szmtag
Router-Forum.deROUTER-FOREN (ALPHABETISCH SORTIERT NACH HERSTELLERN)Cisco › Cisco 871w Router und VPN?

Cisco 871w Router und VPN?

 | Cisco


» Hallo Gast [anmelden|registrieren]

Gehe zu:
Neues Thema erstellen Antwort erstellen

Beitrag «Cisco 800 series Router - SDM Interface aktivieren, aber wie? | Ändern der Einwahl-Nummer »
alkumuc
Starter


Dabei seit: 10.Sep.2007
Beiträge: 6

Cisco 871w Router und VPN? Auf diesen Beitrag antworten Zitatantwort auf diesen Beitrag erstellen Diesen Beitrag editieren/löschen Diesen Beitrag einem Moderator melden

Hallo liebes Forum,
seit einigen Tagen versuche ich jetzt schon eine VPN-Verbindung über den Cisco 871 Router auf einen Windows Small Business Server 2003 zu erstellen.
Über das lokale Netzwerk kann ich eine Verbindung zum VPN erfolgreich durchführen, nur wenn ich versuch über das Interenet mich einzuwählen klappt es nicht.
Deshalb behaupte ich jetzt einfach mal das es an der Router Configuration liegt.
Hier ist die running-config:

____________________________________
Building configuration...

Current configuration : 9938 bytes
!
! Last configuration change at 12:31:00 CEST Mon Sep 17 2007
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezo
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
logging count
logging snmp-authfail
logging userinfo
logging buffered 51200 debugging
logging reload debugging
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default group tacacs+ enable
aaa authentication ppp default local
aaa authorization exec default group tacacs+ none
aaa accounting update periodic 5
aaa accounting exec default start-stop group tacacs+
!
aaa session-id common
!
resource policy
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun
ip subnet-zero
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool LAN
network 192.168.123.0 255.255.255.0
default-router 192.168.123.1
dns-server 192.168.123.5 192.168.123.1
domain-name xxxxxxxxxxxxxxx
lease 0 23
!
ip dhcp pool WLAN
network 192.168.124.0 255.255.255.0
default-router 192.168.124.1
dns-server 192.168.123.5 192.168.123.1
domain-name xxxxxxxxxxxxxx
lease 0 23
!
ip dhcp pool Printer
host 192.168.123.103 255.255.255.0
hardware-address 0100.0048.d18a.04
default-router 192.168.123.1
dns-server 192.168.123.5 192.168.123.1
domain-name xxxxxxxxxxxxxx
lease 0 23
!
ip dhcp pool honey
host 192.168.123.4 255.255.255.0
hardware-address 0100.188b.f78f.81
default-router 192.168.123.1
dns-server 192.168.123.5 192.168.123.1
domain-name xxxxxxxxxxxxxxxx
lease 0 23
!
!
ip inspect one-minute high 2500
ip inspect name INSPECT-RULE1 tcp
ip inspect name INSPECT-RULE1 udp
ip inspect name INSPECT-RULE1 ftp
ip inspect name INSPECT-RULE1 pptp
no ip bootp server
ip domain name xxxxxxxxx
ip accounting-threshold 5120
vpdn enable
!
!
!
crypto pki trustpoint TP-self-signed-2083518622
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2083518622
revocation-check none
rsakeypair TP-self-signed-2083518622
!
!
crypto pki certificate chain TP-self-signed-2083518622
certificate self-signed 01
xxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxx
quit
call-history-mib retain-timer 500
call-history-mib max-size 500
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN to NTBBA/PPPoE/T-DSL
no ip address
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip route-cache flow
no ip mroute-cache
load-interval 30
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 11
no cdp enable
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid xxxxxxxxxxxxxxxxx
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0
4.0
station-role root
no cdp enable
!
interface Dot11Radio0.1
description Interface to Private LAN
encapsulation dot1Q 1 native
ip address 192.168.124.1 255.255.255.0
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1350
no ip mroute-cache
no snmp trap link-status
no cdp enable
!
interface Vlan1
description Interface to Private LAN
ip address 192.168.123.1 255.255.255.0
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1350
no ip mroute-cache
load-interval 30
!
interface Dialer11
description Dialer PPPoE to ElabNET DSL
ip address negotiated
ip access-group 160 in
ip accounting output-packets
ip mtu 1456
ip inspect INSPECT-RULE1 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 11
dialer remote-name redback
dialer idle-timeout 300
dialer vpdn
dialer-group 10
no cdp enable
ppp authentication pap chap callin optional
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxx password 7 xxxxxxxx
ppp ipcp dns request
ppp timeout authentication 180
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer11
!
ip http server
ip http secure-server
ip nat source static tcp (MEINE FESTE IP ) 1723 interface Vlan1
ip nat source static tcp 192.168.123.16 1723 interface Diale
ip nat inside source list 150 interface Dialer11 overload
ip dns server
!
logging history size 500
logging history debugging
logging trap debugging
access-list 150 remark *************************************
access-list 150 remark *** no NAT to private IP's
access-list 150 deny ip any 10.0.0.0 0.255.255.255
access-list 150 deny ip any 172.16.0.0 0.15.255.255
access-list 150 deny ip any 192.168.0.0 0.0.255.255
access-list 150 remark *** NAT-List
access-list 150 permit ip 10.0.0.0 0.255.255.255 any
access-list 150 permit ip 172.16.0.0 0.15.255.255 any
access-list 150 permit ip 192.168.0.0 0.0.255.255 any
access-list 160 remark *************************************
access-list 160 remark *** FIREWALL: Inbound-Rules for Inter
access-list 160 remark *** IKE/ESP allowed
access-list 160 permit esp any any
access-list 160 permit udp any any eq isakmp
access-list 160 permit udp any any eq non500-isakmp
access-list 160 permit gre any any
access-list 160 permit tcp any any eq 1723
access-list 160 remark *** ICMP-subset allowed
access-list 160 permit icmp any any echo
access-list 160 permit icmp any any echo-reply
access-list 160 permit icmp any any unreachable
access-list 160 permit icmp any any time-exceeded
access-list 160 permit icmp any any ttl-exceeded
access-list 160 permit icmp any any packet-too-big
access-list 160 remark *** Allow Management
access-list 160 remark *** NTP-Response from Time-servers
access-list 160 permit udp host 192.53.103.103 eq ntp any eq
access-list 160 permit udp host 129.69.1.153 eq ntp any eq n
access-list 160 permit udp host 192.43.244.18 eq ntp any eq
access-list 160 remark *** ElabNET WC
access-list 160 permit ip 213.68.224.0 0.0.0.31 any
access-list 160 permit ip 213.69.234.112 0.0.0.15 any
access-list 160 permit tcp any eq domain any
access-list 160 permit udp any eq domain any
access-list 160 remark *** Drop selected without log
access-list 160 deny icmp any any echo
access-list 160 deny tcp any any eq 57
access-list 160 deny tcp any any eq ftp
access-list 160 deny tcp any any eq www
access-list 160 deny tcp any any eq sunrpc
access-list 160 deny tcp any any eq ident
access-list 160 deny udp any any range 135 netbios-ss
access-list 160 deny tcp any any range 135 139
access-list 160 deny tcp any any eq 443
access-list 160 deny tcp any any eq 445
access-list 160 deny udp any any eq rip
access-list 160 deny tcp any any eq 554
access-list 160 deny tcp any any eq 593
access-list 160 deny tcp any any eq 901
access-list 160 deny tcp any any eq 1234
access-list 160 deny tcp any any eq 1433
access-list 160 deny udp any any eq 1434
access-list 160 deny tcp any any eq 1434
access-list 160 deny tcp any any eq 2014
access-list 160 deny udp any any eq 2301
access-list 160 deny tcp any any eq 4899
access-list 160 deny tcp any any eq 17300
access-list 160 deny tcp any any eq 27374
access-list 160 deny ip host 127.0.0.1 any
access-list 160 remark *** DENY anything else with log
access-list 160 deny ip any any log
dialer-list 1 protocol ip permit
dialer-list 10 protocol ip permit
dialer-list 11 protocol ip permit
dialer-list 15 protocol ip permit
snmp-server community snmp123 RO 15
snmp-server community snmp123!x RW 15
snmp-server ifindex persist
snmp-server location xxxxxxxxxxxxx
snmp-server contact xxxxxxxxxxxxxxxxx
snmp-server enable traps tty
no cdp run
route-map NAT-out permit 10
match ip address 150
!
!
control-plane
!
banner login ^CCC
xxxxxxxxxxxxxxxxxxxxxx
For any questions regarding this router
please ask at xxxxxxxxxxxxxxxxxxxxxxxxxx


# tatiana #
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17175026
ntp server 192.53.103.103 prefer
ntp server 192.43.244.18
ntp server 129.69.1.153
end
___________________________________________________

Nach 5 Tagen googlen, Bücher wälzen und Foren durchforsten bin ich nun am Ende mit meinem Latein.

Ich bin mir ziemlich sicher, dass die Ports nicht richtig geforwordet werden, deshalb hab ich schon versucht per Telnet den Port 1723 freizugeben aber es hat keine Wirkung gezeigt.
Ich weiß langsam echt nicht weiter.
Falls ihr Informationen braucht stelle ich sie gerne zu Verfügung!

bitte helft mir

mfg euer verzweifelter Praktikant Alex

17.Sep.2007 13:48 alkumuc ist offline Email an alkumuc senden Beiträge von alkumuc suchen Nehmen Sie alkumuc in Ihre Freundesliste auf

Neues Thema erstellen Antwort erstellen