Access-list Cisco 871

Bonjour à tous,

Un routeur Cisco 871 me pose problème, à savoir que je ne parviens pas à comprendre pourquoi je n'arrive pas à configurer correctement ses

access-list.
Actuellement avec la configuration ci-dessous il fonctionne parfaitement et permet la connexion internet à tous les postes du réseau local. La

liaison VPN avec un autre site est parfaitement fonctionnelle.

Je souhaite autoriser les requetes ping depuis internet vers sa patte wan mais impossible; j'obtiens toujours un "Délai d'attente de la demande

dépassé". Je dispose pourtant d'un second routeur identique sur un autre site avec la même config qui lui répond au ping sans problème ou bien

permet également d'accéder à sa configuration en telnet sur sa patte wan (ce qui est donc également impossible avec celui qui me pose

problème).

J'ai tenter d'ajouter dans les différentes access-list du "permit icmp any any" mais rien à faire. Et d'ailleurs dans l'autre routeur identique

il n'y a pas ce type de règles et pourtant on peu donc le ping ...

Si quelqu'un à une idée je suis preneur !
Merci ^^

Voici la config du Cisco récalcitrant :
Current configuration : 4408 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-324363226
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-324363226
revocation-check none
rsakeypair TP-self-signed-324363226
!
!
crypto pki certificate chain TP-self-signed-324363226
certificate self-signed 01
<.................................>
quit
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.100
ip dhcp excluded-address 192.168.2.201
!
ip dhcp pool PoolA
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.2
dns-server 192.168.1.201
lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
!
multilink bundle-name authenticated
vpdn enable
!
!
!
username XXXX privilege 15 password 7
username XXX privilege 15 secret 5
!
!
crypto isakmp policy 1
authentication pre-share
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXXXX address XX.XX.XX.XX
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map vpnmap1 10 ipsec-isakmp
description Tunnel A
set peer XX.XX.XX.XX
set transform-set ESP-3DES-SHA
match address 110
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1300
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent delay 60
dialer-group 1
no cdp enable
ppp chap hostname fti/XXXXXX
ppp chap password 7 XXXXXX
crypto map vpnmap1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 102 interface Dialer0 overload
!
no logging trap
access-list 23 permit any
access-list 102 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.255.255
no cdp run
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end


########################################################################

Configuration de l'autre Cisco 871 qui ne pose pas de soucis (ping possible sur sa patte wan depuis l'exterieur) :

Current configuration : 4428 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname B
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3173702775
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3173702775
revocation-check none
rsakeypair TP-self-signed-3173702775
!
crypto pki certificate chain TP-self-signed-3173702775
certificate self-signed 01
<.................................>
quit
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1 192.168.3.100
ip dhcp excluded-address 192.168.3.201
!
ip dhcp pool PoolB
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.2
dns-server 192.168.1.201
lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
!
multilink bundle-name authenticated
vpdn enable
!
!
!
username XXXX privilege 15 password 7
username XXX privilege 15 secret 5
!
!
crypto isakmp policy 1
authentication pre-share
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXXXX address XX.XX.XX.XX
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map vpnmap1 11 ipsec-isakmp
description Tunnel B
set peer XX.XX.XX.XX
set transform-set ESP-3DES-SHA
match address 111
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1300
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.3.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1300
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent delay 60
dialer-group 1
no cdp enable
ppp chap hostname fti/XXXXXX
ppp chap password 7 XXXXXX
crypto map vpnmap1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 102 interface Dialer0 overload
!
access-list 23 permit any
access-list 102 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 111 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255
no cdp run
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 111 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255
no cdp run
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end