High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Besoin d'aide pour faire un VPN sur CISCO !

Dernière réponse le 19 jui 2009 à 10:50:55 hAdEsS, le 22 nov 2008 à 19:21:21 
 Signaler ce message aux modérateurs

Bonjour,

Voila depuis quelques temps j'ai mis en place un réseaux avec routeur CISCO 871, comprenant le service VPN.

Mon problème est que je n'arrive désespérément pas à configurer mon VPN (avec Easy VPN Server) pour qu'un utilisateur Nomade puisse accéder au réseaux de l'entreprise.

Es que qu'une personne charitable ayant déjà effectuer se genre de manip pourrait me mp ou m'aide à résoudre mon problème ?

Merci

Je vous poste la conf de mon routeur : 

Building configuration...

Current configuration : 14704 bytes
!
! Last configuration change at 19:18:12 PCTime Sat Nov 22 2008 by admin
! NVRAM config last updated at 19:16:33 PCTime Sat Nov 22 2008 by admin
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 ****.
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec local_author local 
aaa authorization network sdm_vpn_group_ml_1 local 
!
!
aaa session-id common
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2409708405
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2409708405
 revocation-check none
 rsakeypair TP-self-signed-2409708405
!
crypto pki trustpoint tti
 revocation-check crl
 rsakeypair tti
!
!
crypto pki certificate chain TP-self-signed-2409708405
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32343039 37303834 3035301E 170D3038 31313038 31363132 
  33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34303937 
  30383430 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100A08A 9AAE6DFB D291C0FB 3912AA27 A39F9EA1 B5F69989 4975E03F 71EFDDDE 
  8B3F2DAF 72566D66 29D0D425 BF9A926B 4CB68103 75254496 9D1A5F2E FB54C461 
  E2ADFA17 7ED55223 0585F3D7 B58A088E 7612B369 F096A94A F35F254D 957AE36B 
  AC7AE2EB EBCC81EB 14C3165A 08C1D148 9020398C E05D831D A3A05B31 0E956C2F 
  70ED0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 
  301F0603 551D2304 18301680 142B372E 7D0334DB 44E1E656 A6C1DD1C 36335333 
  46301D06 03551D0E 04160414 2B372E7D 0334DB44 E1E656A6 C1DD1C36 33533346 
  300D0609 2A864886 F70D0101 04050003 8181008C 2768B337 8A59F6C9 C6B258FD 
  3650E6DE 27A5D3B7 82FAD9F6 B3928829 0F133808 B8740B83 62154A1F DF182898 
  CEF49456 70596A6C E055CE3D 3FB59C62 E68C2FC7 118E673E 3D9735A3 B093EA95 
  F3B2269F DA0167FE 4849BD0E CBAEA3B0 5BCA48B5 C9444725 A5A3CE6E 8A07D737 
  E89B15C6 1586BB44 ABE6A26D 8B55FD45 28DE18
  	quit
crypto pki certificate chain tti
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.51 192.168.1.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.254 
   domain-name fasiladom
   dns-server 192.168.1.1 192.168.10.254 
!
!
no ip bootp server
ip domain name fasiladom.dom
ip name-server 192.168.10.254
ip name-server 192.168.1.1
!
!
!
username admin privilege 15 secret 5 pass_admin
username nomade privilege 15 view SDM_EasyVPN_Remote secret 5 $pass_nomade
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group nomade
 key nomade
 dns 192.168.10.254
 domain fasiladom
 pool SDM_POOL_1
 include-local-lan
 netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
   match identity group nomade
   client authentication list sdm_vpn_xauth_ml_1
   isakmp authorization list sdm_vpn_group_ml_1
   client configuration address initiate
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
!
crypto ipsec profile SDM_Profile1
 set transform-set ESP-3DES-SHA 
 set isakmp-profile sdm-ike-profile-1
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_IP
 match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
 match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-invalid-src
 match access-group 100
class-map type inspect match-all sdm-icmp-access
 match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-protocol-http
 match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
 class type inspect sdm-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-inspect
 class type inspect sdm-invalid-src
  drop log
 class type inspect sdm-insp-traffic
  inspect
 class type inspect sdm-protocol-http
  inspect
 class class-default
policy-map type inspect sdm-permit
 class type inspect SDM_EASY_VPN_SERVER_PT
  pass
 class class-default
policy-map type inspect sdm-permit-ip
 class type inspect SDM_IP
  pass
 class class-default
  drop log
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
 service-policy type inspect sdm-permit-ip
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 ip address 192.168.10.1 255.255.255.0
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 ip route-cache flow
 duplex auto
 speed auto
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet4
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip route-cache flow
 ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.10.254
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended SDM_AH
 remark SDM_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark SDM_ACL Category=1
 permit esp any any
ip access-list extended SDM_IP
 remark SDM_ACL Category=1
 permit ip any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 remark VTY Access-class list
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 deny   ip any any
access-list 105 remark SSH ACL
access-list 105 remark SDM_ACL Category=1
access-list 105 remark ss
access-list 105 permit udp any any
access-list 105 remark connexion externe
access-list 105 permit ip any any
no cdp run
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
------------------------------------------------------------­-----------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login authentication local_authen
 no modem enable
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 3
 access-class 101 in
 access-class 105 out
 authorization exec local_author
 login authentication local_authen
 length 0
 transport input telnet ssh
 transport output ssh
line vty 4
 access-class 101 in
 access-class 105 out
 authorization exec local_author
 login authentication local_authen
 length 0
 transport input telnet ssh
 transport output ssh
parser view SDM_EasyVPN_Remote
 secret 5 ****.
! Last configuration change at 19:18:12 PCTime Sat Nov 22 2008 by admin
! NVRAM config last updated at 19:16:33 PCTime Sat Nov 22 2008 by admin
!
! Last configuration change at 19:18:12 PCTime Sat Nov 22 2008 by admin
! NVRAM config last updated at 19:16:33 PCTime Sat Nov 22 2008 by admin
!
! Last configuration change at 19:18:12 PCTime Sat Nov 22 2008 by admin
! NVRAM config last updated at 19:16:33 PCTime Sat Nov 22 2008 by admin
!
 commands interface include all crypto
 commands interface include all no crypto
 commands interface include no
 commands configure include end
 commands configure include all radius-server
 commands configure include all access-list
 commands configure include ip radius source-interface
 commands configure include ip radius
 commands configure include all ip nat
 commands configure include ip dns server
 commands configure include ip dns
 commands configure include all interface
 commands configure include all identity policy
 commands configure include identity profile
 commands configure include identity
 commands configure include all dot1x
 commands configure include all ip domain lookup
 commands configure include ip domain
 commands configure include ip
 commands configure include all crypto
 commands configure include all aaa
 commands configure include default end
 commands configure include all default radius-server
 commands configure include all default access-list
 commands configure include default ip radius source-interface
 commands configure include default ip radius
 commands configure include all default ip nat
 commands configure include default ip dns server
 commands configure include default ip dns
 commands configure include all default interface
 commands configure include all default identity policy
 commands configure include default identity profile
 commands configure include default identity
 commands configure include all default dot1x
 commands configure include all default ip domain lookup
 commands configure include default ip domain
 commands configure include default ip
 commands configure include all default crypto
 commands configure include all default aaa
 commands configure include default
 commands configure include no end
 commands configure include all no radius-server
 commands configure include all no access-list
 commands configure include no ip radius source-interface
 commands configure include no ip radius
 commands configure include all no ip nat
 commands configure include no ip dns server
 commands configure include no ip dns
 commands configure include all no interface
 commands configure include all no identity policy
 commands configure include no identity profile
 commands configure include no identity
 commands configure include all no dot1x
 commands configure include all no ip domain lookup
 commands configure include no ip domain
 commands configure include no ip
 commands configure include all no crypto
 commands configure include all no aaa
 commands configure include no
 commands exec include dir all-filesystems
 commands exec include dir
 commands exec include crypto ipsec client ezvpn connect
 commands exec include crypto ipsec client ezvpn xauth
 commands exec include crypto ipsec client ezvpn
 commands exec include crypto ipsec client
 commands exec include crypto ipsec
 commands exec include crypto
 commands exec include write memory
 commands exec include write
 commands exec include all ping ip
 commands exec include ping
 commands exec include configure terminal
 commands exec include configure
 commands exec include all show
 commands exec include no
 commands exec include all debug appfw
 commands exec include all debug ip inspect
 commands exec include debug ip
 commands exec include debug
 commands exec include all clear
!
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end


Configuration: Windows 2003
Firefox 3.0.4

Meilleures réponses pour « Besoin d'aide pour faire un VPN sur CISCO ! » dans :
Routeurs Cisco: Paramètres de base VoirIntroduction Cet article a pour but d'expliquer simplement les bases de la configuration et de l'administration de routeurs Cisco. Des connaissances sur la fonction d'un routeur et les protocoles de routage sont nécessaires pour la lecture de cet...
Relier deux PC distants via Internet en créant un VPN VoirSi vous souhaitez pouvoir partager des documents ou jouer en réseau à distance à travers Internet, comme si vous étiez en réseau local, il vous suffit de créer un réseau privé virtuel (VPN), Un réseau privé virtuel est dit virtuel car il relie...
Installer un serveur VPN sous Windows XP VoirIntérêt d'un VPN La mise en place d'un réseau privé virtuel permet de connecter de façon sécurisée des ordinateurs distants au travers d'une liaison non fiable (Internet), comme s'ils étaient sur le même réseau local. Ce procédé est utilisé par de...
Installer un serveur VPN sous Windows XP VoirIntérêt d'un VPN La mise en place d'un réseau privé virtuel permet de connecter de façon sécurisée des ordinateurs distants au travers d'une liaison non fiable (Internet), comme s'ils étaient sur le même réseau local. Ce procédé est utilisé par de...
Posez votre question Répondre

1

moris007, le 22 nov 2008 à 22:45:39
  • +1

Ton serveur vpn est sous quel OS?

   
Répondre à moris007

2

 svcadg11, le 19 jui 2009 à 10:50:55
  • +3

Un peu tardn mais au cas ou, la cryptomap est manquante !

   
Répondre à svcadg11
Posez votre question Répondre
Ils ont besoin de votre aide