09-15-2010 05:45 AM
Bonjour
Je suis entrain de configurer un routeur CISCO 877 d'une entreprise , la configuration fonctionne correctement sauf la partie relative au vpn .
la configuration ci-dessous pose problème lors de la procédure de connection au vpn utilisant un client vpn de chez moi et aucun message d'erreur ne s affiche à l'ecran. serait-il possible de m'indiquer si des erreurs sont présentes dans ma configuration du vpn et comment peut-on les corriger.
@lan = 192.168.1.0
@public = x.x.x.x
merci de votre aide
en
conf t
vlan 2
int vlan 2
ip add 192.168.1.1 255.255.255.0
ip nat inside
no shut
exit
int fa0
switchport mode access
switchport access vlan 2
no shut
int atm0
ip dhcp client cliant-if dialer0
pvc 8/35
pppoe-client dial-pool-number 1
no shut
exit
interface dialer0
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name menara
dialer-group 1
authentication chap callin
ppp chap hostname s.accg@menara
ppp chap password 0 south20
ppp ipcp dns request
exit
ip route 0.0.0.0 0.0.0.0 dialer0
ip nat inside source list 101 interface dialer0 overload
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
access-list 102 permit ip any any
int dialer0
ip access-group 102 in
no shut
exit
show ip int b
wr
__________________________________________
wifi
-------------------
interface Dot11Radio0
ip address 192.168.2.1 255.255.255.0
ip nat inside
no shutdown
!
encryption mode ciphers tkip
!
ssid stconn
max-associations 10
authentication open
authentication key-management wpa
wpa-psk ascii 0 wifi@s0
exit
ip nat inside source list 103 interface dialer0 overload
access-list 103 permit ip 192.168.2.0 0.0.0.255 any
show ip int b
wr
________________________________________________________
VPN
----------------------------------
hostname south
line console 0
logg s
exec-t 0 0
exit
no ip domain-lookup
exit
username yassine password yassine
aaa new-model
aaa authentication login default local
ip local pool VPNCLIENTS 10.0.2.100 10.0.2.150
aaa authentication login VPNAUTH local
aaa authorization network VPNAUTH local
crypto isakmp policy 10
authentication pre-share
encryption aes
group 2
exit
crypto isakmp client configuration group VPNGROUP
key VPNGROUP
pool VPNCLIENTS
acl 100
netmask 255.255.255.0
exit
access-list permit ip 10.0.0.0 0.0.255.255 any
crypto ipsec transform-set VPNTRANS esp-3DES esp-sha-hmac
exit
crypto dynamic-map VPNMAP 10
set transform-set VPNTRANS
reverse-route
exit
crypto map VPNMAP client configuration address respond
crypto map VPNMAP isakmp authorization list VPNAUTH
crypto map VPNMAP 10 ipsec-isakmp dynamic VPNMAP
crypto map VPNMAP client authentication list VPNAUTH
crypto isakmp keepalive 30 5
crypto isakmp xauth timeout 60
int dialer0
crypto map VPNMAP
10-03-2010 11:45 AM
Bonjour,
De la configuration je vois que la carte dynamique et la carte crypto les deux ont le même nom. Cela pourrait provoquer des conflits. S'il vous plaît changer le nom de la carte dynamique à autre chose. Je dirais la configuration suivante crypto:
crypto dynamic-map DYNMAP 10
set transform-set VPNTRANS
crypto map VPNMAP client configuration address respond
crypto map VPNMAP isakmp authorization list VPNAUTH
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
crypto map VPNMAP client authentication list VPNAUTH
Voici un lien de référence pour la configuration d'accès distant VPN: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml
Permettez-moi de savoir si cette aide,
Cheers,
Rudresh V
*********************************************************************
Hi,
From the configuration i see that the dynamic map and the crypto map both have the same name. This might cause conflicts. Please change the dynamic map name to something else. i would suggest following crypto configuration:
crypto dynamic-map DYNMAP 10
set transform-set VPNTRANS
crypto map VPNMAP client configuration address respond
crypto map VPNMAP isakmp authorization list VPNAUTH
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
crypto map VPNMAP client authentication list VPNAUTH
Here is a reference link for remote access vpn configuration: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml
Let me know if this helps,
Cheers,
Rudresh V
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide