Les forums sont fermés. Ils restent présent pour consultation et archivage.
Vous pouvez désormais poser vos questions directement dans les commentaires en bas de chaque page du site.
Alors n'hésitez pas à participer

ASA 5505 - Problème VPN SSL

Voila bonjour à tous, c'est mon premier message parmi vous; et malheureusemement c'est déja un message d'aide lol (pas très cool)! Voila je bosse sur un ASA 5505 je dois constituer un VPN SSL, qui est plus ou moins fait le tunnel SSL se constituant. Mais par contre quand le tunnel est constitué pas moyen de pinger d'un bout à l'autre (d'une adresse dans le plan d'adressage OUTSIDE à une adresse dans le plan d'adressage INSIDE) Que faire pourquoi ça ne marche pas?? SI qqn ne peut aider. je suis à cours de réponse, je vous poste la config ASA Version 8.0(4) ! hostname ASA5505 domain-name cisco.com enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.220 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 172.25.25.150 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! boot system disk0:/asa804-k8.bin ftp mode passive clock timezone CEST 1 clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00 dns server-group DefaultDNS domain-name cisco.com same-security-traffic permit inter-interface access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 an y access-list inside_nat0_outbound extended permit ip any 192.168.1.64 255.255.255 .192 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool pool-vpn-clients 192.168.1.80-192.168.1.100 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any outside asdm image disk0:/asdm-61551.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy nac-policy DfltGrpPolicy-nac-framework-create nac-framework reval-period 36000 sq-period 300 http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000 crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet timeout 5 ssh 172.25.25.0 255.255.255.0 outside ssh timeout 5 console timeout 0 vpdn group PPPoE_group request dialout pppoe vpdn group PPPoE_group localname PPPoE_asa vpdn group PPPoE_group ppp authentication chap vpdn username PPPoE_asa password ********* threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn port 4433 enable inside enable outside svc image disk0:/sslclient-win-1.1.0.154.pkg 1 svc image disk0:/anyconnectwin210148k9.pkg 2 svc enable group-policy TunnelIPSec internal group-policy TunnelIPSec attributes vpn-tunnel-protocol IPSec default-domain value cisco.com group-policy DfltGrpPolicy attributes vpn-idle-timeout 3 vpn-session-timeout 60 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn nac-settings value DfltGrpPolicy-nac-framework-create webvpn url-list value remote-users svc keepalive none svc dpd-interval client none svc dpd-interval gateway none customization value DfltCustomization auto-signon allow uri ftp://test-win2003.seculab.com auth-type ftp group-policy gpAnyConnect internal group-policy gpAnyConnect attributes vpn-session-timeout 60 vpn-tunnel-protocol svc group-policy gpVPNSSL internal group-policy gpVPNSSL attributes vpn-idle-timeout 2 vpn-session-timeout 60 vpn-tunnel-protocol webvpn group-policy politique-vpn-anyconnect internal group-policy politique-vpn-anyconnect attributes vpn-tunnel-protocol l2tp-ipsec svc address-pools value pool-vpn-clients group-policy Policy1 internal group-policy Policy1 attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn webvpn svc keep-installer installed svc rekey time 30 svc rekey method ssl svc ask enable group-policy Policy2 internal group-policy Policy2 attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn svc keep-installer installed svc dpd-interval client 500 svc dpd-interval gateway 500 svc ask none default svc username remibaroth password LgtyZVYc9OUo9Vvo encrypted privilege 0 username remibaroth attributes vpn-group-policy politique-vpn-anyconnect username remixx password LgtyZVYc9OUo9Vvo encrypted privilege 0 username remixx attributes vpn-group-policy gpVPNSSL webvpn url-list value remixx-bookmark customization value remixx-portal username cisco password 3USUcOPFUiMCO4Jk encrypted tunnel-group DefaultWEBVPNGroup general-attributes address-pool CorporateNet default-group-policy Policy1 tunnel-group TunnelGroup type remote-access tunnel-group TunnelGroup general-attributes address-pool CorporateNet default-group-policy Policy2 tunnel-group vpn-ssl type remote-access tunnel-group vpn-ssl-mars type remote-access tunnel-group annyconnect-VPN type remote-access tunnel-group annyconnect-VPN general-attributes address-pool pool-vpn-clients default-group-policy politique-vpn-anyconnect tunnel-group TunnelIPSec type remote-access tunnel-group TunnelIPSec general-attributes address-pool pool-vpn-clients default-group-policy TunnelIPSec tunnel-group TunnelIPSec ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect icmp ! service-policy global_policy global prompt hostname context Cryptochecksum:b009cde43445862ae9fa788f71f01bf3 : end