Vpn Cisco 1841

[micha5576]

Hallo Zusammen,

ich versuche ein VPN mit einem CISCO 1841 (192.168.10.100) und einem Windows 2000 (192.168.10.1) Server zu erstellen. Die externen Clients sollen über (DSL) die Windows VPN einwahl ins Netz kommen. Untenstehende Config ist im CISCO Router vorhanden, auch eine feste IP ist vorhanden. Was muß nun bei den Clients, dem Server und dem Router eingestellt, verändert werden, damit die Einwahl klappt? Vielen Dank... Grüße

Building configuration...

Current configuration : 4219 bytes
!
! Last configuration change at 17:06:04 UTC Wed Nov 21 2007 by michael
! NVRAM config last updated at 11:11:22 UTC Wed Nov 14 2007 by michael
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R01-UHL
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 123456
!
username NNNNN password PPPPP
username NNNNN privilege 15 password PPPPP
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login client local
aaa authorization network client local
aaa session-id common
ip subnet-zero
ip cef
!
!
ip inspect name fw icmp
ip inspect name fw tcp
ip inspect name fw udp
ip inspect name fw ftp
ip inspect name fw sqlnet
ip inspect name fw tftp
ip inspect name fw http
!
!
ip ips po max-events 100
ip domain name domain.mm
no ftp-server write-enable
!
password encryption aes
!
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp client configuration group ciscovpn
key 132456
domain domain2.de
pool vpnclient
crypto isakmp profile vpnclient
match identity group ciscovpn
client authentication list client
isakmp authorization list client
client configuration address initiate
client configuration address respond
!
!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map mymap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.10.100 255.255.255.0
ip access-group inside in
ip inspect fw out
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto tone low
pvc 1/32
pppoe-client dial-pool-number 1
!
!
interface Dialer1
ip address negotiated
ip access-group outside in
ip mtu 1456
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name t-online
dialer idle-timeout 600
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname feste-ip/XXXXX@t-online-com.de
ppp chap password XXXXXXXX
ppp pap sent-username feste-ip/XXXXX@t-online-com.de password XXXXXXXX
ppp ipcp dns request
ppp ipcp wins request
crypto map mymap

[micha5576]

!
ip local pool vpnclient 192.168.111.10 192.168.111.50
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
!
ip access-list extended inside
remark SDM_ACL Category=17
permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq telnet
permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq 22
permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq www
permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq 443
permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.100 eq cmd
deny udp any host 192.168.10.100 eq snmp
permit icmp any any
permit tcp any host 192.168.10.100 eq 443
permit tcp any host 192.168.10.100 eq 22
permit tcp any host 192.168.10.100 eq telnet
ip access-list extended nat
deny ip 192.168.10.0 0.0.0.255 192.168.111.0 0.0.0.255
ip access-list extended outside
remark SDM_ACL Category=17
permit ahp any any
permit icmp any any
permit tcp any any eq 22
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit tcp any host 111.222.333.444 eq 443
!
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
access-class 100 in
privilege level 15
login authentication client
!
end

[micha5576]

Hat niemand einen Tipp oder Rat? .......

[Wordo]

VPN: IPSEC? IPSEC/L2TP? PPTP? Die Clients stehen wo?