Posté le: Sam Sep 06, 2008 4:28 pm Sujet du message: Tunnel VPN ne fonctionne plus après l’activation de Firewall
Bonjour,
Pour les besoins internes de notre société, j’ai configuré un routeur Cisco 1801w permettant d’accéder à Internet et d’isoler les services réseaux entre les zones WAN, LAN, WLAN, DNZ-FRONT, DMZ-BACK ainsi que d’accéder le site locale depuis extérieur via un tunnel VPN. Le problème c’est que mon tunnel VPN ne fonctionne plus après l’activation de Firewall.
J’ai le fonctionnement et les zonez suivants :
- Zone Self – le routeur lui-même
- Zone WAN (Internet) - l’interface Dialer0
- Zone DMZ-FRONT - VLAN 5
- Zone DMZ-BACK - VLAN 4
- Zone LAN - l’interface BVI1
-- Le default VLAN - VLAN 1, l’interface wireless Dot11Radio0.1 et le Virtual-Template1 (le tunnel IPSEC pour le VPN) sont bridges sur l’interface BVI1 qui est en effet la zone LAN. J’ai choisit que le tunnel VPN soit connecté sur la zone LAN ainsi que les stations sans fil.
J’ai configuré le firewall pour permettre l’accès entre tous ces zonez et les accès internet, mais je n’arrive plus à établir la connexion VPN. Le routeur ne répond plus sur l’interface WAN. J’ai regardé ce forum ou les autres forums pour comprendre ou exactement déclarer les inspect, les accès et les classes nécessaires pour le bon fonctionnement de VPN, mais sans succès.
Je vous remercie en avance si quelqu'un peut m’aider de résoudre ce problème.
Je joins la configuration de routeur pour plus de détails.
Merci en avance, Momchil
!This is the running config of the router: ADR_IP_LAN_.100
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxxxxxxxxxxxxxxxxxxxxx
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 524288
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone CET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-3649689181
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3649689181
revocation-check none
rsakeypair TP-self-signed-3649689181
!
!
crypto pki certificate chain TP-self-signed-3649689181
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
xxxxxxxxxxxxxxxxxxxxxxxx
quit
!
dot11 ssid xxxxxxxxxxxxxxxxxxxxxxxx
vlan 1
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address ADR_IP_LAN_.200 ADR_IP_LAN_.254
ip dhcp excluded-address ADR_IP_LAN_.1 ADR_IP_LAN_.149
!
ip dhcp pool pool-lan
import all
network ADR_IP_LAN_.0 255.255.255.0
domain-name xxxxxxxxxxxxxxxxxxxxxxxx
dns-server 80.10.246.2 80.10.246.129
default-router ADR_IP_LAN_.100
lease 7
!
!
no ip bootp server
ip domain name xxxxxxxxxxxxxxxxxxxxxxxx
ip name-server 80.10.246.2
ip name-server 80.10.246.129
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username admxxxxxxxxxxxxxxxxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
username vpnxxxxxxxxxxxxxxxxxxxxx privilege 0 secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp client configuration group vpngroupxxxxxxxxxxxxxxxxxxxxxxxx
key xxxxxxxxxxxxxxxxxxxxxxxx
dns 80.10.246.2 80.10.246.129
domain xxxxxxxxxxxxxxxxxxxxxxxx
pool pool-vpn
max-users 10
netmask 255.255.255.0
banner ^CVPN Successfully created! Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized user! ^C
crypto isakmp profile sdm-ike-profile-1
match identity group vpngrouplan
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 3600
set transform-set ESP-AES128-SHA
set isakmp-profile sdm-ike-profile-1
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any class-map-dmz-file-protocols
match protocol netbios-dgm
match protocol netbios-ssn
match protocol microsoft-ds
match protocol r-winsock
class-map type inspect match-any class-map-dmz-traffic-backup-protocols
match protocol dns
match protocol ftp
match protocol nfs
class-map type inspect match-all class-map-dmz-traffic-backup
match access-group name acl-dmz-traffic-backup
match class-map class-map-dmz-traffic-backup-protocols
class-map type inspect match-any sdm-cls-protocol-p2p
match protocol edonkey signature
match protocol bittorrent signature
class-map type inspect match-any class-map-lan-traffic-mail
match protocol dns
match protocol imap
match protocol imaps
match protocol pop3
match protocol smtp extended
match protocol pop3s
class-map type inspect match-any class-map-dmz-traffic-smtp-out-protocols
match protocol dns
match protocol smtp extended
class-map type inspect match-any class-map-dmz-dbsql-protocols
match protocol dns
match protocol oracle
match protocol oraclenames
match protocol sql-net
match protocol net8-cman
match protocol mysql
class-map type inspect match-all class-map-dmz-dbsql
match access-group name acl-dmz-dbsql
match class-map class-map-dmz-dbsql-protocols
class-map type inspect match-all class-map-dmz-https
match access-group name acl-dmz-https
match protocol https
class-map type inspect match-all class-map-dmz-imaps
match access-group name acl-dmz-imaps
match protocol imaps
class-map type inspect match-any class-map-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all class-map-dmz-lotusnote
match access-group name acl-dmz-lotusnote
match protocol lotusnote
class-map type inspect match-all class-map-dmz-front-invalid-src
match access-group name acl-dmz-front-invalid-src
class-map type inspect match-all class-map-lan-traffic-admin-vmware
match access-group name acl-dmz-vmware
class-map type inspect match-all class-map-dmz-file
match access-group name acl-dmz-file
match class-map class-map-dmz-file-protocols
class-map type inspect match-all class-map-dmz-http
match access-group name acl-dmz-http
match protocol http
class-map type inspect match-all class-map-dmz-back-invalid-src
match access-group name acl-dmz-back-invalid-src
class-map type inspect match-all class-map-dmz-traffic-smtp-out
match access-group name acl-dmz-traffic-smtp-out
match class-map class-map-dmz-traffic-smtp-out-protocols
class-map type inspect match-all class-map-dmz-smtp
match access-group name acl-dmz-smtp
match protocol smtp extended
class-map type inspect match-all class-map-front-to-dmz-dbsql
match access-group name acl-front-to-dmz-dbsql
match class-map class-map-dmz-dbsql-protocols
class-map type inspect match-all sdm-protocol-p2p
match class-map sdm-cls-protocol-p2p
class-map type inspect match-all class-map-lan-invalid-src
match access-group name acl-lan-invalid-src
class-map type inspect match-all class-map-dmz-pop3s
match access-group name acl-dmz-pop3s
match protocol pop3s
class-map type inspect match-any class-map-dmz-traffic-tools
match protocol dns
match protocol icmp
match protocol ntp
class-map type inspect match-any class-map-lan-traffic-web
match protocol dns
match protocol cuseeme
match protocol ftp
match protocol h323
match protocol http
match protocol https
match protocol realmedia
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol rtsp
match protocol netshow
match protocol appleqtc
class-map type inspect edonkey match-any sdm-app-edonkeychat
match search-file-name
match text-chat
class-map type inspect match-any class-map-lan-traffic-admin
match protocol http
match protocol https
match protocol ddns-v3
match protocol dns
match protocol netbios-ns
match protocol wins
match protocol ntp
match protocol icmp
match protocol echo
match protocol ftp
match protocol ftps
match protocol tftp
match protocol telnet
match protocol telnets
match protocol ssh
match protocol shell
match protocol sshell
match protocol x11
match protocol xdmcp
match protocol msrpc
match protocol exec
match protocol rtelnet
match protocol login
match class-map class-map-lan-traffic-admin-vmware
match protocol netstat
match protocol who
class-map type inspect match-all class-map-dmz-traffic-smtp-out-temp
match access-group name acl-dmz-traffic-smtp-out-temp
match class-map class-map-dmz-traffic-smtp-out-protocols
class-map type inspect match-any class-map-lan-traffic-tools
match protocol dns
match protocol icmp
match protocol ntp
class-map type inspect match-any class-map-lan-traffic-other
match protocol dns
match protocol icmp
match protocol sql-net
match protocol tcp
match protocol udp
class-map type inspect edonkey match-any sdm-app-edonkeydownload
match file-transfer
class-map type inspect match-any class-map-dmz-traffic-web
match protocol dns
match protocol ftp
match protocol http
match protocol https
!
!
policy-map type inspect policy-lan-dmz
class type inspect class-map-lan-invalid-src
drop log
class type inspect class-map-lan-traffic-tools
inspect
class type inspect class-map-lan-traffic-admin
inspect
class type inspect class-map-dmz-dbsql
inspect
class type inspect class-map-dmz-file
inspect
class type inspect class-map-dmz-http
inspect
class type inspect class-map-dmz-https
inspect
class type inspect class-map-dmz-smtp
inspect
class type inspect class-map-dmz-pop3s
inspect
class type inspect class-map-dmz-imaps
inspect
class type inspect class-map-dmz-lotusnote
inspect
class class-default
drop log
policy-map type inspect p2p sdm-action-app-p2p
class type inspect edonkey sdm-app-edonkeychat
log
allow
class type inspect edonkey sdm-app-edonkeydownload
log
allow
class class-default
policy-map type inspect policy-lan-wan
class type inspect class-map-lan-invalid-src
drop log
class type inspect class-map-lan-traffic-tools
inspect
class type inspect class-map-lan-traffic-web
inspect
class type inspect class-map-lan-traffic-mail
inspect
class type inspect class-map-lan-traffic-admin
inspect
class type inspect class-map-lan-traffic-other
inspect
class type inspect sdm-protocol-p2p
inspect
service-policy p2p sdm-action-app-p2p
class class-default
drop log
policy-map type inspect policy-dmz-back-wan
class type inspect class-map-dmz-back-invalid-src
drop log
class type inspect class-map-dmz-traffic-tools
inspect
class type inspect class-map-dmz-traffic-web
inspect
class type inspect class-map-dmz-traffic-smtp-out-temp
inspect
class class-default
policy-map type inspect policy-dmz-back-other
class type inspect class-map-dmz-back-invalid-src
drop log
class type inspect class-map-dmz-traffic-tools
inspect
class type inspect class-map-dmz-http
inspect
class type inspect class-map-dmz-https
inspect
class type inspect class-map-dmz-smtp
inspect
class type inspect class-map-dmz-traffic-backup
inspect
class class-default
policy-map type inspect policy-wan-dmz-front
class type inspect class-map-dmz-http
inspect
class type inspect class-map-dmz-https
inspect
class type inspect class-map-dmz-smtp
inspect
class type inspect class-map-dmz-pop3s
inspect
class type inspect class-map-dmz-imaps
inspect
class class-default
policy-map type inspect policy-dmz-front-wan
class type inspect class-map-dmz-front-invalid-src
drop log
class type inspect class-map-dmz-traffic-tools
inspect
class type inspect class-map-dmz-traffic-web
inspect
class type inspect class-map-dmz-traffic-smtp-out-temp
inspect
class type inspect class-map-dmz-traffic-smtp-out
inspect
class class-default
policy-map type inspect policy-drop-all
class class-default
policy-map type inspect policy-dmz-front-dmz-back
class type inspect class-map-dmz-front-invalid-src
drop log
class type inspect class-map-dmz-traffic-tools
inspect
class type inspect class-map-front-to-dmz-dbsql
inspect
class class-default
pass
policy-map type inspect policy-self-other
class type inspect class-map-icmp-access
inspect
class class-default
pass
!
zone security zone-wan
zone security zone-lan
zone security zone-dmz-front
zone security zone-dmz-back
zone-pair security sdm-zp-wan-lan source zone-wan destination zone-lan
service-policy type inspect policy-drop-all
zone-pair security sdm-zp-wan-dmz-front source zone-wan destination zone-dmz-front
service-policy type inspect policy-wan-dmz-front
zone-pair security sdm-zp-wan-dmz-back source zone-wan destination zone-dmz-back
service-policy type inspect policy-drop-all
zone-pair security sdm-zp-lan-wan source zone-lan destination zone-wan
service-policy type inspect policy-lan-wan
zone-pair security sdm-zp-lan-dmz-front source zone-lan destination zone-dmz-front
service-policy type inspect policy-lan-dmz
zone-pair security sdm-zp-lan-dmz-back source zone-lan destination zone-dmz-back
service-policy type inspect policy-lan-dmz
zone-pair security sdm-zp-dmz-front-wan source zone-dmz-front destination zone-wan
service-policy type inspect policy-dmz-front-wan
zone-pair security sdm-zp-dmz-front-lan source zone-dmz-front destination zone-lan
service-policy type inspect policy-drop-all
zone-pair security sdm-zp-dmz-front-dmz-back source zone-dmz-front destination zone-dmz-back
service-policy type inspect policy-dmz-front-dmz-back
zone-pair security sdm-zp-dmz-back-wan source zone-dmz-back destination zone-wan
service-policy type inspect policy-dmz-back-wan
zone-pair security sdm-zp-dmz-back-lan source zone-dmz-back destination zone-lan
service-policy type inspect policy-dmz-back-other
zone-pair security sdm-zp-dmz-back-dmz-front source zone-dmz-back destination zone-dmz-front
service-policy type inspect policy-dmz-back-other
zone-pair security sdm-zp-self-wan source self destination zone-wan
service-policy type inspect policy-self-other
zone-pair security sdm-zp-wan-self source zone-wan destination self
service-policy type inspect policy-drop-all
bridge irb
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
description WAN_FAST_ETHERNET
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
!
interface FastEthernet1
description SWITCHPORT_DMZ_BACK
switchport access vlan 4
duplex full
speed 100
!
interface FastEthernet2
description SWITCHPORT_LAN
duplex full
speed 100
!
interface FastEthernet3
description SWITCHPORT_DMZ_FRONT
switchport access vlan 5
duplex full
speed 100
!
interface FastEthernet4
description SWITCHPORT_GUEST
switchport access vlan 6
duplex full
speed 100
!
interface FastEthernet5
description SWITCHPORT_LAN
duplex full
speed 100
!
interface FastEthernet6
description SWITCHPORT_LAN
duplex full
speed 100
!
interface FastEthernet7
description SWITCHPORT_LAN
duplex full
speed 100
!
interface FastEthernet8
description SWITCHPORT_LAN
duplex full
speed 100
!
interface Dot11Radio0
description WLAN_802.11g
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid xxxxxxxxxxxxxxxxxxxxxxxx
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
description WLAN_802.11g_xxxxxxxxxxxxxxxxxxxxxxxx
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
description WLAN_802.11a
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface ATM0
description WAN_ADSL
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description ADSL_ATM_PPP_LINK$FW_OUTSIDE$$ES_WAN$
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Virtual-Template1 type tunnel
description $FW_INSIDE$
ip unnumbered BVI1
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description VLAN_LAN_DEFAULT_VLAN
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
bridge-group 1
!
interface Vlan4
description VLAN_DMZ_BACK$FW_INSIDE$
ip address ADR_IP_DMZ_BACK_.100 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security zone-dmz-back
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Vlan5
description VLAN_DMZ_FRONT$FW_INSIDE$
ip address ADR_IP_DMZ_FRONT_.100 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security zone-dmz-front
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
zone-member security zone-wan
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
interface BVI1
description $FW_INSIDE$
ip address ADR_IP_LAN_.100 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security zone-lan
ip route-cache flow
ip tcp adjust-mss 1412
!
ip local pool pool-vpn ADR_IP_LAN_.200 ADR_IP_LAN_.249
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp ADR_IP_DMZ_FRONT_.40 80 interface Dialer0 80
ip nat inside source static tcp ADR_IP_DMZ_FRONT_.40 443 interface Dialer0 443
ip nat inside source static tcp ADR_IP_DMZ_FRONT_.30 25 interface Dialer0 25
ip nat inside source static tcp ADR_IP_DMZ_FRONT_.32 993 interface Dialer0 993
ip nat inside source static tcp ADR_IP_DMZ_FRONT_.31 995 interface Dialer0 995
!
ip access-list extended acl-dmz-back-invalid-src
remark SDM_ACL Category=1
permit ip host 255.255.255.255 any
permit ip 127.0.0.0 0.255.255.255 any
permit ip ADR_IP_LAN_.0 0.0.0.255 any
permit ip ADR_IP_DMZ_FRONT_.0 0.0.0.255 any
ip access-list extended acl-dmz-dbsql
remark SDM_ACL Category=1
permit ip any host ADR_IP_DMZ_BACK_.50
permit ip any host ADR_IP_DMZ_BACK_.51
ip access-list extended acl-dmz-file
remark SDM_ACL Category=1
permit ip any host ADR_IP_DMZ_BACK_.52
ip access-list extended acl-dmz-front-invalid-src
remark SDM_ACL Category=1
permit ip host 255.255.255.255 any
permit ip 127.0.0.0 0.255.255.255 any
permit ip ADR_IP_LAN_.0 0.0.0.255 any
permit ip ADR_IP_DMZ_BACK_.0 0.0.0.255 any
ip access-list extended acl-dmz-http
remark SDM_ACL Category=1
permit ip any host ADR_IP_DMZ_FRONT_.40
ip access-list extended acl-dmz-https
remark SDM_ACL Category=1
permit ip any host ADR_IP_DMZ_FRONT_.40
ip access-list extended acl-dmz-imaps
remark SDM_ACL Category=1
permit ip any host ADR_IP_DMZ_FRONT_.32
ip access-list extended acl-dmz-lotusnote
remark SDM_ACL Category=1
permit ip any host ADR_IP_DMZ_FRONT_.33
ip access-list extended acl-dmz-pop3s
remark SDM_ACL Category=1
permit ip any host ADR_IP_DMZ_FRONT_.31
ip access-list extended acl-dmz-smtp
remark SDM_ACL Category=1
permit ip any host ADR_IP_DMZ_FRONT_.30
ip access-list extended acl-dmz-traffic-backup
remark SDM_ACL Category=1
permit ip host ADR_IP_DMZ_BACK_.54 any
ip access-list extended acl-dmz-traffic-smtp-out
remark SDM_ACL Category=1
permit ip host ADR_IP_DMZ_FRONT_.30 any
ip access-list extended acl-dmz-traffic-smtp-out-temp
remark SDM_ACL Category=1
permit ip any any
ip access-list extended acl-dmz-vmware
remark SDM_ACL Category=1
permit tcp any host ADR_IP_DMZ_FRONT_.2 eq 902
permit tcp any host ADR_IP_DMZ_BACK_.1 eq 902
ip access-list extended acl-front-to-dmz-dbsql
remark SDM_ACL Category=1
permit ip host ADR_IP_DMZ_FRONT_.40 host ADR_IP_DMZ_BACK_.50
permit ip host ADR_IP_DMZ_FRONT_.40 host ADR_IP_DMZ_BACK_.51
ip access-list extended acl-lan-invalid-src
remark SDM_ACL Category=1
permit ip host 255.255.255.255 any
permit ip 127.0.0.0 0.255.255.255 any
permit ip ADR_IP_DMZ_FRONT_.0 0.0.0.255 any
permit ip ADR_IP_DMZ_BACK_.0 0.0.0.255 any
!
logging trap debugging
access-list 1 permit ADR_IP_LAN_.0 0.0.0.255
access-list 1 permit ADR_IP_DMZ_BACK_.0 0.0.0.255
access-list 1 permit ADR_IP_DMZ_FRONT_.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit ADR_IP_DMZ_BACK_.0 0.0.0.255
access-list 2 permit ADR_IP_LAN_.0 0.0.0.255
access-list 2 deny any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip ADR_IP_DMZ_BACK_.0 0.0.0.255 any
access-list 100 permit ip ADR_IP_LAN_.0 0.0.0.255 any
access-list 100 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 100 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
ntp logging
ntp clock-period 17180342
ntp master 4
ntp update-calendar
ntp server 194.2.0.58 source Dialer0
ntp server 194.2.0.28 source Dialer0 prefer
end
Vous ne pouvez pas poster de nouveaux sujets dans ce forum Vous ne pouvez pas répondre aux sujets dans ce forum Vous ne pouvez pas éditer vos messages dans ce forum Vous ne pouvez pas supprimer vos messages dans ce forum Vous ne pouvez pas voter dans les sondages de ce forum
Tunnel VPN ne fonctionne plus après l’activation de Firewall
