Всем привет. Сразу скажу в цисках я полный ноль, только начал осваивать, но работа, как гриться ждать не будет пока я по умнею. В результате вопрос/просьба. Имею циско 2801. Провел первичные настройки, настроил SDM. С помощью SDM пытался поднять сервер Easy VPN server. Тесты он все проходит, но из вне подключиться все равно не удаеться. На всякий случай прикладываю конфиг. Помогите пожалуйста, все таки поднять впн сервер с помощью SDM или так...!version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname cs2801 ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret 5 $1$qk0/$D//eu7ZBACiCx30og0oBG1 enable password PASSWORD ! aaa new-model ! ! aaa group server radius sdm-vpn-server-group-1 server 192.168.0.1 auth-port 1645 acct-port 1646 ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 group sdm-vpn-server-group-1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 group sdm-vpn-server-group-1 local ! aaa session-id common ! resource policy ! no ip routing no ip cef ! voice-card 0 ! crypto pki trustpoint TP-self-signed-2173705688 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2173705688 revocation-check none rsakeypair TP-self-signed-2173705688 ! crypto pki certificate chain TP-self-signed-2173705688 certificate self-signed 01 3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32313733 37303536 3838301E 170D3038 30313232 31333531 30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31373337 30353638 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100EF3C 68A91580 6CAA5F68 6AD9D8FD DEFB2A07 422CD6D5 48806CE8 197DCE4B 792460CE A80C4B0F 7D7109DB B458BE3C BF97C9E3 5E8E4F02 96015FD3 9859C7DE E1B3C888 479D60BF FD53F935 8558B900 C5149CB7 A390A738 9D834F5E B457F2A9 DE77DAE4 BBAC21D1 0822D549 D881C61A 9C2BAB0B FE953171 61552AD5 91D39237 76F70203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 551D1104 0A300882 06637332 38303130 1F060355 1D230418 30168014 377C6174 7217EE15 8823E82C FEDEE9B2 C2EF81E2 301D0603 551D0E04 16041437 7C617472 17EE1588 23E82CFE DEE9B2C2 EF81E230 0D06092A 864886F7 0D010104 05000381 81005BBC B0C8D4C9 E2680C3C 7FE3E8E3 508F7B6A 827EAD73 E2A09B4C B2877D53 CC343D2F B244239B DC110382 7B50DDFE 34A33328 365C9255 97D064E7 DF01D16A 73E0C925 AA279F9D 29DB874F 8FF9C874 028F526F 0C6D22EF A06D0C37 F9989878 3DDC8683 A7C74F9C D2A8309F 082BFA28 0A841812 C642390C CB93BF82 D9345099 1EFF quit username SDM privilege 15 secret 5 $1$xrEr$qX3/cmvgmbWMXVu6mJ7Mo/ ! crypto isakmp policy 1 encr 3des group 2 ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPNClients key vjqrk.xbr dns 192.168.0.1 192.168.0.2 wins 192.168.0.1 domain localnet.local pool SDM_POOL_1 include-local-lan netmask 255.255.255.0 crypto isakmp profile sdm-ike-profile-1 match identity group VPN match identity group VPNClients client authentication list sdm_vpn_xauth_ml_1 isakmp authorization list sdm_vpn_group_ml_1 client configuration address respond virtual-template 1 ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA set isakmp-profile sdm-ike-profile-1 ! interface FastEthernet0/0 description $ETH-LAN$ ip address 192.168.0.9 255.255.255.0 no ip route-cache speed auto full-duplex no mop enabled ! interface FastEthernet0/1 description $ETH-LAN$ ip address 172.16.0.1 255.255.255.0 no ip route-cache duplex auto speed auto ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0/1 tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! ip local pool SDM_POOL_1 192.168.0.100 192.168.0.200 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! ip radius source-interface FastEthernet0/0 snmp-server community public RO ! radius-server host 192.168.0.1 auth-port 1645 acct-port 1646 timeout 5 key vjqrk.x ! control-plane ! line con 0 line aux 0 line vty 0 4 password PASSWORD line vty 5 15 transport input telnet ssh ! scheduler allocate 20000 1000 end
|