CISCO 836 VPN Routing Probleme

[kahlimero 10]

Hallo liebe Forengemeinde!

 

Kämpfe seit einigen Tagen bereits mit meinem CISCO 836 Router herum und bitte daher hier um Hilfestellung.

 

Das Problem: Habe einen über Easy VPN einen VPN Server eingerichtet, kann mich auch auf den Server connecten, aber ich erreiche nur die am Router fix vergebenen IP-Adressen!. Daher vermute ich dass ich den Tunnel irgendwo falsch hab enden lassen, oder das Routing nicht stimmt. Intern (Ethernet 0) ist ein 10.0.0.0/8-er Netz im Einsatz, für Internet werden alle 10.0.0.0-er Adressen auf die externe IP (Ethernet 2) umgesetzt (NAT).

 

Anbei noch meinen Running-Config.

 

Current configuration : 4336 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

memory-size iomem 5

no logging buffered

enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXx

enable password XXXXXXX

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login userauth local

aaa authorization exec default local

aaa authorization network groupauth local

!

aaa session-id common

!

resource policy

!

clock timezone Berlin 1

clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00

ip subnet-zero

no ip dhcp use vrf connected

!

!

ip cef

ip name-server 195.3.96.67

ip name-server 195.3.96.68

no ip ips deny-action ips-interface

!

!

crypto pki trustpoint TP-self-signed-2441788981

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2441788981

revocation-check none

rsakeypair TP-self-signed-2441788981

!

!

crypto pki certificate chain TP-self-signed-2441788981

certificate self-signed 01

30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030

CUT

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

3447ED12 65DB

quit

username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXx

username XXXXXXXXXXXX password 0 XXXXX

!

!

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group VPNGroup

key XXXXXXXXXXX

dns 10.10.0.200

wins 10.10.0.200

pool vpnippool

!

!

crypto ipsec transform-set vpntransform esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set vpntransform

reverse-route

!

!

crypto map clientemap client authentication list userauth

!

crypto map clientmap isakmp authorization list groupauth

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!

interface Ethernet0

description $ETH-WAN$

ip address 10.10.0.201 255.0.0.0

ip nat inside

ip virtual-reassembly

crypto map clientmap

!

interface Ethernet2

ip address EXTERNE_IP_1 255.0.0.0

ip nat outside

ip virtual-reassembly

crypto map clientmap

!

interface BRI0

no ip address

shutdown

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet1

duplex auto

speed auto

!

interface FastEthernet2

duplex auto

speed auto

!

interface FastEthernet3

duplex auto

speed auto

!

interface FastEthernet4

duplex auto

speed auto

!

ip local pool vpnippool 10.10.0.210 10.10.0.230

ip classless

ip route 0.0.0.0 0.0.0.0 EXTERNE_IP_2

no ip http server

ip http secure-server

!

ip nat pool nat-pool EXTERNE_IP EXTERNE_IP netmask 255.255.255.0

ip nat inside source list 1 pool nat-pool overload

!

access-list 1 permit 10.0.0.0 0.255.255.255

!

control-plane

!

line con 0

no modem enable

line aux 0

line vty 0 4

transport input ssh

transport output ssh

!

scheduler max-task-time 5000

!

end

 

 

Bin für jeden Hinweis dankbar!

Bernhard K.