Vpn Cisco 1841

[micha5576 10]

Hallo Zusammen,

 

ich versuche ein VPN mit einem CISCO 1841 (192.168.10.100) und einem Windows 2000 (192.168.10.1) Server zu erstellen. Die externen Clients sollen über (DSL) die Windows VPN einwahl ins Netz kommen. Untenstehende Config ist im CISCO Router vorhanden, auch eine feste IP ist vorhanden. Was muß nun bei den Clients, dem Server und dem Router eingestellt, verändert werden, damit die Einwahl klappt? Vielen Dank... Grüße

 

Building configuration...

 

Current configuration : 4219 bytes

!

! Last configuration change at 17:06:04 UTC Wed Nov 21 2007 by michael

! NVRAM config last updated at 11:11:22 UTC Wed Nov 14 2007 by michael

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname R01-UHL

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 123456

!

username NNNNN password PPPPP

username NNNNN privilege 15 password PPPPP

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

aaa new-model

!

!

aaa authentication login client local

aaa authorization network client local

aaa session-id common

ip subnet-zero

ip cef

!

!

ip inspect name fw icmp

ip inspect name fw tcp

ip inspect name fw udp

ip inspect name fw ftp

ip inspect name fw sqlnet

ip inspect name fw tftp

ip inspect name fw http

!

!

ip ips po max-events 100

ip domain name domain.mm

no ftp-server write-enable

!

password encryption aes

!

!

!

!

!

crypto isakmp policy 10

encr aes 256

authentication pre-share

group 2

!

crypto isakmp client configuration group ciscovpn

key 132456

domain domain2.de

pool vpnclient

crypto isakmp profile vpnclient

match identity group ciscovpn

client authentication list client

isakmp authorization list client

client configuration address initiate

client configuration address respond

!

!

crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

!

crypto map mymap 10 ipsec-isakmp dynamic dynmap

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 192.168.10.100 255.255.255.0

ip access-group inside in

ip inspect fw out

ip nat inside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto tone low

pvc 1/32

pppoe-client dial-pool-number 1

!

!

interface Dialer1

ip address negotiated

ip access-group outside in

ip mtu 1456

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer remote-name t-online

dialer idle-timeout 600

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname feste-ip/XXXXX@t-online-com.de

ppp chap password XXXXXXXX

ppp pap sent-username feste-ip/XXXXX@t-online-com.de password XXXXXXXX

ppp ipcp dns request

ppp ipcp wins request

crypto map mymap

[micha5576 10]

!

ip local pool vpnclient 192.168.111.10 192.168.111.50

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

no ip http server

ip http access-class 1

ip http authentication local

ip http secure-server

ip nat inside source list nat interface Dialer1 overload

!

ip access-list extended inside

remark SDM_ACL Category=17

permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq telnet

permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq 22

permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq www

permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq 443

permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq cmd

deny udp any host 192.168.10.100 eq snmp

permit icmp any any

permit tcp any host 192.168.10.100 eq 443

permit tcp any host 192.168.10.100 eq 22

permit tcp any host 192.168.10.100 eq telnet

ip access-list extended nat

deny ip 192.168.10.0 0.0.0.255 192.168.111.0 0.0.0.255

ip access-list extended outside

remark SDM_ACL Category=17

permit ahp any any

permit icmp any any

permit tcp any any eq 22

permit esp any any

permit udp any any eq isakmp

permit udp any any eq non500-isakmp

permit tcp any host 111.222.333.444 eq 443

!

access-list 1 remark Auto generated by SDM Management Access feature

access-list 1 remark SDM_ACL Category=1

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 100 remark Auto generated by SDM Management Access feature

access-list 100 remark SDM_ACL Category=1

access-list 100 permit ip 192.168.10.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

access-class 100 in

privilege level 15

login authentication client

!

end

[micha5576 10]

Hat niemand einen Tipp oder Rat? .......

[Wordo 11]

VPN: IPSEC? IPSEC/L2TP? PPTP? Die Clients stehen wo?