Cisco 1720 VPN mit VPN Client

[romeo310 10]

Moin Mädels,

 

möchte in meine Konfig eine VPN Verbindung einbauen, um von Remote per Cisco VPN-Client auf mein Netzwerk zugreifen zu können. Habe schon mehrere Ansätze gehabt, leider ohne Erfolg. Kann mir keiner in dem Forum Helfen ?

 

Internet mit Firewall, SIP un dem ganzen Kram klappt, ebenso die RAS Einwahl in mein Netz per ISDN oder AUX Post(Modem analog), nur eben dieser ****e VPN-Client will nicht..............

 

Please HELP !!!!!!!!!!!!!!

 

 

Hier meine Konfig:

 

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname c1720g

!

boot-start-marker

boot-end-marker

!

enable password 7 password

!

memory-size iomem 25

clock timezone MEZ 1

clock summer-time MEZ+1 recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

ip name-server 192.168.10.52

ip dhcp excluded-address 192.168.10.1 192.168.10.249

!

ip dhcp pool standard-clients

network 192.168.10.0 255.255.255.0

dns-server 192.168.10.52 192.168.10.1

default-router 192.168.10.1

domain-name domäne.de

!

ip cef

ip inspect max-incomplete high 1100

ip inspect one-minute high 1100

ip inspect name FastEthernet_0 tcp

ip inspect name FastEthernet_0 udp

ip inspect name FastEthernet_0 cuseeme

ip inspect name FastEthernet_0 ftp

ip inspect name FastEthernet_0 h323

ip inspect name FastEthernet_0 rcmd

ip inspect name FastEthernet_0 realaudio

ip inspect name FastEthernet_0 streamworks

ip inspect name FastEthernet_0 vdolive

ip inspect name FastEthernet_0 sqlnet

ip inspect name FastEthernet_0 tftp

ip inspect name FastEthernet_0 sip

ip audit po max-events 100

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

isdn switch-type basic-net3

!

username localuser password 7 password

!

!

!

!

!

interface BRI0

description connected to Dial-inPCs(ISDN)

no ip address

ip nat inside

encapsulation ppp

dialer rotary-group 3

dialer-group 1

isdn switch-type basic-net3

isdn point-to-point-setup

no cdp enable

!

interface Ethernet0

description connected to Internet

no ip address

half-duplex

pppoe enable

pppoe-client dial-pool-number 1

no keepalive

!

interface FastEthernet0

description connected to EthernetLAN

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip inspect FastEthernet_0 in

ip tcp adjust-mss 1452

speed auto

full-duplex

no keepalive

!

interface Async5

description connected to Dial-inPCs(modem)

ip unnumbered FastEthernet0

ip nat inside

encapsulation ppp

ip tcp header-compression passive

dialer in-band

dialer rotary-group 2

dialer-group 1

async mode dedicated

!

interface Dialer0

no ip address

!

interface Dialer1

description connected to Internet

ip address negotiated

ip access-group 103 in

ip mtu 1492

ip nat outside

ip inspect FastEthernet_0 out

encapsulation ppp

dialer pool 1

dialer-group 2

ppp authentication chap pap callin

ppp chap hostname ispuser

ppp chap password 7 isppassword

ppp pap sent-username ispuser password 7 isppassword

!

interface Dialer2

description connected to Dial-inPCs(modem)

ip unnumbered FastEthernet0

ip access-group 101 in

ip nat inside

encapsulation ppp

ip tcp header-compression passive

dialer in-band

dialer-group 1

peer default ip address pool Cisco1720-Group-2

no cdp enable

ppp authentication chap

!

interface Dialer3

description connected to Dial-inPCs(ISDN)

ip unnumbered FastEthernet0

ip access-group 100 in

ip nat inside

encapsulation ppp

no ip split-horizon

dialer in-band

dialer-group 1

peer default ip address pool Cisco1720-Group-3

no cdp enable

ppp authentication chap pap callin

ppp multilink

!

interface Dialer4

no ip address

!

router rip

version 2

passive-interface Dialer1

network 192.168.10.0

no auto-summary

[romeo310 10]

!

ip local pool Cisco1720-Group-2 192.168.10.250

ip local pool Cisco1720-Group-3 192.168.10.251 192.168.10.252

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static tcp 192.168.10.101 20 interface Dialer1 20

ip nat inside source static tcp 192.168.10.101 21 interface Dialer1 21

ip nat inside source static tcp 192.168.10.52 22 interface Dialer1 22

ip nat inside source static udp 192.168.10.7 5060 interface Dialer1 5060

ip nat inside source static tcp 192.168.10.52 443 interface Dialer1 443

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http authentication local

no ip http secure-server

!

!

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 100 permit udp any eq rip any eq rip

access-list 100 deny ip any any log

access-list 101 permit udp any eq rip any eq rip

access-list 101 deny ip any any log

access-list 102 permit ip any any

access-list 102 deny ip any any log

access-list 103 permit icmp any any echo-reply

access-list 103 permit tcp any any eq 22

access-list 103 permit tcp any any eq ftp

access-list 103 permit tcp any any eq ftp-data

access-list 103 permit udp any eq 5060 any

access-list 103 permit esp any any

access-list 103 permit tcp any any eq 443

access-list 103 deny ip any any log

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

!

banner motd #

*********************************************************

** **

* WARNING ! *

* System ist RESTRICTED to authorized personnell ONLY ! *

* *

* Unauthorized use of this System will be logged and *

* prosecuted to the fullest extent of the law. *

* *

* If you are NOT authorized to use this system *

* LOG OFF NOW ! *

* *

* We fight against SPAM an HACKERS ! *

*********************************************************#

!

line con 0

exec-timeout 0 0

password 7 password

login

line aux 0

login local

modem InOut

transport input all

autoselect during-login

autoselect ppp

stopbits 1

speed 38400

flowcontrol hardware

line vty 0 4

login

!

end

 

Hoffe. es kann mir jemand HELFEN !!!! PLEASE !!!!!!!!!!!!!!!!!!!!!