Les Forums

Les Forums

Les forums sont fermés. Ils restent présent pour consultation et archivage.
Vous pouvez désormais poser vos questions directement dans les commentaires en bas de chaque page du site.
Alors n'hésitez pas à participer

IPSEC Remote Access

Bonjour tout le monde,

je viens vous voir parce que la je suis a bout de solution, et je pense que avec une vue extérieur sa ira peut être mieux.

Voila mon souci.
J'ai un cisco pix 515E configuré avec un ipsec en remote access.
Quand je lance une connexion depuis l’extérieur, les phase 1 et 2 se déroule bien, je récupère une ip du pool que j'ai configuré.

Le problème est maintenant, c'est que je n'accède a rien sur le Lan.
J'ai essayer de tout ouvrir dans les deux sen, mais sa donne rien.

Alors si vous avez une idée je suis preneur. 🙂
J'ai oublier la conf sa peut être utile 🙂
[code:1:6d6ea620de]
Pix-Exa# sh run
: Saved
:
PIX Version 7.0(7)
!
hostname Pix-Exa
enable password SqQQs/H7ULiFKJgy encrypted
names
dns-guard
!
interface Ethernet0
description WAN
speed 100
duplex full
nameif Wan
security-level 1
ip address 88.x.x.x 255.255.255.0
!
interface Ethernet1
description Lan
speed 100
duplex full
nameif Lan
security-level 50
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet2
description Server
speed 100
duplex full
nameif Server
security-level 100
ip address 192.168.2.254 255.255.255.0
!
passwd SqQQs/H7ULiFKJgy encrypted
ftp mode passive
dns domain-lookup Lan
dns name-server 192.168.2.1
object-group network Lan
description Lan Network
network-object 192.168.0.0 255.255.255.0
object-group network Server
description Server Network
network-object 192.168.2.0 255.255.255.0
object-group network Pool
description Ip du pool_remote
network-object 10.0.0.0 255.255.255.0
access-list Serv extended permit icmp object-group Lan object-group Server
access-list Serv extended permit icmp object-group Server object-group Lan
access-list Serv extended permit udp object-group Lan object-group Server eq domain
access-list Serv extended permit tcp object-group Lan object-group Server eq domain
access-list Serv extended permit tcp object-group Lan object-group Server eq 3389
access-list Serv extended permit tcp host 192.168.2.1 host 212.x.x.x eq domain
access-list Serv extended permit tcp host 192.168.2.1 host 212.x.x.x eq domain
access-list Wan extended permit ip interface Wan any
access-list Wan extended permit icmp interface Wan any
access-list Lan extended permit ip object-group Lan any
access-list Lan extended permit icmp object-group Lan any
access-list nat_serv extended permit tcp host 192.168.2.1 host 212.x.x.x eq domain
access-list nat_serv extended permit tcp host 192.168.2.1 host 212.x.x.x eq domain
access-list no_nat extended permit ip object-group Lan object-group Pool
pager lines 24
logging buffered informational
logging asdm informational
mtu Wan 1500
mtu Lan 1500
mtu Server 1500
ip local pool remote 10.0.0.1-10.0.0.5 mask 255.255.255.0
no asdm history enable
arp timeout 14400
global (Wan) 1 interface
nat (Lan) 0 access-list no_nat
nat (Lan) 1 192.168.0.0 255.255.255.0
nat (Server) 1 access-list nat_serv
access-group Wan in interface Wan
access-group Lan in interface Lan
access-group Serv in interface Server
route Wan 0.0.0.0 0.0.0.0 88.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username test password xxxxxxx encrypted
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set test esp-3des esp-sha-hmac
crypto dynamic-map dyn1 1 set transform-set test
crypto dynamic-map dyn1 1 set reverse-route
crypto map map1 1 ipsec-isakmp dynamic dyn1
crypto map map1 interface Wan
isakmp enable Wan
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive threshold 1800 retry 2
tunnel-group DefaultRAGroup ipsec-attributes
isakmp keepalive threshold 1800 retry 2
tunnel-group test type ipsec-ra
tunnel-group test general-attributes
address-pool remote
tunnel-group test ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 1800 retry 2
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.0.30-192.168.0.60 Lan
dhcpd dns 192.168.2.1
dhcpd lease 604800
dhcpd ping_timeout 50
dhcpd domain test.fr
dhcpd enable Lan
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:20cfe9733d54713a723f096176840299
: end
[/code:1:6d6ea620de]