[cisco-ttl] SDM 1841 Adsl Cisco Vpn Client IPSEC baglanti problemi

From: cmesut <cmesut_at_....>
Date: Wed Mar 14 2007 - 08:00:11 CET


Merhaba asagida sdm ile yapdigimiz konfigde 1841 router adsl baglantisi sorunsuz bir sekilde calismakta...Cisco vpn client ile diger bolgelere baglandigimizda baglanti gerceklesiyor fakat hostlara ping ve remote desktop ile ulailamiyor. Ayni adsl linki standart ipsec-passthrough yapan bir adsl modem ile yapildiginda Cisco vpn clientlar sorunsuz bir sekilde vpn baglantisi yaptigi hostlara ulasmaktadir..

Sorunun Nat ipsec passthrough problemi oldugunu tesbit edip sdm helplerindeki ve cisco helplerindeki gerekli access rullari uygulamama ragmen cozumlenemedi...Sanirim gozden kacan minik birseyler var... Basarili uygulayan arkadaslar varsa paylasmalarini rica edecegim..

Tesekkurlerimle...

Mevcut Calisan Sdm ile yapilmis konfig ...Eklenmesi gereken ?

!This is the running config of the router: 10.10.10.1
!----------------------------------------------------------------------------
!version 12.3

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption
service sequence-numbers
!

hostname 1841Router
!

boot-start-marker
boot-end-marker
!

security authentication failure rate 3 log security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 123456
!

username admin privilege 15 secret 5 123456 clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!

ip tcp synwait-time 10
ip dhcp excluded-address 10.10.10.1 10.10.10.49
!

ip dhcp pool sdm-pool1

   import all
   network 10.10.10.0 255.255.255.0
   dns-server 195.175.39.39 195.175.39.40    default-router 10.10.10.1
!
!

no ip bootp server 

ip domain name yourdomain.com
ip name-server 195.175.39.39
ip name-server 195.175.39.40

no ftp-server write-enable
!
!
!
!

interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$  ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!

interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!

interface ATM0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!

interface ATM0/0/0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!

interface ATM0/1/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!

interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname user@ttnet
 ppp chap password 7 123456
 ppp pap sent-username user@ttnet password 7 123456
!

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload

!
!

logging trap debugging 

access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit

no cdp run
!

control-plane
!

banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!

line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!

scheduler allocate 4000 1000
end Received on Wed Mar 14 11:47:30 2007

This archive was generated by hypermail 2.1.8 : Wed Mar 14 2007 - 11:47:30 CET