Naime radi se o VPN-u.
Kako sam na seriji 1800 iskonfigurirao DDDNS, PPPOE (Adsl) i rješio VPN konekciju javio mi se sljedeći problem.
Uredno se spojim sa VPN klijentom u svoju mrežu, ali VIŠE SA RAČUNALOM SA KOJEG SAM SE SPOJIO NE MOGU SURFATI PO NETU!
P.S.
Kako imam VPN POOL ADRESA i moj Vpn klijent dobije tu jednu privatnu adresu, ja mogu pingati samo ruter, ostalo ništa (poruka requested timed out). Kompijutori unutar moje mreže u koju se spajam surfaju bez problema, jer sam im napravio nat overload preko interfejsa dialer 0.
Donosim i konfiguraciju pa bih Vas zamolio da mi pogledate!
KONFIGURACIJA:
version 12.4
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
!
hostname my-house
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login my_vpn_xauth local
aaa authorization exec default local
aaa authorization network my_vpn_group local
!
!
aaa session-id common
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN_my
key grupa22cic03lj84
pool VPN_POOL
acl 110
max-users 20
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group VPN_my
client authentication list my_vpn_xauth
isakmp authorization list my_vpn_group
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ipsec_transset esp-3des esp-sha-hmac
!
crypto ipsec profile ipsec_profile
set transform-set ipsec_transset
set isakmp-profile sdm-ike-profile-1
!
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.1.1 10.1.1.10
!
ip dhcp pool my-house
import all
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
dns-server 215.42.98.165
lease 10
!
!
ip name-server 215.42.98.165
ip name-server 215.42.98.164
ip ddns update method my_dyndns_org
HTTP
add http://username:password@<s...ame=<h>&ip=<a>
interval maximum 1 0 0 0
!
!
multilink bundle-name authenticated
!
!
username myusername privilege 15 password mypassword
archive
log config
hidekeys
!
!
!
class-map match-any P2P_class
match protocol edonkey
match protocol fasttrack
match protocol gnutella
match protocol kazaa2
match protocol novadigm
match protocol cuseeme
match protocol gopher
!
!
policy-map P2P_policy
class P2P_class
drop
!
!
!
!
interface FastEthernet0
description $adsl wan interfaces$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet1
description $adsl lan interface$
ip address 10.1.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile ipsec_profile
!
interface Vlan1
no ip address
!
interface Dialer0
description $adsl dialer interface$
ip ddns update hostname my.dyndns.org
ip ddns update my_dyndns_org host members.dyndns.org
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname myispusername
ppp chap password myisppassword
ppp pap sent-username myispusername password myisppassword
!
ip local pool VPN_POOL 192.168.1.1 192.168.1.50
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 120 interface Dialer0 overload
!
logging trap debugging
access-list 110 permit ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 permit ip 10.1.1.0 0.0.0.255 any
dialer-list 10 protocol ip permit
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
password 7 0506130C284F4203
logging synchronous
line aux 0
line vty 0 4
password 7 13080211020F0820
!
!
webvpn cef
end
[Ovu poruku je menjao markom dana 12.03.2008. u 15:05 GMT+1]
[Ovu poruku je menjao optix dana 18.03.2008. u 00:47 GMT+1]