Problème de Liaison VPN CISCO "not encrypted"
Résolu/Fermé
nocoz
Messages postés
7
Date d'inscription
mardi 7 août 2012
Statut
Membre
Dernière intervention
10 août 2012
-
9 août 2012 à 16:16
nocoz Messages postés 7 Date d'inscription mardi 7 août 2012 Statut Membre Dernière intervention 10 août 2012 - 10 août 2012 à 15:56
nocoz Messages postés 7 Date d'inscription mardi 7 août 2012 Statut Membre Dernière intervention 10 août 2012 - 10 août 2012 à 15:56
A voir également:
- Problème de Liaison VPN CISCO "not encrypted"
- Vpn gratuit - Accueil - Guide VPN
- Vpn comment ça marche - Guide
- Hola vpn chrome - Guide
- Bright vpn - Télécharger - Confidentialité
- Tuxler vpn - Télécharger - Confidentialité
2 réponses
nocoz
Messages postés
7
Date d'inscription
mardi 7 août 2012
Statut
Membre
Dernière intervention
10 août 2012
9 août 2012 à 16:35
9 août 2012 à 16:35
Ah et comme il s'agit d'une liason VPN, je pense qu'il serait bien que je vous donne la config du serveur (Site A) :
En gras ce qui pourrait être utile ?
Current configuration : 9081 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname SR520 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$ivUp$NqRs6bmNc.OgFFkGCrh1B1 ! aaa new-model ! ! aaa authentication login default local aaa authentication login Foxtrot_sdm_easyvpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network Foxtrot_sdm_easyvpn_group_ml_1 local ! ! aaa session-id common ! crypto pki trustpoint TP-self-signed-197926840 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-197926840 revocation-check none rsakeypair TP-self-signed-197926840 ! ! crypto pki certificate chain TP-self-signed-197926840 certificate self-signed 01 3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31393739 32363834 30301E17 0D313131 32303830 39333430 375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3139 37393236 38343030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B88A224D BB963F99 CF673115 4966D8CF AFB05D15 1EE8F082 51A83EF9 28076540 C8CC075E A4B3C14A F27E7CE3 58A28F66 85A00FB4 152A29B6 B0B144ED A37C82B2 E52B3EFE 43E9D34F FF7B6132 C191E365 523228E2 D531D777 E1F081C0 70FC2F9F A85712A0 04B698D7 09FA32B1 67A185D0 0E024625 8FB1B208 71A1CDC5 B6A9028F 02030100 01A36530 63300F06 03551D13 0101FF04 05300301 01FF3010 0603551D 11040930 07820553 52353230 301F0603 551D2304 18301680 141E0283 885027DB 05254B77 1A4C6C15 6629A3A1 5C301D06 03551D0E 04160414 1E028388 5027DB05 254B771A 4C6C1566 29A3A15C 300D0609 2A864886 F70D0101 04050003 8181006D 10808258 DF48712D 8C15CD94 C6F4E931 130E8347 D14CADDB 4506B89B 8FFF852C 8ECB6698 2BA7BC70 32F0BDE4 75E96C2B B598F9C1 970C29F5 C3225512 5AA2AEEB 68E78808 C0C9E0D2 DE3FF7C7 CA0584DE 7B49FCAA 397F6DCE F1254140 6FCDD8F1 EE162C1E 2EA6A58C 1523C352 A4110E34 C2C12B99 96C2416A 55642E61 276679 quit dot11 syslog ip source-route ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool inside import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 ! ! ip cef ! no ipv6 cef multilink bundle-name authenticated ! ! username cisco privilege 15 secret 5 $1$IGpr$Pq8mZdfgfGWTXYW4heUBd/ username thfvpn secret 5 $1$x6hr$giyMhMZXgKs7DJQ8IuulG1 username thfvpn2 secret 5 $1$X1zF$eZC/9Zuwk1vk2.cuS2Elr/ ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group EZVPN_GROUP_1 key MaCléEnClair dns 81.253.89.1 80.10.246.2 pool SDM_POOL_1 acl 101 save-password max-users 10 crypto isakmp profile sdm-ike-profile-1 match identity group EZVPN_GROUP_1 client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1 isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1 client configuration address respond virtual-template 3 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA set isakmp-profile sdm-ike-profile-1 ! ! archive log config logging enable logging size 600 hidekeys ! ! ! class-map type inspect match-any SDM_AH match access-group name SDM_AH class-map type inspect match-any SDM-Voice-permit match protocol sip class-map type inspect match-any SDM_IP match access-group name SDM_IP class-map type inspect match-any SDM_ESP match access-group name SDM_ESP class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC match protocol isakmp match protocol ipsec-msft match class-map SDM_AH match class-map SDM_ESP class-map type inspect match-all SDM_EASY_VPN_SERVER_PT match class-map SDM_EASY_VPN_SERVER_TRAFFIC class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all dhcp_out_self match access-group name dhcp-resp-permit class-map type inspect match-all dhcp_self_out match access-group name dhcp-req-permit class-map type inspect match-all sdm-protocol-http match protocol http ! ! policy-map type inspect sdm-permit-icmpreply class type inspect dhcp_self_out pass class type inspect sdm-cls-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-cls-insp-traffic inspect class type inspect sdm-protocol-http inspect class type inspect SDM-Voice-permit pass class class-default pass policy-map type inspect sdm-inspect-voip-in class type inspect SDM-Voice-permit pass class class-default drop policy-map type inspect sdm-permit class type inspect SDM_EASY_VPN_SERVER_PT pass class type inspect dhcp_out_self pass class class-default drop policy-map type inspect sdm-permit-ip class type inspect SDM_IP pass class class-default drop log ! zone security out-zone zone security in-zone zone security ezvpn-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect zone-pair security sdm-zp-out-in source out-zone destination in-zone service-policy type inspect sdm-inspect-voip-in zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone service-policy type inspect sdm-permit-ip ! ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 switchport access vlan 75 ! interface FastEthernet1 switchport access vlan 75 ! interface FastEthernet2 switchport access vlan 75 ! interface FastEthernet3 switchport access vlan 75 ! interface Virtual-Template3 type tunnel ip unnumbered Vlan75 zone-member security ezvpn-zone tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! interface Vlan1 no ip address shutdown ! interface Vlan75 description $FW_INSIDE$ ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security in-zone ip tcp adjust-mss 1412 ! interface Dialer2 description $FW_OUTSIDE$ ip address negotiated ip mtu 1452 ip nat outside ip virtual-reassembly zone-member security out-zone encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname fti/vy6u3wb ppp chap password 7 08241F1A0D090045 ppp pap sent-username fti/vy6u3wb password 7 1412415F08142F79 ppp ipcp dns request ! ip local pool SDM_POOL_1 192.168.1.100 192.168.1.109 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer2 ip route 192.168.10.0 255.255.255.0 Vlan75 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer2 overload ! ip access-list extended SDM_AH remark SDM_ACL Category=1 permit ahp any any ip access-list extended SDM_ESP remark SDM_ACL Category=1 permit esp any any ip access-list extended SDM_IP remark SDM_ACL Category=1 permit ip any any ip access-list extended dhcp-req-permit remark SDM_ACL Category=1 permit udp any eq bootpc any eq bootps ip access-list extended dhcp-resp-permit remark SDM_ACL Category=1 permit udp any eq bootps any eq bootpc ! access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 101 remark SDM_ACL Category=4 access-list 101 permit ip 192.168.1.0 0.0.0.255 any dialer-list 1 protocol ip permit ! ! ! ! ! control-plane ! banner login ^CSR520 Base Config - MFG 1.0 ^C ! line con 0 no modem enable line aux 0 line vty 0 4 transport input telnet ssh ! scheduler max-task-time 5000 end
En gras ce qui pourrait être utile ?
nocoz
Messages postés
7
Date d'inscription
mardi 7 août 2012
Statut
Membre
Dernière intervention
10 août 2012
10 août 2012 à 15:56
10 août 2012 à 15:56
Problème résolu : j'ai reconfigurer le VPN sur les deux routeurs et remis à plat clé PSK et nom d'utilisateurs et mot de passe ..et c'est reparti pour un tour (avec un bon gros backup pour ne plus me faire avoir !)
