Dialup-VPN funzt nicht

[Iago1982 10]

Hi Leute!

 

Hab ein Problem mit einem Cisco 1710 Router mit VPN-Funktion. Schaffe es einfach nicht, mich mit einem VPN-Client zu connecten.

!

version 12.2

no parser cache

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname vpna

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

aaa session-id common

enable secret 5 *

enable password 7 *

!

username admin privilege 15 password 7 *

memory-size iomem 15

ip subnet-zero

!

!

ip domain-name testdomain.at

ip name-server 192.168.0.93

!

ip inspect name fw tcp

ip inspect name fw udp

ip inspect name fw ftp

ip audit notify log

ip audit po max-events 100

ip ssh time-out 120

ip ssh authentication-retries 3

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

lifetime 28000

!

crypto isakmp client configuration group dialupclient

key *

dns 192.168.0.93

domain rstahl.at

pool dialup

!

!

crypto ipsec transform-set router-set esp-3des esp-sha-hmac

!

crypto dynamic-map dialup 30

set transform-set router-set

!

!

crypto map router 30 ipsec-isakmp dynamic dialup

!

crypto map dialup client configuration address initiate

crypto map dialup client configuration address respond

!

!

!

!

interface Ethernet0

ip address 8.9.1.2 255.255.255.252

ip access-group 100 in

ip nat outside

ip inspect fw out

load-interval 30

half-duplex

no cdp enable

crypto map router

!

interface FastEthernet0

ip address 192.168.0.150 255.255.255.0

ip access-group 103 in

ip nat inside

ip inspect fw in

speed auto

no cdp enable

!

ip local pool dialup 192.168.10.10 192.168.10.50

ip nat inside source list 101 interface Ethernet0 overload

ip nat inside source static tcp 192.168.0.91 25 interface Ethernet0 25

ip classless

ip route 0.0.0.0 0.0.0.0 3.4.5.6

no ip http server

ip pim bidir-enable

!

!

access-list 100 deny ip host 5.6.7.8 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 deny ip 224.0.0.0 15.255.255.255 any

access-list 100 deny ip 10.0.0.0 0.255.255.255 any

access-list 100 deny ip 172.16.0.0 0.15.255.255 any

access-list 100 deny ip 192.168.0.0 0.0.255.255 any

access-list 100 permit icmp any any echo

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any unreachable

access-list 100 permit icmp any any time-exceeded

access-list 100 permit tcp any host 5.6.7.8 eq smtp

access-list 100 permit tcp host 25.1.3.4 host 5.6.7.8 eq 22

access-list 100 permit tcp host 25.1.3.4 host 5.6.7.8 eq telnet

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

access-list 103 permit ip 192.168.0.0 0.0.0.255 host 192.168.0.150

access-list 103 permit udp 192.168.0.0 0.0.0.255 any eq domain

access-list 103 permit tcp host 192.168.0.91 any eq smtp

access-list 103 permit tcp host 192.168.0.91 eq smtp any

access-list 103 permit icmp 192.168.0.0 0.0.0.255 any echo

access-list 103 permit icmp 192.168.0.0 0.0.0.255 any echo-reply

access-list 103 permit tcp 192.168.0.0 0.0.0.255 any eq telnet

access-list 103 permit tcp 192.168.0.0 0.0.0.255 any eq www

access-list 103 permit tcp 192.168.0.0 0.0.0.255 any eq 443

access-list 103 permit tcp 192.168.0.0 0.0.0.255 any eq ftp

access-list 103 permit tcp 192.168.0.0 0.0.0.255 any eq 3048

access-list 103 permit tcp 192.168.0.0 0.0.0.255 any eq 1494

access-list 103 permit tcp 192.168.0.0 0.0.0.255 any eq 3389

access-list 103 permit ip host 195.170.70.45 any

access-list 103 permit ip host 194.118.42.19 any

access-list 103 permit tcp 192.168.0.0 0.0.0.255 any eq 8000

access-list 113 permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255

no cdp run

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password 7 *

line vty 5 15

!

no scheduler allocate

end

 

Danke im Voraus für eure Hilfe.

Lg

Michael

[Iago1982 10]

Hi Leute!

 

Hat keiner von euch ne Ahnung, warum es nicht funktioniert?

 

Danke und Lg

Michael