[ west_herc @ 12.03.2008. 13:49 ] @
Cjenjene kolege, imam jedan problemcic Naime radi se o VPN-u. Kako sam na seriji 1800 iskonfigurirao DDDNS, PPPOE (Adsl) i rješio VPN konekciju javio mi se sljedeći problem. Uredno se spojim sa VPN klijentom u svoju mrežu, ali VIŠE SA RAČUNALOM SA KOJEG SAM SE SPOJIO NE MOGU SURFATI PO NETU! P.S. Kako imam VPN POOL ADRESA i moj Vpn klijent dobije tu jednu privatnu adresu, ja mogu pingati samo ruter, ostalo ništa (poruka requested timed out). Kompijutori unutar moje mreže u koju se spajam surfaju bez problema, jer sam im napravio nat overload preko interfejsa dialer 0. Donosim i konfiguraciju pa bih Vas zamolio da mi pogledate! KONFIGURACIJA: Code: version 12.4 service timestamps debug datetime msec localtime show-timezone year service timestamps log datetime msec localtime show-timezone year service password-encryption ! hostname my-house ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 logging console critical ! aaa new-model ! ! aaa authentication login default local aaa authentication login my_vpn_xauth local aaa authorization exec default local aaa authorization network my_vpn_group local ! ! aaa session-id common ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPN_my key grupa22cic03lj84 pool VPN_POOL acl 110 max-users 20 netmask 255.255.255.0 crypto isakmp profile sdm-ike-profile-1 match identity group VPN_my client authentication list my_vpn_xauth isakmp authorization list my_vpn_group client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set ipsec_transset esp-3des esp-sha-hmac ! crypto ipsec profile ipsec_profile set transform-set ipsec_transset set isakmp-profile sdm-ike-profile-1 ! ! ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.1.1.1 10.1.1.10 ! ip dhcp pool my-house import all network 10.1.1.0 255.255.255.0 default-router 10.1.1.1 dns-server 215.42.98.165 lease 10 ! ! ip name-server 215.42.98.165 ip name-server 215.42.98.164 ip ddns update method my_dyndns_org HTTP add http://username:password@<s...ame=<h>&ip=<a> interval maximum 1 0 0 0 ! ! multilink bundle-name authenticated ! ! username myusername privilege 15 password mypassword archive log config hidekeys ! ! ! class-map match-any P2P_class match protocol edonkey match protocol fasttrack match protocol gnutella match protocol kazaa2 match protocol novadigm match protocol cuseeme match protocol gopher ! ! policy-map P2P_policy class P2P_class drop ! ! ! ! interface FastEthernet0 description $adsl wan interfaces$ no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no ip mroute-cache duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 no cdp enable ! interface FastEthernet1 description $adsl lan interface$ ip address 10.1.1.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Virtual-Template1 type tunnel ip unnumbered Dialer0 tunnel mode ipsec ipv4 tunnel protection ipsec profile ipsec_profile ! interface Vlan1 no ip address ! interface Dialer0 description $adsl dialer interface$ ip ddns update hostname my.dyndns.org ip ddns update my_dyndns_org host members.dyndns.org ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap chap callin ppp chap hostname myispusername ppp chap password myisppassword ppp pap sent-username myispusername password myisppassword ! ip local pool VPN_POOL 192.168.1.1 192.168.1.50 ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http authentication local no ip http secure-server ip nat inside source list 120 interface Dialer0 overload ! logging trap debugging access-list 110 permit ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 120 deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 120 permit ip 10.1.1.0 0.0.0.255 any dialer-list 10 protocol ip permit ! ! ! ! ! ! control-plane ! ! line con 0 exec-timeout 0 0 password 7 0506130C284F4203 logging synchronous line aux 0 line vty 0 4 password 7 13080211020F0820 ! ! webvpn cef end [Ovu poruku je menjao markom dana 12.03.2008. u 15:05 GMT+1] [Ovu poruku je menjao optix dana 18.03.2008. u 00:47 GMT+1] |