Configuration vpn

Fermé
souma - 6 avril 2010 à 13:33
Bonjour

j'ai un routeur cisco 857W j'ai configure l adsl qui fonctionne correctement
Et j ai configure le vpn ; le client vpn ce connecte mais le problème c lorsque le client
Ce connecte il prend même address du paessserelle par défaut :
Adresse IP: 10.10.10.104
Masque de sous-réseau: 255.255.255.0
Passerelle par défaut: 10.10.10.104
Serveurs DNS: 212.217.0.1, 212.217.0.1
voila la configuration du routeur et merci



Building configuration...



Current configuration : 6812 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CISCO

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login ciscocp_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network ciscocp_vpn_group_ml_1 local

!

!

aaa session-id common

!

crypto pki trustpoint TP-self-signed-2038464969

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2038464969

revocation-check none

rsakeypair TP-self-signed-2038464969

!

!

crypto pki certificate chain TP-self-signed-2038464969

certificate self-signed 01

3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 32303338 34363439 3639301E 170D3032 30333031 30353136

32365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30333834

36343936 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100EB55 63D10E81 70C79744 7B22183E D689331C A141B7E2 68FE53C6 0C399002

AD3637F2 A22D72FA FD5E0301 51492A49 2A40DFF6 1B4226DF 92303650 F4B516D3

5C8E37E6 A223EB6F C067235B A5432079 4625A700 9A2B5AD5 FC1553B6 1664F44D

175D57FC 5D9BEA3A 75A321E3 68CB9FAC 45AB13E0 6705598C 022B457C 1FCDEC24

22C50203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603

551D1104 18301682 14434953 434F2E79 6F757264 6F6D6169 6E2E636F 6D301F06

03551D23 04183016 80148856 5911FAAD 190A3E2F 51C7315A 2A473912 4A68301D

0603551D 0E041604 14885659 11FAAD19 0A3E2F51 C7315A2A 4739124A 68300D06

092A8648 86F70D01 01040500 03818100 623B1084 4D65D9F0 979921D1 E91769A3

37D77436 E5FD294F D4C490B6 D9531322 BC6FACA0 955F0A46 CCE93B6D F4721D24

177856B3 CFE56F16 E172114E 31B52D26 2FFB968D 82000427 FC5C3D9D 08392E75

CEF8BB67 3584D659 EB9BC5FB 13BF5ED4 5F71BA96 88BE62FB 55FE9971 7C66CB6F

E89917B1 F37476A6 FD83D933 4EB1B698

quit

dot11 syslog

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.7 10.10.10.254

!

ip dhcp pool ccp-pool

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 212.217.0.1 212.217.0.12

lease 99

!

!

ip cef

ip domain name yourdomain.com

ip name-server 212.217.0.1

ip name-server 212.217.0.12

!

!

!

username admin privilege 15 secret 5 $1$LK/O$P.obV.5do8B.DOQDNwL7D0

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group LOGITRACE

key 12345

dns 212.217.0.1 212.217.0.12

pool SDM_POOL_1

netmask 255.255.255.0

crypto isakmp profile ciscocp-ike-profile-1

match identity group LOGITRACE

client authentication list ciscocp_vpn_xauth_ml_1

isakmp authorization list ciscocp_vpn_group_ml_1

client configuration address respond

virtual-template 1

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto ipsec profile CiscoCP_Profile1

set transform-set ESP-3DES-SHA

set isakmp-profile ciscocp-ike-profile-1

!

!

archive

log config

hidekeys

!

!

!

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

no ip redirects

no ip proxy-arp

pvc 8/35

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1 type tunnel

ip unnumbered Vlan1

tunnel mode ipsec ipv4

tunnel protection ipsec profile CiscoCP_Profile1

!

interface Dot11Radio0

no ip address

shutdown

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412

!

interface Dialer0

ip address negotiated

ip mtu 1452

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname logitrace@menara

ppp chap password 0 menara

ppp pap sent-username logitrace@menara password 0 menara

!

ip local pool SDM_POOL_1 10.10.10.100 10.10.10.200

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.7

access-list 23 permit 10.10.10.0 0.0.0.7

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------



Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.



It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.



username <myuser> privilege 15 secret 0 <mypassword>



Replace <myuser> and <mypassword> with the username and password you

want to use.



-----------------------------------------------------------------------

^C

banner login ^C

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device.

This feature requires the one-time use of the username "cisco" with the

password "cisco". These default credentials have a privilege level of 15.



YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE

PUBLICLY-KNOWN CREDENTIALS



Here are the Cisco IOS commands.



username <myuser> privilege 15 secret 0 <mypassword>

no username cisco



Replace <myuser> and <mypassword> with the username and password you want

to use.



IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL

NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.



For more information about Cisco CP please follow the instructions in the

QUICK START GUIDE for your router or go to https://www.cisco.com/c/en/us/products/cloud-systems-management/configuration-professional-catalyst/index.html

-----------------------------------------------------------------------

^C

!

line con 0

no modem enable

line aux 0

line vty 0 4

access-class 23 in

transport input telnet ssh

!

scheduler max-task-time 5000

end




A voir également: