- Beranda
- Komunitas
- Tech
- Internet Service & Networking
VPN remote access ga bisa ping lan
TS
srikandiduduk
VPN remote access ga bisa ping lan
malem agan agan , ane mau tanya ni
kan ane bikin vpn remote access pake IPSec nah di sisi client udah dapet ip pool vpnnya, tp dari client g bisa ping ke servernya, kira kira ada yang tau kenapa?
ini ane share confignya. oh iya serverny ane make cisco 7200
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip domain lookup
no ip ips deny-action ips-interface
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username **** password 0 ****
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group VPN_CLIENTS
key ClientVpnKey
dns 172.16.60.4
domain test.local
pool VPN_CLIENT_POOL
acl 110
!
!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
set transform-set TRANS_3DES_SHA
!
!
crypto map EXT_MAP client authentication list VPN_CLIENT_LOGIN
crypto map EXT_MAP isakmp authorization list VPN_CLIENT_GROUP
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description Menuju Router PE-1
ip address 172.16.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
description Menuju Internet
ip address 200.16.1.6 255.255.255.252
ip nat outside
ip virtual-reassembly
serial restart-delay 0
crypto map EXT_MAP
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
description Menuju LAN
no ip address
ip nat inside
ip virtual-reassembly
duplex full
speed auto
!
interface FastEthernet2/0.60
encapsulation dot1Q 60
ip address 172.16.60.1 255.255.255.128
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet2/0.70
encapsulation dot1Q 70
ip address 172.16.70.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet2/0.80
encapsulation dot1Q 80
ip address 172.16.80.1 255.255.255.0
no snmp trap link-status
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1.10
!
interface FastEthernet2/1.20
!
interface Ethernet3/0
description Menuju Router ASA
ip address 172.17.1.1 255.255.255.252
duplex half
!
interface Ethernet3/1
no ip address
shutdown
duplex half
!
interface Ethernet3/2
no ip address
shutdown
duplex half
!
interface Ethernet3/3
no ip address
shutdown
duplex half
!
interface Ethernet3/4
no ip address
shutdown
duplex half
!
interface Ethernet3/5
no ip address
shutdown
duplex half
!
interface Ethernet3/6
no ip address
shutdown
duplex half
!
interface Ethernet3/7
no ip address
shutdown
duplex half
!
router ospf 10
log-adjacency-changes
network 200.16.1.4 0.0.0.3 area 0
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 172.16.10.0 mask 255.255.255.0
network 172.16.60.0 mask 255.255.255.128
network 172.16.70.0 mask 255.255.255.0
neighbor 172.16.1.1 remote-as 1
no auto-summary
!
ip local pool VPN_CLIENT_POOL 172.16.80.200 172.16.80.210
ip classless
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Serial1/1 overload
!
ip access-list standard REDIST
permit 172.16.10.0 0.0.0.255
!
ip access-list extended NAT
deny ip 172.16.60.0 0.0.0.127 172.16.80.0 0.0.0.255
permit ip 172.16.60.0 0.0.0.127 any
!
access-list 110 permit ip 172.16.60.0 0.0.0.127 172.16.80.0 0.0.0.255
!
route-map BGP_REDIST permit 10
match ip address REDIST
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
kan ane bikin vpn remote access pake IPSec nah di sisi client udah dapet ip pool vpnnya, tp dari client g bisa ping ke servernya, kira kira ada yang tau kenapa?
ini ane share confignya. oh iya serverny ane make cisco 7200
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip domain lookup
no ip ips deny-action ips-interface
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username **** password 0 ****
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group VPN_CLIENTS
key ClientVpnKey
dns 172.16.60.4
domain test.local
pool VPN_CLIENT_POOL
acl 110
!
!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
set transform-set TRANS_3DES_SHA
!
!
crypto map EXT_MAP client authentication list VPN_CLIENT_LOGIN
crypto map EXT_MAP isakmp authorization list VPN_CLIENT_GROUP
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description Menuju Router PE-1
ip address 172.16.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
description Menuju Internet
ip address 200.16.1.6 255.255.255.252
ip nat outside
ip virtual-reassembly
serial restart-delay 0
crypto map EXT_MAP
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
description Menuju LAN
no ip address
ip nat inside
ip virtual-reassembly
duplex full
speed auto
!
interface FastEthernet2/0.60
encapsulation dot1Q 60
ip address 172.16.60.1 255.255.255.128
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet2/0.70
encapsulation dot1Q 70
ip address 172.16.70.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet2/0.80
encapsulation dot1Q 80
ip address 172.16.80.1 255.255.255.0
no snmp trap link-status
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1.10
!
interface FastEthernet2/1.20
!
interface Ethernet3/0
description Menuju Router ASA
ip address 172.17.1.1 255.255.255.252
duplex half
!
interface Ethernet3/1
no ip address
shutdown
duplex half
!
interface Ethernet3/2
no ip address
shutdown
duplex half
!
interface Ethernet3/3
no ip address
shutdown
duplex half
!
interface Ethernet3/4
no ip address
shutdown
duplex half
!
interface Ethernet3/5
no ip address
shutdown
duplex half
!
interface Ethernet3/6
no ip address
shutdown
duplex half
!
interface Ethernet3/7
no ip address
shutdown
duplex half
!
router ospf 10
log-adjacency-changes
network 200.16.1.4 0.0.0.3 area 0
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
network 172.16.10.0 mask 255.255.255.0
network 172.16.60.0 mask 255.255.255.128
network 172.16.70.0 mask 255.255.255.0
neighbor 172.16.1.1 remote-as 1
no auto-summary
!
ip local pool VPN_CLIENT_POOL 172.16.80.200 172.16.80.210
ip classless
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Serial1/1 overload
!
ip access-list standard REDIST
permit 172.16.10.0 0.0.0.255
!
ip access-list extended NAT
deny ip 172.16.60.0 0.0.0.127 172.16.80.0 0.0.0.255
permit ip 172.16.60.0 0.0.0.127 any
!
access-list 110 permit ip 172.16.60.0 0.0.0.127 172.16.80.0 0.0.0.255
!
route-map BGP_REDIST permit 10
match ip address REDIST
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
0
2.5K
1
Komentar yang asik ya
Urutan
Terbaru
Terlama
Komentar yang asik ya
Komunitas Pilihan