Les forums sont fermés. Ils restent présent pour consultation et archivage.
Vous pouvez désormais poser vos questions directement dans les commentaires en bas de chaque page du site.
Alors n'hésitez pas à participer

Probléme TSE avec DMVPN

Bonjour, J'ai evoluer mon réseau vpn avec mes agences en utilisant du vpn dynamique (DMVPN) sur tous mes sites j'ai du sdsl sauf sur celui qui me pose probleme (adsl 512). Quand je lance une session TSE de mon site distant qui pose probleme vers le serveur du siège, je vois bien que le PC trouve mon serveur TSE mais n'avance rien et je n'arrive pas à aller jusque login/password Par-contre si de ce site j'utilise un client vpn pptp sur le pc, je n'ai pas de problème ca marche. Avec mon ancien tunnel vpn site à site (avec du sonicwall) je n'avais pas de problème non plus. Quelqu'un peut-il m'aider. Merci. Current configuration : 10529 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ??_??_?? ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 ???????????? ! no aaa new-model ! crypto pki trustpoint TP-self-signed-????? enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-????? revocation-check none rsakeypair TP-self-signed-????? ! ! crypto pki certificate chain TP-self-signed-????? certificate self-signed 01 ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? ???????? quit dot11 syslog ! dot11 ssid ???????? vlan 222 authentication open authentication key-management wpa optional guest-mode infrastructure-ssid optional wpa-psk ascii 7 ????????????? ! ip cef ! ! ! ! ip name-server 80.10.246.2 ip name-server 80.10.246.129 ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ! multilink bundle-name authenticated ! ! username Adminrt privilege 15 password 7 ?????? ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key ????? address 0.0.0.0 0.0.0.0 crypto isakmp keepalive 10 periodic ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac mode transport crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac mode transport ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA ! crypto ipsec profile SDM_Profile2 set transform-set ESP-3DES-SHA1 ! ! archive log config hidekeys ! ! ! class-map match-any SDMVoice-Dialer0 match protocol rtp audio class-map match-any SDMTrans-Dialer0 match protocol citrix match protocol finger match protocol notes match protocol novadigm match protocol pcanywhere match protocol secure-telnet match protocol sqlnet match protocol sqlserver match protocol ssh match protocol telnet match protocol xwindows class-map match-any SDMScave-Dialer0 match protocol fasttrack match protocol gnutella class-map match-any SDMBulk-Dialer0 match protocol exchange match protocol ftp match protocol irc match protocol nntp match protocol pop3 match protocol printer match protocol secure-ftp match protocol secure-irc match protocol secure-nntp match protocol secure-pop3 match protocol smtp match protocol tftp class-map match-any SDMRout-Dialer0 match protocol bgp match protocol eigrp match protocol ospf match protocol rip match protocol rsvp class-map match-any SDMSignal-Dialer0 match protocol h323 match protocol rtcp class-map match-any SDMManage-Dialer0 match protocol dhcp match protocol dns match protocol imap match protocol kerberos match protocol ldap match protocol secure-imap match protocol secure-ldap match protocol snmp match protocol socks match protocol syslog class-map match-any SDMIVideo-Dialer0 match protocol rtp video class-map match-any SDMSVideo-Dialer0 match protocol cuseeme match protocol netshow match protocol rtsp match protocol streamwork match protocol vdolive ! ! policy-map SDM-Pol-Dialer0 class SDMManage-Dialer0 set dscp cs2 class SDMSignal-Dialer0 bandwidth remaining percent 2 set dscp cs3 compress header ip tcp class SDMRout-Dialer0 set dscp cs6 class SDMTrans-Dialer0 bandwidth remaining percent 4 set dscp af21 class SDMVoice-Dialer0 priority percent 32 set dscp ef compress header ip ! ! bridge irb ! ! interface Tunnel0 bandwidth 1000 ip address 192.168.254.8 255.255.255.0 no ip redirects ip mtu 1400 ip nhrp authentication DMVPN_NW ip nhrp map 192.168.254.2 A.A.A.A ip nhrp map 192.168.254.1 B.B.B.B ip nhrp map multicast A.A.A.A ip nhrp map multicast B.B.B.B ip nhrp network-id 100000 ip nhrp holdtime 360 ip nhrp nhs 192.168.254.1 ip nhrp nhs 192.168.254.2 ip tcp adjust-mss 1360 delay 1000 qos pre-classify keepalive 10 3 tunnel source Dialer0 tunnel mode gre multipoint tunnel key 100000 tunnel protection ipsec profile SDM_Profile2 ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 8/35 oam-pvc manage pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 switchport access vlan 222 switchport voice vlan 100 ! interface FastEthernet1 switchport access vlan 222 switchport voice vlan 100 ! interface FastEthernet2 switchport access vlan 222 switchport voice vlan 100 ! interface FastEthernet3 switchport access vlan 222 switchport voice vlan 100 ! interface Dot11Radio0 no ip address ! encryption vlan 222 mode ciphers tkip wep128 ! ssid ???????? ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.222 encapsulation dot1Q 222 native bridge-group 222 bridge-group 222 subscriber-loop-control bridge-group 222 spanning-disabled bridge-group 222 block-unknown-source no bridge-group 222 source-learning no bridge-group 222 unicast-flooding ! interface Vlan1 no ip address shutdown ! interface Vlan222 description $FW_INSIDE$ no ip address bridge-group 222 ! interface Vlan100 description $FW_INSIDE$ ip address C.C.C.C 255.255.255.192 ip access-group 100 in ip helper-address H.H.H.H ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip access-group 103 in ip mtu 1452 ip nbar protocol-discovery ip nat outside ip inspect SDM_LOW out ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname fti/?????? ppp chap password 7 ?????????? ppp pap sent-username fti/?????? password 7 ?????????? service-policy output SDM-Pol-Dialer0 ! interface BVI222 description $FW_INSIDE$ ip address D.D.D.D 255.255.255.192 ip access-group 101 in ip helper-address H.H.H.H ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! router eigrp 99 network D.D.D.0 0.0.0.63 network C.C.C.0 0.0.0.63 network 192.168.254.0 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ! access-list 1 remark INSIDE_IF=Vlan access-list 1 remark SDM_ACL Category=2 access-list 1 permit D.D.D.0 0.0.0.63 access-list 1 permit C.C.C.0 0.0.0.63 access-list 23 permit any access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip D.D.D.0 0.0.0.63 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 deny ip C.C.C.0 0.0.0.63 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 permit ip any any access-list 103 remark auto generated by SDM firewall configuration access-list 103 remark SDM_ACL Category=1 access-list 103 permit udp any any eq non500-isakmp access-list 103 permit udp any any eq isakmp access-list 103 permit esp any any access-list 103 permit ahp any any access-list 103 permit gre any any access-list 103 permit udp host 80.10.246.129 eq domain any access-list 103 permit udp host 80.10.246.2 eq domain any access-list 103 deny ip D.D.D.0 0.0.0.63 any access-list 103 deny ip C.C.C.0 0.0.0.63 any access-list 103 permit udp any eq bootps any eq bootps access-list 103 permit icmp any any echo-reply access-list 103 permit icmp any any time-exceeded access-list 103 permit icmp any any unreachable access-list 103 permit tcp any any eq 443 access-list 103 permit tcp any any eq 22 access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip D.D.0.0 0.15.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any access-list 103 deny ip 127.0.0.0 0.255.255.255 any access-list 103 deny ip host 255.255.255.255 any access-list 103 deny ip host 0.0.0.0 any access-list 103 deny ip any any log dialer-list 1 protocol ip permit ! ! ! ! control-plane ! bridge 222 protocol ieee bridge 222 route ip ! line con 0 login local ! ! ! control-plane ! bridge 222 protocol ieee bridge 222 route ip ! line con 0 login local no modem enable transport output all line aux 0 transport output all line vty 0 4 access-class 23 in privilege level 15 login local transport input telnet ssh transport output all ! scheduler max-task-time 5000 end