RE: [cisco-ttl] SDM 1841 Adsl Cisco Vpn Client IPSEC baglanti problemi

From: OZGUR KOSE <okose_at_....>
Date: Wed Mar 14 2007 - 11:57:01 CET


inbound tarafinda dogru esp 500 protokolüne izin verip deneyin...  

Özgür Köse
IT Specialist
System Management / Information Technology Tel :+90 212 335 6946
Fax:+90 212 335 6947
Dereboyu Sok. Sun Plaza
No:24 Kat:17 34398
Maslak - Istanbul

-----Original Message-----
From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com]On Behalf Of cmesut Sent: Wednesday, March 14, 2007 9:00 AM
To: cisco-ttl@yahoogroups.com
Subject: [cisco-ttl] SDM 1841 Adsl Cisco Vpn Client IPSEC baglanti problemi

Merhaba asagida sdm ile yapdigimiz konfigde 1841 router adsl baglantisi sorunsuz bir sekilde calismakta...Cisco vpn client ile diger bolgelere baglandigimizda baglanti gerceklesiyor fakat hostlara ping ve remote desktop ile ulailamiyor. Ayni adsl linki standart ipsec-passthrough yapan bir adsl modem ile yapildiginda Cisco vpn clientlar sorunsuz bir sekilde vpn baglantisi yaptigi hostlara ulasmaktadir..

Sorunun Nat ipsec passthrough problemi oldugunu tesbit edip sdm helplerindeki ve cisco helplerindeki gerekli access rullari uygulamama ragmen cozumlenemedi...Sanirim gozden kacan minik birseyler var... Basarili uygulayan arkadaslar varsa paylasmalarini rica edecegim..

Tesekkurlerimle...

Mevcut Calisan Sdm ile yapilmis konfig ...Eklenmesi gereken ?

!This is the running config of the router: 10.10.10.1
!----------------------------------------------------------
!version 12.3

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption
service sequence-numbers
!

hostname 1841Router
!

boot-start-marker
boot-end-marker
!

security authentication failure rate 3 log security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 123456
!

username admin privilege 15 secret 5 123456 clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!

ip tcp synwait-time 10
ip dhcp excluded-address 10.10.10.1 10.10.10.49
!

ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 195.175.39.39 195.175.39.40
default-router 10.10.10.1
!
!

no ip bootp server 

ip domain name yourdomain.com
ip name-server 195.175.39.39
ip name-server 195.175.39.40

no ftp-server write-enable
!
!
!
!

interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$ ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
no mop enabled
!

interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no cdp enable
no mop enabled
!

interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!

interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!

interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!

interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@ttnet
ppp chap password 7 123456
ppp pap sent-username user@ttnet password 7 123456
!

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload

!
!

logging trap debugging 

access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit

no cdp run
!

control-plane
!

banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!

line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!

scheduler allocate 4000 1000
end  

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.

[Non-text portions of this message have been removed] Received on Thu Mar 15 16:20:44 2007

This archive was generated by hypermail 2.1.8 : Thu Mar 15 2007 - 16:20:44 CET