Les forums sont fermés. Ils restent présent pour consultation et archivage.
Vous pouvez désormais poser vos questions directement dans les commentaires en bas de chaque page du site.
Alors n'hésitez pas à participer

IPSEC Remote Access

Bonjour tout le monde, je viens vous voir parce que la je suis a bout de solution, et je pense que avec une vue extérieur sa ira peut être mieux. Voila mon souci. J'ai un cisco pix 515E configuré avec un ipsec en remote access. Quand je lance une connexion depuis l’extérieur, les phase 1 et 2 se déroule bien, je récupère une ip du pool que j'ai configuré. Le problème est maintenant, c'est que je n'accède a rien sur le Lan. J'ai essayer de tout ouvrir dans les deux sen, mais sa donne rien. Alors si vous avez une idée je suis preneur. 🙂

J'ai oublier la conf sa peut être utile 🙂 [code:1:6d6ea620de] Pix-Exa# sh run : Saved : PIX Version 7.0(7) ! hostname Pix-Exa enable password SqQQs/H7ULiFKJgy encrypted names dns-guard ! interface Ethernet0 description WAN speed 100 duplex full nameif Wan security-level 1 ip address 88.x.x.x 255.255.255.0 ! interface Ethernet1 description Lan speed 100 duplex full nameif Lan security-level 50 ip address 192.168.0.1 255.255.255.0 ! interface Ethernet2 description Server speed 100 duplex full nameif Server security-level 100 ip address 192.168.2.254 255.255.255.0 ! passwd SqQQs/H7ULiFKJgy encrypted ftp mode passive dns domain-lookup Lan dns name-server 192.168.2.1 object-group network Lan description Lan Network network-object 192.168.0.0 255.255.255.0 object-group network Server description Server Network network-object 192.168.2.0 255.255.255.0 object-group network Pool description Ip du pool_remote network-object 10.0.0.0 255.255.255.0 access-list Serv extended permit icmp object-group Lan object-group Server access-list Serv extended permit icmp object-group Server object-group Lan access-list Serv extended permit udp object-group Lan object-group Server eq domain access-list Serv extended permit tcp object-group Lan object-group Server eq domain access-list Serv extended permit tcp object-group Lan object-group Server eq 3389 access-list Serv extended permit tcp host 192.168.2.1 host 212.x.x.x eq domain access-list Serv extended permit tcp host 192.168.2.1 host 212.x.x.x eq domain access-list Wan extended permit ip interface Wan any access-list Wan extended permit icmp interface Wan any access-list Lan extended permit ip object-group Lan any access-list Lan extended permit icmp object-group Lan any access-list nat_serv extended permit tcp host 192.168.2.1 host 212.x.x.x eq domain access-list nat_serv extended permit tcp host 192.168.2.1 host 212.x.x.x eq domain access-list no_nat extended permit ip object-group Lan object-group Pool pager lines 24 logging buffered informational logging asdm informational mtu Wan 1500 mtu Lan 1500 mtu Server 1500 ip local pool remote 10.0.0.1-10.0.0.5 mask 255.255.255.0 no asdm history enable arp timeout 14400 global (Wan) 1 interface nat (Lan) 0 access-list no_nat nat (Lan) 1 192.168.0.0 255.255.255.0 nat (Server) 1 access-list nat_serv access-group Wan in interface Wan access-group Lan in interface Lan access-group Serv in interface Server route Wan 0.0.0.0 0.0.0.0 88.x.x.x 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username test password xxxxxxx encrypted no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set test esp-3des esp-sha-hmac crypto dynamic-map dyn1 1 set transform-set test crypto dynamic-map dyn1 1 set reverse-route crypto map map1 1 ipsec-isakmp dynamic dyn1 crypto map map1 interface Wan isakmp enable Wan isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash sha isakmp policy 1 group 2 isakmp policy 1 lifetime 86400 tunnel-group DefaultL2LGroup ipsec-attributes isakmp keepalive threshold 1800 retry 2 tunnel-group DefaultRAGroup ipsec-attributes isakmp keepalive threshold 1800 retry 2 tunnel-group test type ipsec-ra tunnel-group test general-attributes address-pool remote tunnel-group test ipsec-attributes pre-shared-key * isakmp keepalive threshold 1800 retry 2 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.0.30-192.168.0.60 Lan dhcpd dns 192.168.2.1 dhcpd lease 604800 dhcpd ping_timeout 50 dhcpd domain test.fr dhcpd enable Lan ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global Cryptochecksum:20cfe9733d54713a723f096176840299 : end [/code:1:6d6ea620de]