Vpn 876

[gpetrom]

Gia sas

Exo dio router 876 kai thelo na kano vpn metaksi dio simion, mexri ekei ta katafera.
To provlima einai to eksis den kanoyn ping oi dio routers metaksi tous kai oi efarmoges den paizoun.

Den mporo na katalavo ti simvainei to idio conf to exo valei se arketes alles egkatastaaeis kai douleuei mia xara sas to dino na to deite kai eseis

protos router

Κώδικας:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ginis
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$x98y$RSxqsgLka67k5x3.FItpi/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name ginis.gr
ip name-server 10.65.100.1
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-2347753704
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2347753704
 revocation-check none
 rsakeypair TP-self-signed-2347753704
!
!
crypto pki certificate chain TP-self-signed-2347753704
 certificate self-signed 01
  30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32333437 37353337 3034301E 170D3032 30333031 30303134
  30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33343737
  35333730 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A2EF 2BF736DD 50DD15CD 092930E1 161CABB4 5A6BD137 BDDC274C 3224CA42
  A39484B8 58504C22 CE914E79 BFABD9FF 05F2398B 3367136E C978BD23 27E69FC0
  5B30D3D0 772BDB7B 5583D440 31F6778B 52CCD672 EAA4BF7B 49634F22 8C4CA175
  7F223E53 6A0ECA7E 5AA67247 DDB35C77 F8086DA3 DBBB4A0A 5ED84D07 1877061C
  909F0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
  551D1104 12301082 0E67696E 69732E67 696E6973 2E677230 1F060355 1D230418
  30168014 4C0FE123 C84524EA A1E2A4CC 3678F6E4 4D1061EF 301D0603 551D0E04
  1604144C 0FE123C8 4524EAA1 E2A4CC36 78F6E44D 1061EF30 0D06092A 864886F7
  0D010104 05000381 810079DA B47470F5 3746C3FD 25A03FFE 835D19A2 0AE0ADF5
  57567F10 BBA97EB5 BCA5F85B E4F944CC 2633CB4D 381E9135 979F6AC1 231C00BC
  D89D2943 AE3C5979 CB72849F 259070C4 D19693A1 3339668A 19A426AE 8B05D26D
  68B3EB37 E2D19A31 09A5B4FA D016D726 D95F9796 E176D503 73CE8874 9762ABEB
  706E8547 AA3F77AA 9090
  quit
username ginis privilege 15 secret 5 $1$L1Ra$pBmzQvKfc0q14jGcTPuEZ0
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 9g7n4s address 83.171.243.56
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to83.171.243.56
 set peer 83.171.243.56
 set transform-set ESP-3DES-SHA2
 match address 105
!
!
!
interface BRI0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation hdlc
 ip route-cache flow
 shutdown
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.65.100.110 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 bandwidth 2000
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip inspect DEFAULT100 out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxx
 ppp chap password 7 xxxxxxxxxxxx
 ppp pap sent-username xxxxxxxx password 7 xxxxxxxxxxxxxxx
 crypto map SDM_CMAP_1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 193.92.93.80 255.255.255.248 10.65.100.100
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 10.65.100.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny   ip 10.65.100.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 10.65.100.0 0.0.0.255 any
access-list 105 remark SDM_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.65.100.0 0.0.0.255 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
 match ip address 103
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

deuteros router

Κώδικας:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname glyfada
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$rxzQ$kkw29TSiYK6dDFPc7SaeR0
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-1188488579
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1188488579
 revocation-check none
 rsakeypair TP-self-signed-1188488579
!
!
crypto pki certificate chain TP-self-signed-1188488579
 certificate self-signed 01
  3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31313838 34383835 3739301E 170D3032 30333031 30303035
  35345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31383834
  38383537 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E256 59D742E8 684C10FB E68F0B09 5E42BD26 E738278B 3F10EDD4 BA7D9D8B
  2F1C4530 17903DB8 8D5172C7 D26CDC5D 63DC0712 75B96C1C 4934A7D2 19CC5A36
  86797B90 A7D09918 F1000F6A D49FDF13 9A9F88F3 C5EE19BF 23FE6562 3B246173
  C42C2806 377ED75B 2301E3F8 B827D0D3 6ED9F7D7 3392CF6A 5F75EBFE 2197F8D9
  69DD0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
  551D1104 1A301882 16676C79 66616461 2E796F75 72646F6D 61696E2E 636F6D30
  1F060355 1D230418 30168014 2BF34ECD 3B674448 E65F1046 A51FC226 3892A7B7
  301D0603 551D0E04 1604142B F34ECD3B 674448E6 5F1046A5 1FC22638 92A7B730
  0D06092A 864886F7 0D010104 05000381 81000BAC 5F816105 46B8190E 8E3E7074
  A6868D39 C5E904BF 656A5635 75936BBA 85E72CA8 C621C6B3 5F2F381F 992631E2
  5599F2D7 CE37D5F2 315DB685 4138BD19 E7D1BE4F 2F35A421 71F64483 2AB513E7
  2209544A 6910A3BE 7FE1007A 1C5E4CF2 8C9C40FD DB0FEE29 B70A252C 27930546
  E39F5BA9 8FD72CF7 83F37FE9 F6295116 80A2
  quit
username ginis privilege 15 secret 5 $1$fjJw$YtjhnyPT5Y6nuuwI/DbEN.
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 9g7n4s address 83.171.243.137
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to83.171.243.137
 set peer 83.171.243.137
 set transform-set ESP-3DES-SHA1
 match address 102
!
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 no snmp trap link-status
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.0.250 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxx
 ppp chap password 7 xxxxxxxxxx
 ppp pap sent-username xxxxxxxxxx password 7 xxxxxxxxxxxxx
 crypto map SDM_CMAP_1
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.65.100.0 255.255.255.0 192.168.0.254
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny   ip 192.168.0.0 0.0.0.255 10.65.100.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.0.0 0.0.0.255 10.65.100.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 101
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

[gatoulas]

α) No greeklish allowed

β) Γιατί έχεις τόσα ίδια transform sets. Φτιάξε λίγο το config σου πιο ανθρώπινο. Αμάν αυτό το sdm

γ) Αν και έχεις 5άρια passwords κρύψε τις πραγματικές IP σου

δ) Το no ip unreach... ξανασκέψου το αν θέλεις RDC

Και τέλος, στο δεύτερο router δώσε
no ip route 10.65.100.0 255.255.255.0 192.168.0.254
μπάς και περάσει κανα πακετάκι από το tunnel

[cprotopapas]

β) Γιατί έχεις τόσα ίδια transform sets. Φτιάξε λίγο το config σου πιο ανθρώπινο. Αμάν αυτό το sdm

ΜΑΚΡΥΑ από εμάς!!!666!!!Πιο διαβολικό πράγμα δεν υπάρχει(εννοώ το SDM).Το δοκίμασα σε έναν router(να δώ κι εγώ τι είναι πια αυτό) και τα έκανε...ας μην το πω.CLI RULZ!!!!!

[nnn]

Greeklish που δεν διορθώθηκαν,μπορείς να ανεβάσεις πάλι την ερώτηση σου στα Ελληνικά.