Besoin d'aide pour faire un VPN sur CISCO !
hAdEsS
Messages postés
42
Statut
Membre
-
Tix -
Tix -
Bonjour,
Voila depuis quelques temps j'ai mis en place un réseaux avec routeur CISCO 871, comprenant le service VPN.
Mon problème est que je n'arrive désespérément pas à configurer mon VPN (avec Easy VPN Server) pour qu'un utilisateur Nomade puisse accéder au réseaux de l'entreprise.
Es que qu'une personne charitable ayant déjà effectuer se genre de manip pourrait me mp ou m'aide à résoudre mon problème ?
Merci
Je vous poste la conf de mon routeur :
Voila depuis quelques temps j'ai mis en place un réseaux avec routeur CISCO 871, comprenant le service VPN.
Mon problème est que je n'arrive désespérément pas à configurer mon VPN (avec Easy VPN Server) pour qu'un utilisateur Nomade puisse accéder au réseaux de l'entreprise.
Es que qu'une personne charitable ayant déjà effectuer se genre de manip pourrait me mp ou m'aide à résoudre mon problème ?
Merci
Je vous poste la conf de mon routeur :
Building configuration... Current configuration : 14704 bytes ! ! Last configuration change at 19:18:12 PCTime Sat Nov 22 2008 by admin ! NVRAM config last updated at 19:16:33 PCTime Sat Nov 22 2008 by admin ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname Cisco ! boot-start-marker boot-end-marker ! logging buffered 51200 logging console critical enable secret 5 ****. ! aaa new-model ! ! aaa authentication login local_authen local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec local_author local aaa authorization network sdm_vpn_group_ml_1 local ! ! aaa session-id common clock timezone PCTime 1 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 ! crypto pki trustpoint TP-self-signed-2409708405 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2409708405 revocation-check none rsakeypair TP-self-signed-2409708405 ! crypto pki trustpoint tti revocation-check crl rsakeypair tti ! ! crypto pki certificate chain TP-self-signed-2409708405 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32343039 37303834 3035301E 170D3038 31313038 31363132 33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34303937 30383430 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A08A 9AAE6DFB D291C0FB 3912AA27 A39F9EA1 B5F69989 4975E03F 71EFDDDE 8B3F2DAF 72566D66 29D0D425 BF9A926B 4CB68103 75254496 9D1A5F2E FB54C461 E2ADFA17 7ED55223 0585F3D7 B58A088E 7612B369 F096A94A F35F254D 957AE36B AC7AE2EB EBCC81EB 14C3165A 08C1D148 9020398C E05D831D A3A05B31 0E956C2F 70ED0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 142B372E 7D0334DB 44E1E656 A6C1DD1C 36335333 46301D06 03551D0E 04160414 2B372E7D 0334DB44 E1E656A6 C1DD1C36 33533346 300D0609 2A864886 F70D0101 04050003 8181008C 2768B337 8A59F6C9 C6B258FD 3650E6DE 27A5D3B7 82FAD9F6 B3928829 0F133808 B8740B83 62154A1F DF182898 CEF49456 70596A6C E055CE3D 3FB59C62 E68C2FC7 118E673E 3D9735A3 B093EA95 F3B2269F DA0167FE 4849BD0E CBAEA3B0 5BCA48B5 C9444725 A5A3CE6E 8A07D737 E89B15C6 1586BB44 ABE6A26D 8B55FD45 28DE18 quit crypto pki certificate chain tti dot11 syslog no ip source-route ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 192.168.1.9 ip dhcp excluded-address 192.168.1.51 192.168.1.254 ! ip dhcp pool sdm-pool1 import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 domain-name fasiladom dns-server 192.168.1.1 192.168.10.254 ! ! no ip bootp server ip domain name fasiladom.dom ip name-server 192.168.10.254 ip name-server 192.168.1.1 ! ! ! username admin privilege 15 secret 5 pass_admin username nomade privilege 15 view SDM_EasyVPN_Remote secret 5 $pass_nomade ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group nomade key nomade dns 192.168.10.254 domain fasiladom pool SDM_POOL_1 include-local-lan netmask 255.255.255.0 crypto isakmp profile sdm-ike-profile-1 match identity group nomade client authentication list sdm_vpn_xauth_ml_1 isakmp authorization list sdm_vpn_group_ml_1 client configuration address initiate client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA set isakmp-profile sdm-ike-profile-1 ! ! archive log config hidekeys ! ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 2 ! class-map type inspect match-any SDM_AH match access-group name SDM_AH class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-insp-traffic match class-map sdm-cls-insp-traffic class-map type inspect match-any SDM_IP match access-group name SDM_IP class-map type inspect match-any SDM_ESP match access-group name SDM_ESP class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC match protocol isakmp match protocol ipsec-msft match class-map SDM_AH match class-map SDM_ESP class-map type inspect match-all SDM_EASY_VPN_SERVER_PT match class-map SDM_EASY_VPN_SERVER_TRAFFIC class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-icmp-access match class-map sdm-cls-icmp-access class-map type inspect match-all sdm-protocol-http match protocol http ! ! policy-map type inspect sdm-permit-icmpreply class type inspect sdm-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-insp-traffic inspect class type inspect sdm-protocol-http inspect class class-default policy-map type inspect sdm-permit class type inspect SDM_EASY_VPN_SERVER_PT pass class class-default policy-map type inspect sdm-permit-ip class type inspect SDM_IP pass class class-default drop log ! zone security out-zone zone security in-zone zone security ezvpn-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone service-policy type inspect sdm-permit-ip zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone service-policy type inspect sdm-permit-ip ! ! ! interface Null0 no ip unreachables ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$ ip address 192.168.10.1 255.255.255.0 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly zone-member security out-zone ip route-cache flow duplex auto speed auto ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet4 zone-member security ezvpn-zone tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.1.254 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly zone-member security in-zone ip route-cache flow ip tcp adjust-mss 1452 ! ip local pool SDM_POOL_1 192.168.2.1 192.168.2.10 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.10.254 ! ip http server ip http access-class 2 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ! ip access-list extended SDM_AH remark SDM_ACL Category=1 permit ahp any any ip access-list extended SDM_ESP remark SDM_ACL Category=1 permit esp any any ip access-list extended SDM_IP remark SDM_ACL Category=1 permit ip any any ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 2 remark HTTP Access-class list access-list 2 remark SDM_ACL Category=1 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 2 deny any access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip 192.168.10.0 0.0.0.255 any access-list 101 remark VTY Access-class list access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip 192.168.1.0 0.0.0.255 any access-list 101 deny ip any any access-list 105 remark SSH ACL access-list 105 remark SDM_ACL Category=1 access-list 105 remark ss access-list 105 permit udp any any access-list 105 remark connexion externe access-list 105 permit ip any any no cdp run ! ! ! control-plane ! banner exec ^C % Password expiration warning. ----------------------------------------------------------------------- Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username <myuser> privilege 15 secret 0 <mypassword> Replace <myuser> and <mypassword> with the username and password you want to use. ----------------------------------------------------------------------- ^C banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login authentication local_authen no modem enable transport output telnet line aux 0 login authentication local_authen transport output telnet line vty 0 3 access-class 101 in access-class 105 out authorization exec local_author login authentication local_authen length 0 transport input telnet ssh transport output ssh line vty 4 access-class 101 in access-class 105 out authorization exec local_author login authentication local_authen length 0 transport input telnet ssh transport output ssh parser view SDM_EasyVPN_Remote secret 5 ****. ! Last configuration change at 19:18:12 PCTime Sat Nov 22 2008 by admin ! NVRAM config last updated at 19:16:33 PCTime Sat Nov 22 2008 by admin ! ! Last configuration change at 19:18:12 PCTime Sat Nov 22 2008 by admin ! NVRAM config last updated at 19:16:33 PCTime Sat Nov 22 2008 by admin ! ! Last configuration change at 19:18:12 PCTime Sat Nov 22 2008 by admin ! NVRAM config last updated at 19:16:33 PCTime Sat Nov 22 2008 by admin ! commands interface include all crypto commands interface include all no crypto commands interface include no commands configure include end commands configure include all radius-server commands configure include all access-list commands configure include ip radius source-interface commands configure include ip radius commands configure include all ip nat commands configure include ip dns server commands configure include ip dns commands configure include all interface commands configure include all identity policy commands configure include identity profile commands configure include identity commands configure include all dot1x commands configure include all ip domain lookup commands configure include ip domain commands configure include ip commands configure include all crypto commands configure include all aaa commands configure include default end commands configure include all default radius-server commands configure include all default access-list commands configure include default ip radius source-interface commands configure include default ip radius commands configure include all default ip nat commands configure include default ip dns server commands configure include default ip dns commands configure include all default interface commands configure include all default identity policy commands configure include default identity profile commands configure include default identity commands configure include all default dot1x commands configure include all default ip domain lookup commands configure include default ip domain commands configure include default ip commands configure include all default crypto commands configure include all default aaa commands configure include default commands configure include no end commands configure include all no radius-server commands configure include all no access-list commands configure include no ip radius source-interface commands configure include no ip radius commands configure include all no ip nat commands configure include no ip dns server commands configure include no ip dns commands configure include all no interface commands configure include all no identity policy commands configure include no identity profile commands configure include no identity commands configure include all no dot1x commands configure include all no ip domain lookup commands configure include no ip domain commands configure include no ip commands configure include all no crypto commands configure include all no aaa commands configure include no commands exec include dir all-filesystems commands exec include dir commands exec include crypto ipsec client ezvpn connect commands exec include crypto ipsec client ezvpn xauth commands exec include crypto ipsec client ezvpn commands exec include crypto ipsec client commands exec include crypto ipsec commands exec include crypto commands exec include write memory commands exec include write commands exec include all ping ip commands exec include ping commands exec include configure terminal commands exec include configure commands exec include all show commands exec include no commands exec include all debug appfw commands exec include all debug ip inspect commands exec include debug ip commands exec include debug commands exec include all clear ! ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end
A voir également:
- Besoin d'aide pour faire un VPN sur CISCO !
- Vpn comment ça marche - Guide
- Vpn gratuit - Accueil - Guide VPN
- Hola vpn chrome - Guide
- Vpn pour netflix - Guide
- Nord vpn - Guide
6 réponses
Bonjour,
Dis moi hAdEsS, as-tu réussi à configurer ton routeur ??
Car moi aussi je dois configurer un routeur CISCO 1811 (soit avec l'interface web SDM soit en ligne de commande) et je n'y arrive pas!!
Si tu as réussi, pourrais-tu me donner tes commandes afin de pouvoir mettre en place mon VPN !!!
Merci d'avance !!!
Dis moi hAdEsS, as-tu réussi à configurer ton routeur ??
Car moi aussi je dois configurer un routeur CISCO 1811 (soit avec l'interface web SDM soit en ligne de commande) et je n'y arrive pas!!
Si tu as réussi, pourrais-tu me donner tes commandes afin de pouvoir mettre en place mon VPN !!!
Merci d'avance !!!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
