Question:
I am completely out of ideas and Cisco 3560 I rely on
the community's help to make a Cisco 881 router finally work.
I have the following configuration:
Current configuration : 2964 bytes
!
! No configuration change since last
restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname HOSTNAME
!
boot-start-marker
boot-end-marker
!
!
no logging console
enable secret 4
Nq2Qa3VgUxOFKhtuNYSfTjmG8tcryP67rejoLPHyZ4Q
enable password PASSWORD
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
no process cpu autoprofile hog
memory-size iomem 10
clock timezone EST -5 0
clock summer-time EDT recurring
crypto pki token default removal timeout 0
!
crypto pki trustpoint
TP-self-signed-3171263040
enrollment selfsigned
subject-name
cn=IOS-Self-Signed-Certificate-3171263040
revocation-check none
rsakeypair TP-self-signed-3171263040
!
!
ip source-route
!
!
!
!
!
no ip cef
ip name-server x.x.x.151
ip name-server x.x.x.152
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn SERIALNO
!
!
username UNAME privilege 15 secret 4
crXTpaYLDkjN6CD9fmkh71./aAHmBSTDMR/AkifA20U
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key SECRET address x.x.x.202
crypto isakmp keepalive 10 5 periodic
crypto isakmp aggressive-mode disable
!
!
crypto ipsec transform-set 3DES-SHA
esp-3des esp-sha-hmac
!
crypto map VPN-Map-01 10 ipsec-isakmp
set peer x.x.x.202
set transform-set 3DES-SHA
set pfs group2
match address Crypto-list-01
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description DSL Interface
no ip address
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Vlan1
description Internal LAN
ip address 192.168.110.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
no ip route-cache
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname USERNAME
ppp chap password 0 PASSWORD
ppp pap sent-username USERNAME password 0
PASSWORD
no cdp enable
crypto map VPN-Map-01
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list DSL_ACCESSLIST
interface Dialer1 overload
ip nat inside source route-map RMAP_1
interface Dialer1 overload
ip route 0.0.0 .0
0.0.0.0 Dialer1
!
ip access-list extended Crypto-list-01
permit ip 192.168.110.0 0.0.0 .255
192.168.10.0 0.0.0.255
ip access-list extended DSL_ACCESSLIST
permit ip 192.168.110.0 0.0.0 .255
any
!
access-list 101 deny ip 192.168.110.0 0.0.0 .255
192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.110.0 0.0.0 .255
any
!
!
!
!
route-map RMAP_1 permit 10
match ip address 101
!
!
!
!
line con 0
line aux 0
line vty 0 4
transport input all
!
end
The following is the result of SHOW CRYPTO
SESSION:
Interface: Dialer1
Session status: UP-ACTIVE
Peer: x.x.x.202 port 500
IKEv1 SA: local x.x.x.161/500 remote x.x.x.202/500 Active
IPSEC FLOW: permit ip 192.168.110.0/255.255.255.0
192.168.10.0/255.255.255.0
Active SAs: 2, origin: crypto map
Interface: Virtual-Access1
Session status: DOWN
Peer: 216.223.131.202 port 500
IPSEC FLOW: permit ip 192.168.110.0/255.255.255.0
192.168.10.0/255.255.255.0
Active SAs: 0, origin: crypto map
As much as I understand, the VPN tunnel is
active.
I can access the Internet, but I cannot
access anything through the VPN tunnel.
Can you help me, please, with this problem?
Answer:
At least you have a mistake in the
NAT-config which can interfere with the traffic that should be sent through the
tunnel. Remove the following line and try again:
ip nat inside source list DSL_ACCESSLIST
interface Dialer1 overload
--
Don't stop after you've improved your network! Cisco 3560V2 Price Improve the world by lending money to the working poor:
没有评论:
发表评论