Cisco 871w Router und VPN?

Dieses Thema im Forum "Cisco" wurde erstellt von alkumuc, 17. September 2007.

  1. alkumuc

    alkumuc Starter

    Registriert seit:
    10. September 2007
    Beiträge:
    6
    Punkte für Erfolge:
    0
    Hallo liebes Forum,
    seit einigen Tagen versuche ich jetzt schon eine VPN-Verbindung über den Cisco 871 Router auf einen Windows Small Business Server 2003 zu erstellen.
    Über das lokale Netzwerk kann ich eine Verbindung zum VPN erfolgreich durchführen, nur wenn ich versuch über das Interenet mich einzuwählen klappt es nicht.
    Deshalb behaupte ich jetzt einfach mal das es an der Router Configuration liegt.
    Hier ist die running-config:

    ____________________________________
    Building configuration...

    Current configuration : 9938 bytes
    !
    ! Last configuration change at 12:31:00 CEST Mon Sep 17 2007
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec localtime show-timezo
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service compress-config
    service sequence-numbers
    !
    hostname xxxxxx
    !
    boot-start-marker
    boot-end-marker
    !
    logging count
    logging snmp-authfail
    logging userinfo
    logging buffered 51200 debugging
    logging reload debugging
    no logging console
    enable secret 5 xxxxxxxxxxxxxxxxxx
    !
    aaa new-model
    !
    !
    aaa authentication login default group tacacs+ enable
    aaa authentication ppp default local
    aaa authorization exec default group tacacs+ none
    aaa accounting update periodic 5
    aaa accounting exec default start-stop group tacacs+
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone CET 1
    clock summer-time CEST recurring last Sun Mar 2:00 last Sun
    ip subnet-zero
    ip cef
    no ip dhcp use vrf connected
    !
    ip dhcp pool LAN
    network 192.168.123.0 255.255.255.0
    default-router 192.168.123.1
    dns-server 192.168.123.5 192.168.123.1
    domain-name xxxxxxxxxxxxxxx
    lease 0 23
    !
    ip dhcp pool WLAN
    network 192.168.124.0 255.255.255.0
    default-router 192.168.124.1
    dns-server 192.168.123.5 192.168.123.1
    domain-name xxxxxxxxxxxxxx
    lease 0 23
    !
    ip dhcp pool Printer
    host 192.168.123.103 255.255.255.0
    hardware-address 0100.0048.d18a.04
    default-router 192.168.123.1
    dns-server 192.168.123.5 192.168.123.1
    domain-name xxxxxxxxxxxxxx
    lease 0 23
    !
    ip dhcp pool honey
    host 192.168.123.4 255.255.255.0
    hardware-address 0100.188b.f78f.81
    default-router 192.168.123.1
    dns-server 192.168.123.5 192.168.123.1
    domain-name xxxxxxxxxxxxxxxx
    lease 0 23
    !
    !
    ip inspect one-minute high 2500
    ip inspect name INSPECT-RULE1 tcp
    ip inspect name INSPECT-RULE1 udp
    ip inspect name INSPECT-RULE1 ftp
    ip inspect name INSPECT-RULE1 pptp
    no ip bootp server
    ip domain name xxxxxxxxx
    ip accounting-threshold 5120
    vpdn enable
    !
    !
    !
    crypto pki trustpoint TP-self-signed-2083518622
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2083518622
    revocation-check none
    rsakeypair TP-self-signed-2083518622
    !
    !
    crypto pki certificate chain TP-self-signed-2083518622
    certificate self-signed 01
    xxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxxxxxxxxxxxxxxxxxxxx
    quit
    call-history-mib retain-timer 500
    call-history-mib max-size 500
    !
    !
    !
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    description WAN to NTBBA/PPPoE/T-DSL
    no ip address
    no ip unreachables
    no ip proxy-arp
    ip accounting output-packets
    ip route-cache flow
    no ip mroute-cache
    load-interval 30
    duplex auto
    speed auto
    pppoe enable group global
    pppoe-client dial-pool-number 11
    no cdp enable
    !
    interface Dot11Radio0
    no ip address
    !
    encryption vlan 1 mode ciphers tkip
    !
    ssid xxxxxxxxxxxxxxxxx
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0
    4.0
    station-role root
    no cdp enable
    !
    interface Dot11Radio0.1
    description Interface to Private LAN
    encapsulation dot1Q 1 native
    ip address 192.168.124.1 255.255.255.0
    no ip proxy-arp
    ip accounting output-packets
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1350
    no ip mroute-cache
    no snmp trap link-status
    no cdp enable
    !
    interface Vlan1
    description Interface to Private LAN
    ip address 192.168.123.1 255.255.255.0
    no ip proxy-arp
    ip accounting output-packets
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1350
    no ip mroute-cache
    load-interval 30
    !
    interface Dialer11
    description Dialer PPPoE to ElabNET DSL
    ip address negotiated
    ip access-group 160 in
    ip accounting output-packets
    ip mtu 1456
    ip inspect INSPECT-RULE1 out
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip route-cache flow
    dialer pool 11
    dialer remote-name redback
    dialer idle-timeout 300
    dialer vpdn
    dialer-group 10
    no cdp enable
    ppp authentication pap chap callin optional
    ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx
    ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx
    ppp pap sent-username xxxxxxxxxxxxx password 7 xxxxxxxx
    ppp ipcp dns request
    ppp timeout authentication 180
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer11
    !
    ip http server
    ip http secure-server
    ip nat source static tcp (MEINE FESTE IP ) 1723 interface Vlan1
    ip nat source static tcp 192.168.123.16 1723 interface Diale
    ip nat inside source list 150 interface Dialer11 overload
    ip dns server
    !
    logging history size 500
    logging history debugging
    logging trap debugging
    access-list 150 remark *************************************
    access-list 150 remark *** no NAT to private IP's
    access-list 150 deny ip any 10.0.0.0 0.255.255.255
    access-list 150 deny ip any 172.16.0.0 0.15.255.255
    access-list 150 deny ip any 192.168.0.0 0.0.255.255
    access-list 150 remark *** NAT-List
    access-list 150 permit ip 10.0.0.0 0.255.255.255 any
    access-list 150 permit ip 172.16.0.0 0.15.255.255 any
    access-list 150 permit ip 192.168.0.0 0.0.255.255 any
    access-list 160 remark *************************************
    access-list 160 remark *** FIREWALL: Inbound-Rules for Inter
    access-list 160 remark *** IKE/ESP allowed
    access-list 160 permit esp any any
    access-list 160 permit udp any any eq isakmp
    access-list 160 permit udp any any eq non500-isakmp
    access-list 160 permit gre any any
    access-list 160 permit tcp any any eq 1723
    access-list 160 remark *** ICMP-subset allowed
    access-list 160 permit icmp any any echo
    access-list 160 permit icmp any any echo-reply
    access-list 160 permit icmp any any unreachable
    access-list 160 permit icmp any any time-exceeded
    access-list 160 permit icmp any any ttl-exceeded
    access-list 160 permit icmp any any packet-too-big
    access-list 160 remark *** Allow Management
    access-list 160 remark *** NTP-Response from Time-servers
    access-list 160 permit udp host 192.53.103.103 eq ntp any eq
    access-list 160 permit udp host 129.69.1.153 eq ntp any eq n
    access-list 160 permit udp host 192.43.244.18 eq ntp any eq
    access-list 160 remark *** ElabNET WC
    access-list 160 permit ip 213.68.224.0 0.0.0.31 any
    access-list 160 permit ip 213.69.234.112 0.0.0.15 any
    access-list 160 permit tcp any eq domain any
    access-list 160 permit udp any eq domain any
    access-list 160 remark *** Drop selected without log
    access-list 160 deny icmp any any echo
    access-list 160 deny tcp any any eq 57
    access-list 160 deny tcp any any eq ftp
    access-list 160 deny tcp any any eq www
    access-list 160 deny tcp any any eq sunrpc
    access-list 160 deny tcp any any eq ident
    access-list 160 deny udp any any range 135 netbios-ss
    access-list 160 deny tcp any any range 135 139
    access-list 160 deny tcp any any eq 443
    access-list 160 deny tcp any any eq 445
    access-list 160 deny udp any any eq rip
    access-list 160 deny tcp any any eq 554
    access-list 160 deny tcp any any eq 593
    access-list 160 deny tcp any any eq 901
    access-list 160 deny tcp any any eq 1234
    access-list 160 deny tcp any any eq 1433
    access-list 160 deny udp any any eq 1434
    access-list 160 deny tcp any any eq 1434
    access-list 160 deny tcp any any eq 2014
    access-list 160 deny udp any any eq 2301
    access-list 160 deny tcp any any eq 4899
    access-list 160 deny tcp any any eq 17300
    access-list 160 deny tcp any any eq 27374
    access-list 160 deny ip host 127.0.0.1 any
    access-list 160 remark *** DENY anything else with log
    access-list 160 deny ip any any log
    dialer-list 1 protocol ip permit
    dialer-list 10 protocol ip permit
    dialer-list 11 protocol ip permit
    dialer-list 15 protocol ip permit
    snmp-server community snmp123 RO 15
    snmp-server community snmp123!x RW 15
    snmp-server ifindex persist
    snmp-server location xxxxxxxxxxxxx
    snmp-server contact xxxxxxxxxxxxxxxxx
    snmp-server enable traps tty
    no cdp run
    route-map NAT-out permit 10
    match ip address 150
    !
    !
    control-plane
    !
    banner login ^CCC
    xxxxxxxxxxxxxxxxxxxxxx
    For any questions regarding this router
    please ask at xxxxxxxxxxxxxxxxxxxxxxxxxx


    # tatiana #
    ^C
    !
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    ntp clock-period 17175026
    ntp server 192.53.103.103 prefer
    ntp server 192.43.244.18
    ntp server 129.69.1.153
    end
    ___________________________________________________

    Nach 5 Tagen googlen, Bücher wälzen und Foren durchforsten bin ich nun am Ende mit meinem Latein.

    Ich bin mir ziemlich sicher, dass die Ports nicht richtig geforwordet werden, deshalb hab ich schon versucht per Telnet den Port 1723 freizugeben aber es hat keine Wirkung gezeigt.
    Ich weiß langsam echt nicht weiter.
    Falls ihr Informationen braucht stelle ich sie gerne zu Verfügung!

    bitte helft mir :(

    mfg euer verzweifelter Praktikant Alex
     

Diese Seite empfehlen