Les forums sont fermés. Ils restent présent pour consultation et archivage.
Vous pouvez désormais poser vos questions directement dans les commentaires en bas de chaque page du site.
Alors n'hésitez pas à participer

Radiologie - Probleme VPN CISCO 877

Bonjour, Je vous expose mon problème : réseau local : 192.168.20.0/24 Réseau distant : 194.138.xxx.xxx/7 tunnel VPN : OK Adresse IP autorisées sur site distant : 192.168.20.112-113 Ping réseau local vers réseau distant : OK Ping réseau distant vers réseau local : KO le réseau distant a surtout besoin d'accéder au port 80 de 112 et 113 Pour le réseau distant n'arrive pas à contacter le réseau local ? voici la conf : j'ai retiré le pas utile et remplacer le confidentiel par xxxxx ! hostname yourname ! boot-start-marker boot-end-marker ! logging buffered 51200 ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local aaa authorization network sdm_vpn_group_ml_2 local ! ! no ip dhcp use vrf connected ! ip dhcp pool sdm-pool1 import all network 192.168.20.0 255.255.255.0 dns-server 80.10.246.2 default-router 192.168.20.240 lease infinite ! ! ip domain name yourdomain.com ip name-server 80.10.246.2 ip name-server 80.10.246.129 ip inspect log drop-pkt ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ! multilink bundle-name authenticated ! ! username xxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxx ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key xxxxxxxxxxxx address 194.138.xxx.xxx ! ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA1 set isakmp-profile sdm-ike-profile-1 ! ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to194.138.xxx.xxx set peer 194.138.xxx.xxxx set security-association lifetime seconds 86400 set transform-set ESP-3DES-SHA1 match address client ! archive log config hidekeys ! ! ! ! ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point ip nat inside ip virtual-reassembly pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Virtual-Template2 type tunnel ip unnumbered Dialer0 tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ ip address 192.168.20.240 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip nat outside ip inspect SDM_LOW out ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin crypto map SDM_CMAP_1 ! no ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ! ip access-list extended client remark SDM_ACL Category=4 permit ip host 192.168.20.112 194.138.xxx.xxx 0.0.0.7 log permit ip host 192.168.20.113 194.138.xxx.xxx 0.0.0.7 log permit ip 194.138.xxx.xxx 0.0.0.7 host 192.168.20.112 log permit ip 194.138.xxx.xxx 0.0.0.7 host 192.168.20.113 log ! access-list 100 remark SDM_ACL Category=1 access-list 100 remark auto generated by SDM firewall configuration access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip host 192.168.20.112 194.138.xxx.xxx 0.0.0.7 log access-list 100 permit ip host 192.168.20.113 194.138.xxx.xxx 0.0.0.7 log access-list 100 permit ip any any log access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip host 192.168.20.113 194.138.xxx.xxx 0.0.0.7 log access-list 101 permit ip host 192.168.20.112 194.138.xxx.xxx 0.0.0.7 log access-list 101 permit ip 194.138.xxx.xxx 0.0.0.7 host 192.168.20.113 log access-list 101 permit ip 194.138.xxx.xxx 0.0.0.7 host 192.168.20.112 log access-list 101 permit udp host 194.138.xxx.xxx any eq non500-isakmp access-list 101 permit udp host 194.138.xxx.xxx any eq isakmp access-list 101 permit esp host 194.138.xxx.xxx any access-list 101 permit ahp host 194.138.xxx.xxx any access-list 101 deny ip 192.168.20.0 0.0.0.255 any access-list 101 remark auto generated by SDM firewall configuration access-list 101 permit tcp any any eq 1433 access-list 101 permit udp any any eq non500-isakmp access-list 101 permit udp any any eq isakmp access-list 101 permit esp any any access-list 101 permit ahp any any access-list 101 permit udp host 80.10.246.129 eq domain any access-list 101 permit udp host 80.10.246.2 eq domain any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any log access-list 103 remark SDM_ACL Category=2 access-list 103 deny ip 194.138.xxx.xxx 0.0.0.7 host 192.168.20.113 log access-list 103 deny ip 194.138.xxx.xxx 0.0.0.7 host 192.168.20.112 log access-list 103 deny ip host 192.168.20.113 194.138.xxx.xxx 0.0.0.7 log access-list 103 deny ip host 192.168.20.112 194.138.xxx.xxx 0.0.0.7 log access-list 103 permit ip 192.168.20.0 0.0.0.255 any log dialer-list 1 protocol ip permit no cdp run ! ! ! route-map SDM_RMAP_1 permit 1 match ip address 103 ! MERCI

Un traceroute du reseau distant au reseau local donne quoi ? Est ce que le reseau distant possede une route vers le reseau local (sh ip route | i 192.168.20.112 ) ?