Probleme IPSec Serveur Téléphonique invisible de l'autre coté
Fermé
simonth58
Messages postés27Date d'inscriptionvendredi 28 mai 2004StatutMembreDernière intervention17 mai 2013
-
Modifié par simonth58 le 17/05/2013 à 03:53
Bonjour,
J'ai établi un Tunnel VPN IPSEC sur un Cisco 871 (Site A 10.18.10.1) et un Cisco 1841 (Site B 10.19.10.1). Du côté B, j'ai aussi un serveur téléphonique Cisco 1760-V(10.19.10.2)
A partir du 1841, je ping du côté du 871 et j'ai une réponse de chaque ip sur le réseau. et quand je ping a partir du 871 vers le 1841, j'ai une réponse de tous SAUF du 1760...
J'ai essayé plein de choses... toujours sans succes... je met une copie de mes config de chaque routeurs, en espérant que quelqu'un trouve quelque chose que je n'ai pas vu, je commence a désesperer...
Merci d'Avance!
Config 871:
871-Steu#sh run
Building configuration...
Current configuration : 6298 bytes
!
! Last configuration change at 19:48:16 EST Thu May 16 2013 by Simon
! NVRAM config last updated at 19:48:19 EST Thu May 16 2013 by Simon
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname 871-Steu
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 200000
enable secret 5 $1$xN0.$uiTpxjFulQ4KiIUs97leD0
!
aaa new-model
!
!
aaa authentication ppp default local
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EST recurring
!
!
dot11 syslog
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.18.10.1 10.18.10.10
ip dhcp excluded-address 10.18.10.250 10.18.10.254
ip dhcp ping timeout 200
!
ip dhcp pool LANPOOL
import all
network 10.18.10.0 255.255.255.0
default-router 10.18.10.1
domain-name Cabane-Bonaventure
dns-server 142.169.1.16
option 150 ip 10.18.10.2
lease 0 12
!
ip dhcp pool PORTABLE
import all
host 10.18.10.7 255.255.255.0
client-identifier 0108.1196.5d8d.f0
!
ip dhcp pool ap1231
import all
host 10.18.10.254 255.255.255.0
!
ip dhcp pool Serveur
host 10.18.10.2 255.255.255.0
client-identifier 0100.1b24.32a6.97
!
!
ip cef
ip domain name Cabane-Bonaventure
ip inspect name fwoutbound tcp timeout 600
ip inspect name fwoutbound udp timeout 600
ip inspect name fwoutbound ftp timeout 600
ip inspect name fwinbound tcp timeout 600
ip inspect name fwinbound udp timeout 600
ip inspect name fwinbound ftp timeout 600
ip device tracking
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group TEST-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
username Simon privilege 15 secret 5 $1$pxYy$156ImXtIP9Mfh311qnWh
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key **** address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set TSet esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TSet
!
!
archive
log config
hidekeys
!
!
ip ssh time-out 90
ip ssh authentication-retries 5
ip ssh version 2
!
policy-map VPNPolicy
class class-default
shape average 128000
!
!
!
!
interface Tunnel1
ip address 10.20.10.2 255.255.255.0
qos pre-classify
tunnel source 207.134.158.119
tunnel destination 75.158.242.214
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
service-policy output VPNPolicy
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
description ***ISP-Telus-DHCP
ip address dhcp
ip access-group 111 in
ip mtu 1450
ip nat outside
ip inspect fwinbound in
ip inspect fwoutbound out
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Virtual-Template1
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly
peer default ip address dhcp-pool LANPOOL
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
description Internal
ip address 10.18.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router rip
version 2
network 10.0.0.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 207.134.152.1
ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface FastEthernet4 overload
ip nat inside source static tcp 10.18.10.7 4444 interface FastEthernet4 4444
ip nat inside source static tcp 10.18.10.2 22 interface FastEthernet4 26
!
logging trap debugging
logging 10.18.10.1
logging 10.200.10.200
access-list 10 permit 10.18.10.0 0.0.0.255
access-list 111 remark --- SSH REMOTE ACCESS ----------------------------------
access-list 111 permit tcp any any eq 22
access-list 111 remark --- NTP SERVERS ----------------------------------------
access-list 111 permit ip host 132.246.168.148 any
access-list 111 permit ip host 132.246.168.164 any
access-list 111 remark --- DMVPN ----------------------------------------------
access-list 111 permit esp any any
access-list 111 permit gre any any
access-list 111 remark --- CONNECTIVITY ---------------------------------------
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit tcp any any eq 139
access-list 111 permit tcp any any eq 1723
access-list 111 permit udp any any eq 10000
access-list 111 permit udp any eq domain any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 remark --- PERSONAL -------------------------------------------
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq 4444
access-list 111 permit tcp any any eq 222
access-list 111 permit tcp any any eq 26
access-list 111 permit udp any eq isakmp any eq isakmp
!
!
!
!
control-plane
!
banner exec ^C Routeur 871
!
line con 0
exec-timeout 90 0
no modem enable
width 132
line aux 0
line vty 0 4
exec-timeout 90 0
privilege level 15
width 132
notify
transport input telnet ssh
!
scheduler max-task-time 5000
end
871-Steu#
Config 1841:
1841Riki#sh run
Building configuration...
Current configuration : 5136 bytes
!
! Last configuration change at 01:40:09 UTC Fri May 17 2013 by Simon
! NVRAM config last updated at 23:06:41 UTC Thu May 16 2013 by Simon
! NVRAM config last updated at 23:06:41 UTC Thu May 16 2013 by Simon
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname 1841Riki
!
boot-start-marker
boot-end-marker
!
!
logging buffered 20000
enable secret 4 7CzoHU27tgKJM5soonTwPHf9vKPH2PinuXqEwr4c6bY
!
no aaa new-model
!
memory-size iomem 15
dot11 syslog
ip source-route
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.19.10.1 10.19.10.10
ip dhcp ping timeout 200
!
ip dhcp pool LANPOOL
import all
network 10.19.10.0 255.255.255.0
default-router 10.19.10.1
dns-server 142.169.1.16
option 150 ip 10.19.10.2
lease 0 12
!
!
ip cef
ip domain name Cabane-Bonaventure
ip inspect name fwoutbound tcp timeout 600
ip inspect name fwoutbound udp timeout 600
ip inspect name fwoutbound ftp timeout 600
ip inspect name fwinbound tcp timeout 600
ip inspect name fwinbound udp timeout 600
ip inspect name fwinbound ftp timeout 600
ip device tracking
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group VPN-PPTP
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
!
!
!
!
!
license udi pid CISCO1841 sn FHK142874TN
username Simon privilege 15 secret 4 LcV6aBcc/53FoCJjXQMd7rBUDEpeevrK8V5jQVoJE
!
redundancy
!
!
ip ssh time-out 90
ip ssh authentication-retries 5
ip ssh version 2
!
policy-map VPNPolicy
class class-default
shape average 128000
policy-map VNPPolicy
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ***** address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TSET
!
!
!
!
!
!
interface Tunnel1
ip address 10.20.10.1 255.255.255.0
ip mtu 1398
tunnel source 75.158.242.214
tunnel mode ipsec ipv4
tunnel destination 207.134.158.119
tunnel protection ipsec profile VTI
service-policy output VPNPolicy
!
interface FastEthernet0/0
description LAN 10.19.10.0
ip address 10.19.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
description ISP-Telus-DHCP
ip address dhcp
ip access-group 111 in
ip mtu 1450
ip nat outside
ip inspect fwinbound in
ip inspect fwoutbound out
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Virtual-Template1
description -----Interface VPN PPTP-----
ip unnumbered FastEthernet0/0
ip nat inside
ip virtual-reassembly in
peer default ip address dhcp-pool LANPOOL
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
router rip
version 2
network 10.0.0.0
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat inside source list 100 interface FastEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 75.158.240.1
!
logging trap debugging
logging 10.19.10.1
access-list 100 remark ---NAT Rules---
access-list 100 permit ip 10.19.10.0 0.0.0.255 any
access-list 100 remark
access-list 111 remark ---SSH REMOTE ACCESS ---------
access-list 111 permit tcp any any eq 22
access-list 111 remark ---NTP SERVERS --------
access-list 111 permit ip host 132.246.168.148 any
access-list 111 permit ip host 132.246.168.164 any
access-list 111 remark ---DMVPN --------
access-list 111 permit esp any any
access-list 111 permit gre any any
access-list 111 remark ---CONNECTIVITY -----------------
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit tcp any any eq 139
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 10000
access-list 111 permit udp any any eq 10000
access-list 111 permit udp any eq domain any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 remark ---PERSONAL-----
access-list 111 permit tcp any any eq www
access-list 111 permit udp any eq isakmp any eq isakmp
!
!
!
!
snmp-server community Simon RW
!
!
control-plane
!
!
banner exec ^C Routeur 1841
!
line con 0
exec-timeout 90 0
width 132
speed 115200
line aux 0
line vty 0 4
exec-timeout 90 0
privilege level 15
login local
width 132
notify
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
end
1841Riki#
A voir également:
Probleme IPSec Serveur Téléphonique invisible de l'autre coté