kahlimero

Hallo liebe Forengemeinde! Kämpfe seit einigen Tagen bereits mit meinem CISCO 836 Router herum und bitte daher hier um Hilfestellung. Das Problem: Habe einen über Easy VPN einen VPN Server eingerichtet, kann mich auch auf den Server connecten, aber ich erreiche nur die am Router fix vergebenen IP-Adressen!. Daher vermute ich dass ich den Tunnel irgendwo falsch hab enden lassen, oder das Routing nicht stimmt. Intern (Ethernet 0) ist ein 10.0.0.0/8-er Netz im Einsatz, für Internet werden alle 10.0.0.0-er Adressen auf die externe IP (Ethernet 2) umgesetzt (NAT). Anbei noch meinen Running-Config. Current configuration : 4336 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! memory-size iomem 5 no logging buffered enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXx enable password XXXXXXX ! aaa new-model ! ! aaa authentication login default local aaa authentication login userauth local aaa authorization exec default local aaa authorization network groupauth local ! aaa session-id common ! resource policy ! clock timezone Berlin 1 clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00 ip subnet-zero no ip dhcp use vrf connected ! ! ip cef ip name-server 195.3.96.67 ip name-server 195.3.96.68 no ip ips deny-action ips-interface ! ! crypto pki trustpoint TP-self-signed-2441788981 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2441788981 revocation-check none rsakeypair TP-self-signed-2441788981 ! ! crypto pki certificate chain TP-self-signed-2441788981 certificate self-signed 01 30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 CUT 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 3447ED12 65DB quit username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXx username XXXXXXXXXXXX password 0 XXXXX ! ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPNGroup key XXXXXXXXXXX dns 10.10.0.200 wins 10.10.0.200 pool vpnippool ! ! crypto ipsec transform-set vpntransform esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set vpntransform reverse-route ! ! crypto map clientemap client authentication list userauth ! crypto map clientmap isakmp authorization list groupauth crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! interface Ethernet0 description $ETH-WAN$ ip address 10.10.0.201 255.0.0.0 ip nat inside ip virtual-reassembly crypto map clientmap ! interface Ethernet2 ip address EXTERNE_IP_1 255.0.0.0 ip nat outside ip virtual-reassembly crypto map clientmap ! interface BRI0 no ip address shutdown ! interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! ip local pool vpnippool 10.10.0.210 10.10.0.230 ip classless ip route 0.0.0.0 0.0.0.0 EXTERNE_IP_2 no ip http server ip http secure-server ! ip nat pool nat-pool EXTERNE_IP EXTERNE_IP netmask 255.255.255.0 ip nat inside source list 1 pool nat-pool overload ! access-list 1 permit 10.0.0.0 0.255.255.255 ! control-plane ! line con 0 no modem enable line aux 0 line vty 0 4 transport input ssh transport output ssh ! scheduler max-task-time 5000 ! end Bin für jeden Hinweis dankbar! Bernhard K.