Buenas, tengo un router cisco 827 h en el que tengo configuradas unas vpn.
La cuestion es que si habilito el ip nat outside en el interface atm0.1, puedo navegar pero no tengo vpn y si lo desactivo no navego pero si tengo vpns.
Os posteo mi configuracion a ver si encontrais algo sospechoso.
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa session-id common
ip subnet-zero
!
!
ip domain name serced.net
ip name-server 192.168.156.11
ip inspect name myfw smtp
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name myfw realaudio
ip inspect name myfw ftp
ip inspect name myfw http
ip inspect name myfw rcmd
ip inspect name myfw tftp
ip inspect name myfw vdolive
ip inspect name myfw cuseeme
ip inspect name myfw sqlnet
ip ssh time-out 60
!
!
username root privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxx
!
!
!
crypto isakmp policy 20
encr 3des
authentication pre-share
lifetime 28800
crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxx address xxxxxxxxxxxxxxxxxxxxxxx
crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxx address xxxxxxxxxxxxxxxxxxxxxxx
crypto isakmp key xxxxxxxxxxxxxxxxxxxxxxx address xxxxxxxxxxxxxxxxxxxxxxx
!
!
crypto ipsec transform-set vpnremoto1 esp-3des esp-sha-hmac
!
crypto map cmap-dele 101 ipsec-isakmp
set peer xxxxxxxxxxxxxxxxxxxxxxx
set transform-set vpnremoto1
match address 110
crypto map cmap-dele 102 ipsec-isakmp
set peer xxxxxxxxxxxxxxxxxxxxxxx
set transform-set vpnremoto1
match address 111
crypto map cmap-dele 103 ipsec-isakmp
set peer xxxxxxxxxxxxxxxxxxxxxxx
set transform-set vpnremoto1
match address 112
!
!
!
interface Tunnel0
no ip address
!
interface Ethernet0
ip address 192.168.155.254 255.255.255.0
ip nat inside
ip inspect myfw in
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address xxxxxxxxxxxxxxxxxxxxxxx
ip virtual-reassembly
crypto map cmap-dele
pvc 8/32
encapsulation aal5snap
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1 permanent
no ip http server
no ip http secure-server
ip dns server
ip nat inside source route-map nonat interface ATM0.1 overload
!
!
access-list 1 permit xxxxxxxxxxxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxxxxxxxxxxx
access-list 1 permit xxxxxxxxxxxxxxxxxxxxxxx
access-list 1 permit 192.168.155.0 0.0.0.255
access-list 100 permit ip 192.168.155.0 0.0.0.255 any
access-list 100 deny ip 192.168.155.0 0.0.0.255 192.168.156.0 0.0.0.255
access-list 100 deny ip 192.168.155.0 0.0.0.255 192.168.157.0 0.0.0.255
access-list 100 deny ip 192.168.155.0 0.0.0.255 192.168.154.0 0.0.0.255
access-list 110 permit ip 192.168.155.0 0.0.0.255 192.168.156.0 0.0.0.255
access-list 111 permit ip 192.168.155.0 0.0.0.255 192.168.157.0 0.0.0.255
access-list 112 permit ip 192.168.155.0 0.0.0.255 192.168.154.0 0.0.0.255
!
route-map nonat permit 10
match ip address 100
!
!
control-plane
!
banner login c Prohibido cualquier ACCESO NO AUTORIZADO.Se notificara a las autoridades pertinentes.
!
line con 0
exec-timeout 120 0
password 7 xxxxxxxxxxxxxxxxxxxxxxx
login authentication local
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxxxxxxxxxx
login authentication local
transport input ssh
!
scheduler max-task-time 5000
end