Buenas,
Antes de nada felicitaros a tod@s aquellos que haceis posible la existencia de esta pagina.
Os cuento un poco mi historia....
Tengo como extremo de una vpn un cisco 827h.
Dicho router tiene configuradas unas vpn contra unos routers 1721 de cisco. Desde esos routers y via SDM se ha comprobado que funciona bien la vpn.Desde mi extremo hago ping a los equipos de la vpn siempre y cuando en el interface atm0.1 no configure el ip nat outside.
La idea es poder configurar el ip nat outside en el interface atm0.1 y que funcione tambien la vpn...algun error debo de tener en mi configuracion que os muestro seguido....
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname olmillos
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa session-id common
ip subnet-zero
!
!
ip domain name serced.net
ip inspect name myfw smtp
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name myfw realaudio
ip inspect name myfw ftp
ip inspect name myfw http
ip inspect name myfw rcmd
ip inspect name myfw tftp
ip inspect name myfw vdolive
ip inspect name myfw cuseeme
ip inspect name myfw sqlnet
ip ssh time-out 60
!
!
username root privilege 15 password 7 xxxxxxxxxxxxxxxxxx
!
!
!
crypto isakmp policy 20
encr 3des
authentication pre-share
lifetime 28800
crypto isakmp key xxxxxxxxxxxxxxxxxx address xxxxxxxxxxxxxxxxxx
crypto isakmp key xxxxxxxxxxxxxxxxxx address xxxxxxxxxxxxxxxxxx
!
!
crypto ipsec transform-set vpnremoto1 esp-3des esp-sha-hmac
!
crypto map cmap-dele 101 ipsec-isakmp
description destination cedis set transform-set vpnremoto1
set peer xxxxxxxxxxxxxxxxxx
set transform-set vpnremoto1
match address 110
crypto map cmap-dele 102 ipsec-isakmp
set peer xxxxxxxxxxxxxxxxxx
set transform-set vpnremoto1
match address 111
!
!
!
interface Tunnel0
no ip address
!
interface Ethernet0
ip address 192.168.155.254 255.255.255.0
ip nat inside
ip inspect myfw in
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address xxxxxxxxxxxxxxxxxx
ip nat outside /// si tengo esto añadido aqui no me funciona la vpn
ip virtual-reassembly
crypto map cmap-dele
pvc 8/32
encapsulation aal5snap
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1 permanent
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 100 interface ATM0.1 overload
!
!
access-list 1 permit xxxxxxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxxxxxx
access-list 1 permit 192.168.155.0 0.0.0.255
access-list 100 permit ip 192.168.155.0 0.0.0.255 any
access-list 100 deny ip 192.168.155.0 0.0.0.255 192.168.156.0 0.0.0.255
access-list 100 deny ip 192.168.155.0 0.0.0.255 192.168.157.0 0.0.0.255
access-list 100 deny ip 192.168.155.0 0.0.0.255 192.168.154.0 0.0.0.255
access-list 110 permit ip 192.168.155.0 0.0.0.255 192.168.156.0 0.0.0.255
access-list 111 permit ip 192.168.155.0 0.0.0.255 192.168.157.0 0.0.0.255
access-list 112 permit ip 192.168.155.0 0.0.0.255 192.168.154.0 0.0.0.255
!
!
control-plane
!
banner login c Prohibido cualquier ACCESO NO AUTORIZADO.Se notificara a las autoridades pertinentes.
!
line con 0
exec-timeout 120 0
password 7 xxxxxxxxxxxxxxxxxx
login authentication local
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxxxxx
login authentication local
transport input ssh
!
scheduler max-task-time 5000
end
Estoy ya desesperado con el tema... alguien me puede echar una mano??
Un saludo y gracias
heze54
