Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with VPN's on Router Cisco - Non Cisco

Hello

Recently the  company where I work received a Cisco router, and am trying to configure  the various Cisco VPN's.

Please find attached a drawing of the  current structure of the network.

I'm using optical  fiber.

Here is the actual configuration:

#################################################################################################

Current configuration : 11608 bytes
!
! Last configuration change at 12:00:23 PT Fri Apr 30 2010 by patricios
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname Router-Patricios
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$Ksti$bIlSETZm.e4ay5gkqmOsJ.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login fiaverde_xauth local
aaa authentication login friends_xauth local
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network fiaverde_group local
aaa authorization network friends_group local
!
!
aaa session-id common
clock timezone PT 0
clock summer-time PT recurring last Sun Mar 1:00 last Sun Oct 2:00
!
crypto pki trustpoint TP-self-signed-3983758723
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3983758723
revocation-check none
rsakeypair TP-self-signed-3983758723

!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.5
ip dhcp excluded-address 192.168.0.11 192.168.0.254
!
ip dhcp pool ccp-pool1
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.5
!
!
ip domain name gestao.ptprime.pt
ip name-server 62.48.131.10
ip name-server 62.48.131.11
ip inspect name FW-INET tcp
ip inspect name FW-INET udp
ip inspect name FW-INET ftp
ip inspect name FW-INET icmp
ip inspect name FW-INET tftp
ip inspect name FW-INET realaudio
ip inspect name FW-INET esmtp
login block-for 300 attempts 5 within 60
login quiet-mode access-class 7
login on-failure log
login on-success log
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group fiaverde.dyndns.org
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 2
!
vpdn-group patfriendsargoncilhe.dyndns.org
accept-dialin
  protocol pptp
  virtual-template 5
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
group 2
!
crypto isakmp client configuration group patricios.dyndns.org
key 256pat1968
pool SDM_POOL_1
!
crypto isakmp client configuration group fiaverde.dyndns.org
key 256pat1968
pool fiaverde_pool
!
crypto isakmp client configuration group patfriendsargoncilhe.dyndns.org
key 256pat1968
domain patfriendsargoncilhe.dyndns.org
pool friends_pool
crypto isakmp profile ciscocp-ike-profile-1
   match identity group patricios.dyndns.org
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
crypto isakmp profile fiaverde_profile
   match identity group fiaverde.dyndns.org
   client authentication list fiaverde_xauth
   isakmp authorization list fiaverde_group
   client configuration address respond
   virtual-template 2
crypto isakmp profile friends_profile
   match identity group patfriendsargoncilhe.dyndns.org
   client authentication list friends_xauth
   isakmp authorization list friends_group
   client configuration address respond
   virtual-template 5
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
!
crypto ipsec profile Fiaverde_Profile
set transform-set ESP-3DES-SHA
set isakmp-profile fiaverde_profile
!
crypto ipsec profile Friends_Profile
set transform-set ESP-3DES-SHA
set isakmp-profile friends_profile
!
!
crypto dynamic-map FIAVERDE_MAP 1
reverse-route
!
!
crypto map FIAVERDE_VPN 100 ipsec-isakmp dynamic FIAVERDE_MAP
!
archive
log config
  hidekeys
!
!
vlan 33
name EW00942
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
description == Circuito ETH-MPLS / 1001412608 ==
no ip address
no ip proxy-arp
no ip mroute-cache
speed 100
full-duplex
no cdp enable
!
interface FastEthernet0.33
description == ETHERWEB / 1009409123 ==
encapsulation dot1Q 33
ip address 62.28.161.26 255.255.255.252
ip access-group 111 in
ip nat outside
ip virtual-reassembly
traffic-shape rate 9500000 95000 95000 1000
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0.33
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet0.33
tunnel mode ipsec ipv4
tunnel protection ipsec profile Fiaverde_Profile
!
interface Virtual-Template5 type tunnel
ip unnumbered FastEthernet0.33
tunnel mode ipsec ipv4
tunnel protection ipsec profile Friends_Profile
!
interface Vlan1
description == LAN Privada ==
ip address 192.168.0.5 255.255.255.0
no ip proxy-arp
ip nat inside
ip inspect FW-INET in
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
!
interface Vlan2
description == LAN Fiaverde ==$ES_LAN$
ip address 192.168.2.5 255.255.255.0
no ip proxy-arp
ip nat inside
ip inspect FW-INET in
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
!
interface Vlan5
description == LAN Friends ==
ip address 192.168.5.5 255.255.255.0
no ip proxy-arp
ip nat inside
ip inspect FW-INET in
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
!
ip local pool SDM_POOL_1 10.10.10.10 10.10.10.20
ip local pool fiaverde_pool 10.10.10.21 10.10.10.29
ip local pool friends_pool 10.10.10.40 10.10.10.49
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 62.28.161.25
ip route 192.168.2.0 255.255.255.0 192.168.0.251
ip route 192.168.5.0 255.255.255.0 62.28.161.24
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list ACL_NAT interface FastEthernet0.33 overload
!
ip access-list standard negar_acesso
remark negar_acesso
remark CCP_ACL Category=128
remark 123
deny   195.245.168.15
deny   any
deny   195.245.168.0 0.0.0.255
!
ip access-list extended ACL_NAT
permit ip 192.168.0.0 0.0.0.255 any
!
access-list 7 remark == ACL GESTAO
access-list 7 permit 192.168.0.0 0.0.0.255
access-list 30 remark === ACL SNMP Cliente ===
access-list 30 permit 192.168.0.0 0.0.255.255
access-list 41 remark === ACL SNMP PT RO
access-list 41 permit 62.48.131.96 0.0.0.31
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 remark CCP_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 remark CCP_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 111 remark === ACL entrada da iNet ===
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit ip host 62.48.196.232 any
access-list 111 permit ip host 62.48.207.128 any
access-list 111 permit ip host 62.48.131.101 any
access-list 111 permit ip host 62.48.205.207 any
access-list 111 permit ip host 62.48.236.145 any
access-list 111 permit tcp host 62.48.131.125 eq tacacs any
access-list 111 permit udp host 83.240.141.94 eq ntp any
access-list 111 deny   ip any any
snmp-server group GPTv3SNMP v3 auth access 41
snmp-server view client-view interfaces included
snmp-server view client-view sysUpTime included
snmp-server view client-view system.5 included
snmp-server view client-view system.9 included
snmp-server view client-view enterprises.351.110 included
snmp-server view client-view system.2.0 included
snmp-server view client-view lsystem included
snmp-server view client-view linterfaces included
snmp-server view client-view ciscoMgmt.387 included
snmp-server view client-view lsystem.73.0 excluded
snmp-server community pwlightcliente view client-view RO 30
snmp-server location R TRAS OS LAGOS 0  4525-325 GUISANDE VFR
snmp-server system-shutdown
!
!

#################################################################################################

  • VPN
1 REPLY
New Member

Re: Problem with VPN's on Router Cisco - Non Cisco


Please find attached a drawing of the  current  structure of the network.

920
Views
0
Helpful
1
Replies