Top-Themen

AppleEntwicklungHardwareInternetLinuxMicrosoftMultimediaNetzwerkeOff TopicSicherheitSonstige SystemeVirtualisierungWeiterbildungZusammenarbeit

Aktuelle Themen

Administrator.de FeedbackApache ServerAppleAssemblerAudioAusbildungAuslandBackupBasicBatch & ShellBenchmarksBibliotheken & ToolkitsBlogsCloud-DiensteClusterCMSCPU, RAM, MainboardsCSSC und C++DatenbankenDatenschutzDebianDigitiales FernsehenDNSDrucker und ScannerDSL, VDSLE-BooksE-BusinessE-MailEntwicklungErkennung und -AbwehrExchange ServerFestplatten, SSD, RaidFirewallFlatratesGoogle AndroidGrafikGrafikkarten & MonitoreGroupwareHardwareHosting & HousingHTMLHumor (lol)Hyper-VIconsIDE & EditorenInformationsdiensteInstallationInstant MessagingInternetInternet DomäneniOSISDN & AnaloganschlüsseiTunesJavaJavaScriptKiXtartKVMLAN, WAN, WirelessLinuxLinux DesktopLinux NetzwerkLinux ToolsLinux UserverwaltungLizenzierungMac OS XMicrosoftMicrosoft OfficeMikroTik RouterOSMonitoringMultimediaMultimedia & ZubehörNetzwerkeNetzwerkgrundlagenNetzwerkmanagementNetzwerkprotokolleNotebook & ZubehörNovell NetwareOff TopicOpenOffice, LibreOfficeOutlook & MailPapierkorbPascal und DelphiPeripheriegerätePerlPHPPythonRechtliche FragenRedHat, CentOS, FedoraRouter & RoutingSambaSAN, NAS, DASSchriftartenSchulung & TrainingSEOServerServer-HardwareSicherheitSicherheits-ToolsSicherheitsgrundlagenSolarisSonstige SystemeSoziale NetzwerkeSpeicherkartenStudentenjobs & PraktikumSuche ProjektpartnerSuseSwitche und HubsTipps & TricksTK-Netze & GeräteUbuntuUMTS, EDGE & GPRSUtilitiesVB for ApplicationsVerschlüsselung & ZertifikateVideo & StreamingViren und TrojanerVirtualisierungVisual StudioVmwareVoice over IPWebbrowserWebentwicklungWeiterbildungWindows 7Windows 8Windows 10Windows InstallationWindows MobileWindows NetzwerkWindows ServerWindows SystemdateienWindows ToolsWindows UpdateWindows UserverwaltungWindows VistaWindows XPXenserverXMLZusammenarbeit

Cisco 1941 und pptp VPN keine Verindung

Frage Netzwerke Router & Routing

Mitglied: TomCatShS

TomCatShS (Level 1) - Jetzt verbinden

26.12.2012, aktualisiert 22:39 Uhr, 2813 Aufrufe, 1 Kommentar

Abend,
ich versuche einen Cisco 1941 als VPN (pptp) Server einzurichten, nur leider bekomme ich von meinen zwei Test Clienten keine Verindung aufgebaut.

Gerne würde ich Ipsec nutzen aber leider bekommen ich auch da keine Verbindung aufgebaut

Clienten:

Anyconnect für Windows und Iphone.

Config vom Router

01.
02.
! Last configuration change at 21:58:50 CET Wed Dec 26 2012 
03.
version 15.1 
04.
service timestamps debug datetime msec 
05.
service timestamps log datetime msec 
06.
no service password-encryption 
07.
service sequence-numbers 
08.
09.
hostname router_eng297 
10.
11.
boot-start-marker 
12.
boot-end-marker 
13.
14.
15.
enable secret XXXXXXXXXXXXXXXXX 
16.
enable password XXXXXXXXXXXXXXXXX 
17.
18.
no aaa new-model 
19.
20.
memory-size iomem 15 
21.
clock timezone CET 1 0 
22.
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00 
23.
24.
no ipv6 cef 
25.
no ip source-route 
26.
no ip gratuitous-arps 
27.
ip auth-proxy max-login-attempts 5 
28.
ip admission max-login-attempts 5 
29.
ip cef 
30.
31.
32.
33.
no ip dhcp use vrf connected 
34.
ip dhcp excluded-address 10.48.53.1 10.48.53.99 
35.
ip dhcp excluded-address 10.48.53.151 10.48.53.254 
36.
37.
ip dhcp pool 1941-dhcp 
38.
 network 10.48.53.0 255.255.255.0 
39.
 default-router 10.48.53.1  
40.
 domain-name XXXXXXXXXXXXXXXXX.secure.intern 
41.
 dns-server 208.67.222.222 208.67.220.220  
42.
 lease 7 
43.
44.
45.
ip domain name XXXXXXXXXXXXXXXXX.secure.intern 
46.
ip name-server 208.67.222.222 
47.
ip name-server 208.67.220.220 
48.
ip inspect name meinefw tcp 
49.
ip inspect name meinefw udp 
50.
ip ddns update method dyndns 
51.
52.
login block-for 300 attempts 3 within 30 
53.
login on-failure log 
54.
login on-success log 
55.
56.
multilink bundle-name authenticated 
57.
58.
vpdn enable 
59.
60.
vpdn-group 1 
61.
 ! Default PPTP VPDN group 
62.
 accept-dialin 
63.
  protocol pptp 
64.
  virtual-template 1 
65.
 l2tp tunnel timeout no-session 15 
66.
67.
crypto pki token default removal timeout 0 
68.
69.
crypto pki trustpoint TP-self-signed-2189981532 
70.
 enrollment selfsigned 
71.
 subject-name cn=IOS-Self-Signed-Certificate-2189981532 
72.
 revocation-check none 
73.
 rsakeypair TP-self-signed-2189981532 
74.
75.
76.
crypto pki certificate chain TP-self-signed-2189981532 
77.
 certificate self-signed 01 
78.
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030  
79.
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274  
80.
  69666963 6174652D 32313839 39383135 3332301E 170D3132 31323233 32323033  
81.
  32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649  
82.
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31383939  
83.
  38313533 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281  
84.
  81009EDC E1D5EEF7 F2B128A7 0473D2A1 A6F119CD 3A99F94F 11CD4A60 0016B17E  
85.
  1EB094A6 EC198B92 D88C9139 5A06152B 3B4437C7 882062CB 80DEB2B5 D2F86240  
86.
  A0ACFD0C 67359E39 D8106B72 D4BA859F D7604FD0 1000BC6D 155D32DF 8D6789B3  
87.
  994A6606 7D5926DC 5E83AF67 73A96652 9E0FF96D 9697377B 0375CC01 31A8772C  
88.
  DEEB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603  
89.
  551D2304 18301680 14213091 1216EDC8 9ABD3EA6 54940336 AFB56F50 1C301D06  
90.
  03551D0E 04160414 21309112 16EDC89A BD3EA654 940336AF B56F501C 300D0609  
91.
  2A864886 F70D0101 05050003 8181003B 218A47AF CD1DBF81 05E5DA54 533EE732  
92.
  1AB7A313 7270C170 71CD5B76 C2520203 5C5A1219 557F6C11 2FB5AB15 C3235F78  
93.
  DB333C1F 9E4DC3E1 54EDA106 158A9C7C 59FFCAC2 2E20AC86 B757F5E9 747C9774  
94.
  EE2638A6 9BFE9FAD 18E89781 A7375509 19D6B70D 43CEDB96 7F009EC2 F43E5336  
95.
  7514E3DB B59FC4A6 C7D23086 250070 
96.
  	quit 
97.
license udi pid CISCO1941/K9 sn XXXXXXXXXXXXXXXXX 
98.
license boot module c1900 technology-package securityk9 
99.
license boot module c1900 technology-package datak9 
100.
101.
102.
username vpnuser01 password 0 XXXXXXXXXXXXXXXXX 
103.
104.
redundancy 
105.
106.
107.
108.
109.
110.
class-map match-any SOCIAL_NET 
111.
 match protocol http host "www.facebook.com" 
112.
 match protocol http host "www.aol.de" 
113.
114.
115.
policy-map DROP_SOCIAL_NET 
116.
 class SOCIAL_NET 
117.
  drop 
118.
119.
!  
120.
121.
122.
123.
124.
125.
126.
interface Embedded-Service-Engine0/0 
127.
 no ip address 
128.
 shutdown 
129.
130.
interface GigabitEthernet0/0 
131.
 description Lokales Ethernet LAN $ES_LAN$ 
132.
 ip address 10.48.53.1 255.255.255.0 
133.
 ip nat inside 
134.
 ip virtual-reassembly in 
135.
 duplex auto 
136.
 speed auto 
137.
 no mop enabled 
138.
139.
interface GigabitEthernet0/1 
140.
 description Internet Verbindung Kabel TV  
141.
 ip address dhcp client-id GigabitEthernet0/1 hostname XXXXXXXXXXXXXXXXX 
142.
 ip nat outside 
143.
 ip inspect meinefw out 
144.
 ip virtual-reassembly in 
145.
 duplex auto 
146.
 speed auto 
147.
 no cdp enable 
148.
 service-policy output DROP_SOCIAL_NET 
149.
150.
interface FastEthernet0/0/0 
151.
 no ip address 
152.
 shutdown 
153.
 duplex auto 
154.
 speed auto 
155.
156.
interface Virtual-Template1 
157.
 ip unnumbered GigabitEthernet0/0 
158.
 peer default ip address pool pptp-Pool 
159.
 no keepalive 
160.
 ppp encrypt mppe 128 
161.
 ppp authentication ms-chap ms-chap-v2 
162.
163.
ip local pool pptp-Pool 10.18.0.10 10.18.0.40 
164.
ip forward-protocol nd 
165.
166.
ip http server 
167.
ip http secure-server 
168.
169.
ip nat inside source list 1 interface GigabitEthernet0/1 overload 
170.
ip route 0.0.0.0 0.0.0.0 dhcp 
171.
172.
173.
access-list 1 permit 10.48.53.0 0.0.0.255 
174.
access-list 1 permit 10.48.50.0 0.0.0.255 
175.
176.
177.
178.
179.
180.
snmp-server community read_me RO 
181.
snmp-server community write_me RW 
182.
183.
control-plane 
184.
185.
186.
187.
line con 0 
188.
line aux 0 
189.
line 2 
190.
 no activation-character 
191.
 no exec 
192.
 transport preferred none 
193.
 transport input all 
194.
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh 
195.
 stopbits 1 
196.
line vty 0 4 
197.
 password XXXXXXXXXXXXXXXXX 
198.
 login 
199.
 transport input all 
200.
201.
scheduler allocate 20000 1000 
202.
end
Version:

01.
sh ver 
02.
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1) 
03.
Technical Support: http://www.cisco.com/techsupport 
04.
Copyright (c) 1986-2012 by Cisco Systems, Inc. 
05.
Compiled Tue 20-Mar-12 17:58 by prod_rel_team 
06.
 
07.
ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1) 
08.
 
09.
XXXXXXXXXXXXXXXXX uptime is 3 hours, 31 minutes 
10.
System returned to ROM by power-on 
11.
System restarted at 18:59:55 CET Wed Dec 26 2012 
12.
System image file is "flash0:c1900-universalk9-mz.SPA.151-4.M4.bin" 
13.
Last reload type: Normal Reload 
14.
 
15.
 
16.
This product contains cryptographic features and is subject to United 
17.
States and local country laws governing import, export, transfer and 
18.
use. Delivery of Cisco cryptographic products does not imply 
19.
third-party authority to import, export, distribute or use encryption. 
20.
Importers, exporters, distributors and users are responsible for 
21.
compliance with U.S. and local country laws. By using this product you 
22.
agree to comply with applicable laws and regulations. If you are unable 
23.
to comply with U.S. and local laws, return this product immediately. 
24.
 
25.
A summary of U.S. laws governing Cisco cryptographic products may be found at: 
26.
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html 
27.
 
28.
If you require further assistance please contact us by sending email to 
29.
export@cisco.com. 
30.
 
31.
Cisco CISCO1941/K9 (revision 1.0) with 446464K/77824K bytes of memory. 
32.
Processor board ID XXXXXXXXXXXXXXXXX 
33.
1 FastEthernet interface 
34.
2 Gigabit Ethernet interfaces 
35.
1 terminal line 
36.
1 Virtual Private Network (VPN) Module 
37.
DRAM configuration is 64 bits wide with parity disabled. 
38.
255K bytes of non-volatile configuration memory. 
39.
250880K bytes of ATA System CompactFlash 0 (Read/Write) 
40.
 
41.
 
42.
License Info: 
43.
 
44.
License UDI: 
45.
 
46.
------------------------------------------------- 
47.
Device#   PID                   SN 
48.
------------------------------------------------- 
49.
*0        CISCO1941/K9          XXXXXXXXXXXXXXXXX 
50.
 
51.
 
52.
 
53.
Technology Package License Information for Module:'c1900' 
54.
 
55.
----------------------------------------------------------------- 
56.
Technology    Technology-package           Technology-package 
57.
              Current       Type           Next reboot 
58.
------------------------------------------------------------------ 
59.
ipbase        ipbasek9      Permanent      ipbasek9 
60.
security      securityk9    RightToUse     securityk9 
61.
data          datak9        RightToUse     datak9
AnyConnect Windows

[26.12.2012 20:31:09] Ready to connect.
[26.12.2012 21:45:53] Contacting 10.48.50.157.
[26.12.2012 21:45:59] Connection attempt has failed.
[26.12.2012 21:46:08] Contacting 10.48.50.157.
[26.12.2012 21:46:48] Connection attempt has failed.
[26.12.2012 21:47:19] Contacting 10.48.53.1.
[26.12.2012 21:47:23] Connection attempt has failed.
[26.12.2012 21:48:06] Contacting 10.48.50.157.
[26.12.2012 21:48:19] Connection attempt has failed.
[26.12.2012 21:48:53] Contacting 10.48.50.157.
[26.12.2012 21:48:57] Connection attempt has failed.


Danke für eure Hilfe.

Mitglied: mayjalin
21.01.2013 um 20:20 Uhr
Hallo,

hier ist eine Konfiguration eines Routers, der IPSec zu einem iPhone schaft. Das iPhone wird in diesem Beispiel mit einem DynDNS Namen konfiguriert, der mit einem DynDNS Client auf einem Client im LAN aktuallisiert wird.



aaa new-model
!
aaa authentication enable default group tacacs+ enable
aaa authorization network CRYPTO_ISAKMP_CLIENT local
!
username {MyUsername} secret {MySecret}
!
crypto logging session
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90
!
crypto isakmp client configuration group CRYPTO_ISAKMP_CLIENT
key {MyVpnKey}
dns {MyInternalDNS}
domain {MyInternalDomainName}
pool VPN-POOL
save-password
!
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-TRANSFORMSET esp-aes 256 esp-sha-hmac
!
crypto dynamic-map CRYPTO_ISAKMP_CLIENT 1
set transform-set VPN-TRANSFORMSET
reverse-route
!
crypto map STATIC_CRYPTO_MAP local-address Dialer0
crypto map STATIC_CRYPTO_MAP client authentication list CRYPTO_ISAKMP_CLIENT
crypto map STATIC_CRYPTO_MAP isakmp authorization list CRYPTO_ISAKMP_CLIENT
crypto map STATIC_CRYPTO_MAP client configuration address respond
crypto map STATIC_CRYPTO_MAP 1 ipsec-isakmp dynamic CRYPTO_ISAKMP_CLIENT
!
interface Vlan{MyVlanId}
ip address {MyInternalIpAddress} {MyInternalSubnetmask}
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description "-> WAN"
ip access-group 101 in
ip address negotiated1
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname {MyProviderUsername}
ppp chap password {MyProviderPassowrd}
crypto map STATIC_CRYPTO_MAP
!
ip local pool VPN-POOL 10.0.0.250 10.0.0.254
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit {MyInternalNetwork} {MyInternalWildCard}
access-list 101 remark ---> Internet LAN
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq non500-isakmp
access-list 101 deny icmp any any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
!
dialer-list 1 protocol ip permit
Bitte warten ..
Neuester Wissensbeitrag
Windows 10

Powershell 5 BSOD

(1)

Tipp von agowa338 zum Thema Windows 10 ...

Ähnliche Inhalte
Windows Netzwerk
PPTP-VPN Abbruch nach 20 Sekunden (13)

Frage von Otomombe zum Thema Windows Netzwerk ...

Firewall
gelöst Site-to-Site-VPN und Cisco VPN-Client von gleicher IP (2)

Frage von TripleDouble zum Thema Firewall ...

Heiß diskutierte Inhalte
LAN, WAN, Wireless
gelöst Server erkennt Client nicht wenn er ausserhalb des DHCP Pools liegt (28)

Frage von Mar-west zum Thema LAN, WAN, Wireless ...

Outlook & Mail
Outlook 2010 findet ost datei nicht (18)

Frage von Floh21 zum Thema Outlook & Mail ...

Windows Server
Server 2008R2 startet nicht mehr (Bad Patch 0xa) (18)

Frage von Haures zum Thema Windows Server ...