Potrzebuje małej pomocy w ustaleniu dlaczego nie mogę się podpiąć na port routera za tunelem ipsecowym.
Z samego routera mogę się podpiąc, jednak z komputerów w lanie już nie.
Kod: Zaznacz cały
sh run
Building configuration...
Current configuration : 6585 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname żyrafa
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1199699675
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1199699675
revocation-check none
rsakeypair TP-self-signed-1199699675
!
!
crypto pki certificate chain TP-self-signed-1199699675
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313939 36393936 3735301E 170D3032 30333135 30353338
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31393936
39393637 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A30C 588DD444 4C17E026 077AE454 4458BD87 14D2EC3A 4214D079 4C799B0E
3686D9F8 614BB582 21E7148D 05E9E229 E92C9484 CA957B49 C4A61B91 6346A049
7B18DBB9 11EFE143 314C7788 BAAC8C47 F983734D 11EB1453 08CA8EB5 6F41A5CE
515EF0D8 D579D5BF F54C6DA0 E60EEB78 8C07995E 8C9500B0 131E46C7 674925C2
1B610203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17617564 696F6172 742E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14313D8A 9D8F9C95 658E2A43 0300ED5F 23425A30
25301D06 03551D0E 04160414 313D8A9D 8F9C9565 8E2A4303 00ED5F23 425A3025
300D0609 2A864886 F70D0101 04050003 81810078 35C4264B 75130A44 08E01BF0
3376A2C5 F101D26F D8E0DCCD 5083FDED 307F2DE9 85A10851 63138BAB 551DDAD4
97DBD054 37E7035E 6D25FA8B C9EBFDCC AB4A3070 734DE5A1 D443BC9A 229810E9
71D1C718 8BD037CA 47B35373 5CEE5472 292EEC66 EAA97181 243C8EE1 A3662BAD
65F5C765 ADE20E6D 91D3A85B 49E10D42 937F6F
quit
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 172.18.47.1
!
ip dhcp pool żyrafaDHCP
network 172.18.47.0 255.255.255.0
default-router 172.18.47.1
dns-server 87.204.204.204 62.233.233.233
!
!
no ip domain lookup
ip domain name yourdomain.com
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
username pawel passx
username admin prix
username żyrafa pasx
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 1440
crypto isakmp key x address 195.x
!
!
crypto ipsec transform-set TS esp-aes esp-sha-hmac
crypto ipsec transform-set TS1 ah-sha-hmac esp-aes 256
crypto ipsec transform-set TS2 esp-3des esp-sha-hmac
crypto ipsec transform-set TS3 esp-aes 256 esp-sha-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer 195
set transform-set TS3
set pfs group2
match address VPN-TRAFFIC
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
mac-address 000e.7b98.ad2c
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CMAP
!
interface Virtual-Template1
ip unnumbered FastEthernet4
ip nat inside
ip virtual-reassembly
peer default ip address pool PPTP-Pool
no keepalive
ppp encrypt mppe 128
ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 172.18.47.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool PPTP-Pool 172.18.47.30 172.18.47.35
ip forward-protocol nd
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
!
ip access-list extended VPN-TRAFFIC
permit ip 172.18.47.0 0.0.0.255 172.16.0.0 0.15.255.255
permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.15.255.255
permit gre 172.18.47.0 0.0.0.255 172.16.0.0 0.15.255.255
permit gre 192.168.0.0 0.0.0.255 172.16.0.0 0.15.255.255
!
access-list 23 permit any
access-list 100 deny ip 172.18.47.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 100 deny ip 192.168.0.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 100 permit ip 172.18.47.0 0.0.0.255 any
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
żyrafa#telnet 172.28.31.200 /sou
żyrafa#telnet 172.28.31.200 1723 /sou
żyrafa#telnet 172.28.31.200 1723 /source-interface vla
żyrafa#telnet 172.28.31.200 1723 /source-interface vlan 1
Trying 172.28.31.200, 1723 ... Open
f
[Connection to 172.28.31.200 closed by foreign host]