Cisco 1841 Router Easy VPN Kurulumu
CLI Guru - Cisco Eğitim ve Danışmanlık Merkezi |

2007 yılından bu yana aktif olan ciscotr.com, artık " www.bilisim.pro " olarak devam edecektir.  
Mevcut mesajlarınız ve kullanıcı bilgilerinizle sitemizde katılıma devam edebilirsiniz.

+ Reply to Thread
Results 1 to 3 of 3
Cisco 1841 Router Easy VPN Kurulumu

G.SHDSL Cisco 1841 Router kullanıyorum, şuan Site to Site VPN bağlantı kullanıyoruz. Easy VPN kullanmamız gerekti ve sitenizde Cisco SDM (Cisco Router and Security Device Manager) ile Easy VPN Kurulumu

  1. #1
    VOLKAN is offline Junior Member
    Join Date
    Dec 2010
    Posts
    2

    Default Cisco 1841 Router Easy VPN Kurulumu

    G.SHDSL Cisco 1841 Router kullanıyorum, şuan Site to Site VPN bağlantı kullanıyoruz. Easy VPN kullanmamız gerekti ve sitenizde Cisco SDM (Cisco Router and Security Device Manager) ile Easy VPN Kurulumuna bakarak ayarları yaptım.

    VPN client ile EASY VPN Server a bağlanamadım. "Reason 412: The remote peer is no longer responding." hatası veriyor. Bu sorunu nasıl çözebilirim.

  2. #2
    GhoSt is offline Senior Member
    Join Date
    Dec 2007
    Location
    Ankara
    Posts
    1,664

    Default

    Selamlar,

    Network Address Translation (NAT) kaynaklı bir sorun olabilir , yaptığınız config in çıktısını eklerseniz bakalım
    Mr.google knows everything , ask to him...

  3. #3
    VOLKAN is offline Junior Member
    Join Date
    Dec 2010
    Posts
    2

    Default

    Building configuration...

    Current configuration : 11797 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname MAGAZA
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200 debugging
    logging console critical
    enable secret 5
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa authentication login sdm_vpn_xauth_ml_1 group radius local
    aaa authorization exec default local
    aaa authorization network sdm_vpn_group_ml_1 group radius local
    !
    aaa session-id common
    clock timezone PCTime 2
    clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
    no ip source-route
    ip cef
    !
    !
    !
    !
    no ip bootp server
    ip domain name yourdomain.com
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    crypto pki trustpoint TP-self-signed-888888889
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-888888889
    revocation-check none
    rsakeypair TP-self-signed-888888889
    !
    !
    crypto pki certificate chain TP-self-signed-888888889
    certificate self-signed 01



















    quit
    username volkan privilege 15 secret 5
    username hakan privilege 15 secret 5
    !
    !
    controller DSL 0/0/0
    mode atm
    line-term cpe
    line-mode 2-wire line-zero
    dsl-mode shdsl symmetric annex B
    line-rate auto
    !
    ip tcp synwait-time 10
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    crypto isakmp policy 1
    encr 3des
    hash md5
    authentication pre-share
    !
    crypto isakmp policy 2
    encr 3des
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key password address 90.90.90.30
    crypto isakmp key password address 90.90.90.31 no-xauth
    crypto isakmp key password address 90.90.90.32 no-xauth
    crypto isakmp key password address 90.90.90.33 no-xauth
    crypto isakmp client configuration address-pool local SDM_POOL_1
    !
    crypto isakmp client configuration group EASYVPN
    key password
    dns 192.168.0.1 192.168.0.9
    wins 192.168.0.1
    pool SDM_POOL_1
    acl 106
    group-lock
    include-local-lan
    pfs
    max-users 10
    max-logins 1
    netmask 255.255.255.0
    !
    !
    crypto ipsec transform-set MAGAZA2 esp-3des esp-md5-hmac
    crypto ipsec transform-set MAGAZA3 esp-3des esp-md5-hmac
    crypto ipsec transform-set MAGAZA4 esp-3des esp-md5-hmac
    crypto ipsec transform-set EASYVPN esp-3des esp-sha-hmac
    !
    crypto dynamic-map SDM_DYNMAP_1 1
    set security-association idle-time 1800
    set transform-set EASYVPN
    reverse-route
    !
    !
    crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
    crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
    crypto map SDM_CMAP_1 client configuration address respond
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to90.90.90.32
    set peer 90.90.90.32
    set transform-set MAGAZA2
    match address 100
    crypto map SDM_CMAP_1 4 ipsec-isakmp
    description Tunnel to90.90.90.33
    set peer 90.90.90.33
    set transform-set MAGAZA3
    match address 102
    crypto map SDM_CMAP_1 5 ipsec-isakmp
    description Tunnel to90.90.90.31
    set peer 90.90.90.31
    set transform-set MAGAZA4
    match address 105
    crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
    !
    !
    !
    interface FastEthernet0/0
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
    ip address 192.168.0.1 255.255.255.0
    ip mask-reply
    ip directed-broadcast
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1412
    duplex auto
    speed auto
    no mop enabled
    !
    interface FastEthernet0/1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    duplex auto
    speed auto
    no mop enabled
    !
    interface ATM0/0/0
    no ip address
    no atm ilmi-keepalive
    !
    interface ATM0/0/0.1 point-to-point
    description $ES_WAN$$FW_OUTSIDE$
    ip mask-reply
    ip directed-broadcast
    pvc 8/35
    pppoe-client dial-pool-number 1
    !
    !
    interface Dialer0
    ip address 90.90.90.35 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip mtu 1452
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip route-cache flow
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap [email protected]
    ppp chap password 7 1111111111111111
    ppp pap [email protected] password 7 1111111111111112
    ppp multilink
    crypto map SDM_CMAP_1
    !
    ip local pool SDM_POOL_1 192.168.0.50 192.168.0.60
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source static tcp 90.90.90.35 3389 interface FastEthernet0/0 3389
    ip nat inside source static tcp 192.168.0.3 3389 interface Dialer0 3389
    ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
    ip nat outside source static tcp 90.90.90.35 1384 192.168.0.1 1384 extendable
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=FastEthernet0/0
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
    access-list 101 remark SDM_ACL Category=2
    access-list 101 deny tcp host 90.90.90.35 eq 3389 any
    access-list 101 deny tcp host 192.168.0.3 eq 3389 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.50
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.51
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.52
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.53
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.54
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.55
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.56
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.57
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.58
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.59
    access-list 101 deny ip 192.168.0.0 0.0.255.255 host 192.168.0.60
    access-list 101 remark IPSec Rule
    access-list 101 deny ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
    access-list 101 remark IPSec Rule
    access-list 101 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 101 remark IPSec Rule
    access-list 101 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
    access-list 101 permit ip 192.168.0.0 0.0.0.255 any
    access-list 102 remark SDM_ACL Category=4
    access-list 102 remark IPSec Rule
    access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
    access-list 103 remark SDM_ACL Category=4
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
    access-list 104 remark SDM_ACL Category=4
    access-list 104 remark IPSec Rule
    access-list 104 permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
    access-list 105 remark SDM_ACL Category=4
    access-list 105 remark IPSec Rule
    access-list 105 permit ip 192.168.0.0 0.0.0.255 192.168.3.0 0.0.0.255
    access-list 106 remark SDM_ACL Category=4
    access-list 106 permit ip 192.168.0.0 0.0.255.255 any
    access-list 107 remark SDM_ACL Category=2
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.60
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.59
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.58
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.57
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.56
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.55
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.54
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.53
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.52
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.51
    access-list 107 deny ip host 192.168.0.3 host 192.168.0.50
    access-list 107 permit tcp host 192.168.0.3 eq 3389 any
    access-list 108 remark SDM_ACL Category=2
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.60
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.59
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.58
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.57
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.56
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.55
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.54
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.53
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.52
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.51
    access-list 108 deny ip host 90.90.90.35 host 192.168.0.50
    access-list 108 permit tcp host 90.90.90.35 eq 3389 any
    access-list 109 remark SDM_ACL Category=2
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.60
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.59
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.58
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.57
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.56
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.55
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.54
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.53
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.52
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.51
    access-list 109 deny ip host 90.90.90.35 host 192.168.0.50
    access-list 109 permit tcp host 90.90.90.35 eq 3389 any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    route-map SDM_RMAP_4 permit 1
    match ip address 109
    !
    route-map SDM_RMAP_1 permit 1
    match ip address 101
    !
    route-map SDM_RMAP_2 permit 1
    match ip address 107
    !
    route-map SDM_RMAP_3 permit 1
    match ip address 108
    !
    !
    !
    radius-server host 192.168.0.3 auth-port 1645 acct-port 1646 timeout 120 key 7 111111111111111111111111111113
    !
    control-plane
    !
    !
    banner login ^CCCAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    transport output telnet
    line aux 0
    transport output telnet
    line vty 0 4
    transport input telnet ssh
    line vty 5 15
    transport input telnet ssh
    !
    scheduler allocate 20000 1000
    end

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts