dialer1 overload
    ip nat inside source list 10 interface Dialer1 overload
    ip nat inside source list NAT interface Dialer1 overload
    !
    ip access-list standard NAT
    permit 192.168.1.0 0.0.0.255
    !
    ip access-list extended split_tunnel
    permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255


    !
    logging history informational
    dialer-list 1 protocol ip permit
    no cdp run
    !
    route-map xxx permit 10
    match ip address policy-routing
    set interface Dialer1
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    password xxx
    logging synchronous
    line aux 0
    password xxx
    logging synchronous
    line vty 0 4
    exec-timeout 1200 0
    password xxx
    logging synchronous
    transport input ssh
    !
    ntp authenticate
    ntp clock-period 17178470
    ntp source FastEthernet0/0
    ntp master
    ntp update-calendar
    ntp server 148.6.0.1
    end

Új hozzászólás Aktív témák