snoochiboochi
12:57 03-05-2012 доступ через Cisco VPN Client
Для того чтобы не потерять доступ с удаленного компа к интернету, при подключении через VPN, нужно в настройках cisco прописать ACL к каким хостам/сетям необходим доступ из впновского пула.
н.р.
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 40 5
crypto isakmp nat keepalive 20

crypto isakmp client configuration group cisco
key testcisco12341234
pool test
netmask 255.255.255.0
acl 101

crypto isakmp profile VPNclient
match identity group cisco
client authentication list userauthen
isakmp authorization list groupauthor
client configuration address respond
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto ipsec profile greprotect
!
!
crypto dynamic-map dynmap 5
set transform-set myset
set isakmp-profile VPNclient
reverse-route
crypto dynamic-map dynmap 10
set transform-set myset
set isakmp-profile VPNclient
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
crypto map test 20 ipsec-isakmp dynamic dynmap
!
!
!
interface Loopback10
ip address 10.10.10.1 255.255.255.0

interface FastEthernet4
description TO INTERNET
ip nat outside
crypto map test

interface Vlan1
description LAN
ip address 192.168.102.1 255.255.255.248
ip nat inside
ip virtual-reassembly


ip local pool test 10.1.1.1 10.1.1.253

access-list 101 permit ip 192.168.102.0 0.0.0.7 10.1.1.0 0.0.0.255