VPN site to site IPSec Cisco 1841

Résolu/Fermé
aguisse5 Messages postés 30 Date d'inscription lundi 3 septembre 2007 Statut Membre Dernière intervention 21 janvier 2015 - Modifié par brupala le 20/08/2013 à 20:48
aguisse5 Messages postés 30 Date d'inscription lundi 3 septembre 2007 Statut Membre Dernière intervention 21 janvier 2015 - 20 août 2013 à 17:08
Bonjour,

J'ai mis en place un site -to site VPN IPSec pour connecter 2 routeur cisco 1841.
Tous les test que j'ai effectuer son concluant mais le status du tunnel est toujours down.
Je demande votre pour trouve une solution a mon probleme.
Voici les config des 2 routeurs.

router1#sh run
Building configuration...

Current configuration : 4678 bytes
!
! Last configuration change at 17:08:51 UTC Mon Aug 19 2013
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sonefsiege
!
boot-start-marker
boot-end-marker
!
!
logging buffered 52000
enable secret 5 ********
enable password *******
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.4.1 192.168.4.10
!
ip dhcp pool siege
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server 196.200.80.4 196.200.80.24
netbios-name-server 192.168.1.1
domain-name sonefmali.com
!
!
!
ip cef
ip name-server 196.200.80.4
ip name-server 196.200.80.24
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3706334147
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3706334147
revocation-check none
rsakeypair TP-self-signed-3706334147
!
!
crypto pki certificate chain TP-self-signed-3706334147
certificate self-signed 01
quit
!
!
license udi pid CISCO1841 sn ********
archive
log config
hidekeys
username hanako privilege 15 secret 4 ***********
!
redundancy
!
!
!
!
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2

crypto isakmp key ******* address 196.200.95.241
!
!
crypto ipsec transform-set hanako esp-3des esp-md5-hmac
!
crypto map siege 11 ipsec-isakmp
set peer 196.200.95.241
set transform-set hanako
match address 122

!
!
!
!
!
!
interface FastEthernet0/0
ip address 196.200.95.176 255.255.255.192
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map sonef
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjuste-mss 1452
!
ip default-gateway 196.200.95.129
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 FastEthernet 0/0 overload
ip nat pool sonefsiege 196.200.95.176 196.200.95.189 netmask 255.255.255.192
ip nat inside source route-map nonat pool siege overload
ip route 0.0.0.0 0.0.0.0 196.200.95.129
!
ip access-list extended filtrage
permit tcp 192.168.4.0 0.0.0.255 any eq www
permit tcp 192.168.4.0 0.0.0.255 any eq domain
permit udp 192.168.4.0 0.0.0.255 any eq domain
permit tcp 192.168.4.0 0.0.0.255 any eq 443
permit udp any any eq bootps
permit udp any any eq bootpc
permit tcp 192.168.4.0 0.0.0.255 any eq telnet
permit icmp any any
!

access-list 122 permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 122 permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 130 permit ip 192.168.4.0 0.0.0.255 any
access-list 130 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 130 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 130 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip any any

!
!
route-map nonat permit 10
match ip address 130
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password **********
login
transport input all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
end

ET Voici pour le routeur 2

routeur2#sh run
Building configuration...

Current configuration : 4797 bytes
!
! Last configuration change at 13:18:24 GTM Sat Aug 17 2013 by hanako
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sonefguichet1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable password ******
!
no aaa new-model
!
memory-size iomem 10
clock timezone GTM 8 0
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.200
!
ip dhcp pool sonefguichet1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
netbios-name-server 192.168.1.1
domain-name sonefmali.com
dns-server 196.200.80.4 196.200.80.24
!
!
!
ip cef
no ip domain lookup
ip name-server 196.200.80.4
ip name-server 196.200.80.24
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3478884566
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3478884566
revocation-check none
rsakeypair TP-self-signed-3478884566
!
!
crypto pki certificate chain TP-self-signed-3478884566
certificate self-signed 01
quit
!
!
license udi pid CISCO1841 sn *******
username hanako privilege 15 secret 4 ********
!
redundancy
!
!
!
!
!
crypto ipsec transform-set sonef esp-3des esp-md5-hmac
!
crypto map sonefguichet1 13 ipsec-isakmp
set peer 196.200.95.176
set transform-set sonef
match address 120
!
!
!
!
!
interface FastEthernet0/0
ip address 196.200.95.241 255.255.255.192
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map sonefguichet1
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip default-gateway 196.200.95.193
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overlo
ip nat inside source route-map nonat pool sonef overload
ip route 0.0.0.0 0.0.0.0 196.200.95.193
!
ip access-list extended filtrage
permit udp 192.168.1.0 0.0.0.255 any eq domain
permit tcp 192.168.1.0 0.0.0.255 any eq www
permit tcp 192.168.1.0 0.0.0.255 any eq 443
permit tcp 192.168.1.0 0.0.0.255 any eq ftp
permit tcp 192.168.1.0 0.0.0.255 any eq ftp-data
permit tcp 192.168.1.0 0.0.0.255 any eq pop3
permit tcp 192.168.1.0 0.0.0.255 any eq telnet
permit udp 192.168.1.0 0.0.0.255 any eq bootps
permit tcp 192.168.1.0 0.0.0.255 any eq 22
!
access-list 100 remark SDM_ACL Category=16
access-list 100 deny ip 0.0.0.0 255.255.255.0 host 192.168.4.0
access-list 100 permit ip any any
access-list 120 remark SDM_ACL Category=4
access-list 120 permit ip 0.0.0.0 255.255.255.0 host 192.168.4.0
access-list 122 permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 130 remark SDM_ACL Category=18
access-list 130 deny ip 0.0.0.0 255.255.255.0 host 192.168.4.0
access-list 130 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 130 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map nonat permit 10
match ip address 130
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password *******
login
transport input all
!
scheduler allocate 20000 1000
end

Merci.




--
A voir également:

1 réponse

aguisse5 Messages postés 30 Date d'inscription lundi 3 septembre 2007 Statut Membre Dernière intervention 21 janvier 2015 3
20 août 2013 à 17:08
Personne pour m'aider ??
Les moderateurs] manifeté vous s'il vous plait

Merci.
0