Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
1
Replies

Problème VPN

80236yassine
Level 1
Level 1

‎09-15-2010 05:45 AM

Bonjour

  Je suis  entrain de configurer un routeur CISCO 877 d'une entreprise , la configuration fonctionne correctement   sauf la partie relative au  vpn .

la configuration ci-dessous  pose problème lors de la procédure de connection au vpn  utilisant  un client vpn  de chez moi  et aucun message d'erreur ne s affiche à l'ecran.  serait-il possible de m'indiquer  si  des erreurs sont présentes dans ma configuration du vpn et comment peut-on les corriger.


@lan = 192.168.1.0

@public = x.x.x.x

merci  de votre aide

en
conf t
vlan 2
int vlan 2
ip add 192.168.1.1 255.255.255.0
ip nat inside
no shut

exit
int fa0
switchport mode access
switchport access vlan 2
no shut

int atm0
ip dhcp client cliant-if dialer0
pvc 8/35
pppoe-client dial-pool-number 1
no shut
exit

interface dialer0
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name menara
dialer-group 1
authentication chap callin
ppp chap hostname s.accg@menara
ppp chap password 0 south20
ppp ipcp dns request
exit


ip route 0.0.0.0 0.0.0.0 dialer0
ip nat inside source list 101 interface dialer0 overload
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
access-list 102 permit ip any any

int dialer0
ip access-group 102 in
no shut
exit

show ip int b

wr
__________________________________________

wifi
-------------------

interface Dot11Radio0
ip address 192.168.2.1 255.255.255.0
ip nat inside
no shutdown
!
encryption mode ciphers tkip
!
ssid stconn
max-associations 10
authentication open
authentication key-management wpa
wpa-psk ascii 0 wifi@s0
exit

ip nat inside source list 103 interface dialer0 overload
access-list 103 permit ip 192.168.2.0 0.0.0.255 any

show ip int b

wr
________________________________________________________

VPN
----------------------------------

hostname south
line console 0
logg s
exec-t 0 0
exit
no ip domain-lookup
exit
username yassine password yassine
aaa new-model
aaa authentication login default local
ip local pool VPNCLIENTS 10.0.2.100 10.0.2.150
aaa authentication login VPNAUTH local
aaa authorization network VPNAUTH local
crypto isakmp policy 10
authentication pre-share
encryption aes
group 2
exit
crypto isakmp client configuration group VPNGROUP
key VPNGROUP
pool VPNCLIENTS
acl 100
netmask 255.255.255.0
exit
access-list permit ip 10.0.0.0 0.0.255.255 any
crypto ipsec transform-set VPNTRANS esp-3DES esp-sha-hmac
exit
crypto dynamic-map VPNMAP 10
set transform-set VPNTRANS
reverse-route
exit
crypto map VPNMAP client configuration address respond
crypto map VPNMAP isakmp authorization list VPNAUTH
crypto map VPNMAP 10 ipsec-isakmp dynamic VPNMAP
crypto map VPNMAP client authentication list VPNAUTH
crypto isakmp keepalive 30 5
crypto isakmp xauth timeout 60
int dialer0
crypto map VPNMAP

Labels:
0 Helpful
1 Reply 1

Rudresh Veerappaji
Cisco Employee
Cisco Employee

‎10-03-2010 11:45 AM

Bonjour,


De la configuration je vois que la carte dynamique et la carte crypto les deux ont le même nom. Cela pourrait provoquer des conflits. S'il vous plaît changer le nom de la carte dynamique à autre chose. Je dirais la configuration suivante crypto:


crypto dynamic-map DYNMAP 10
set transform-set VPNTRANS

crypto map VPNMAP client configuration address respond
crypto map VPNMAP isakmp authorization list VPNAUTH
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
crypto map VPNMAP client authentication list VPNAUTH


Voici  un lien de référence pour la configuration d'accès distant VPN:  http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml


Permettez-moi de savoir si cette aide,


Cheers,

Rudresh V

*********************************************************************

Hi,

From the configuration i see that the dynamic map and the crypto map both have the same name. This might cause conflicts. Please change the dynamic map name to something else. i would suggest following crypto configuration:

crypto dynamic-map DYNMAP 10
set transform-set VPNTRANS

crypto map VPNMAP client configuration address respond
crypto map VPNMAP isakmp authorization list VPNAUTH
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
crypto map VPNMAP client authentication list VPNAUTH

Here is a reference link for remote access vpn configuration: http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml

Let me know if this helps,

Cheers,

Rudresh V

0 Helpful
Customers Also Viewed These Support Documents