Já resolvi este problema. Agora tenho mais uma duvida. Estou a tentar criar um servidor de certificados CA para a autenticação de vpn. Só que não estou a conseguir nada.
Current configuration : 6442 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
username luis privilege 15 password 0 samagaio
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa authorization network sdm_vpn_group_ml_3 local
aaa session-id common
ip subnet-zero
!
!
ip cef
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.22 192.168.1.254
!
ip dhcp pool redevpn
import all
network 192.168.1.0 255.255.255.0
domain-name ecsjustbit.pt
dns-server 192.168.30.3
default-router 192.168.1.1
!
!
ip domain name ecsjustbit.pt
ip name-server 192.168.30.1
ip ips po max-events 100
no ftp-server write-enable
!
crypto pki server srvvpn
database url flash:
issuer-name CN=srvvpn.justbit.pt, L=AVR, C=PT
lifetime ca-certificate 365
!
crypto pki trustpoint srvvpn
revocation-check crl
rsakeypair srvvpn
!
!
crypto pki certificate chain srvvpn
certificate ca 01
308201C2 3082016C A0030201 02020101 300D0609 2A864886 F70D0101 04050030
37310B30 09060355 04061302 5054310C 300A0603 55040713 03415652 311A3018
06035504 03131173 72767670 6E2E6A75 73746269 742E7074 301E170D 31323031
31333137 32393035 5A170D31 33303131 32313732 3930355A 3037310B 30090603
55040613 02505431 0C300A06 03550407 13034156 52311A30 18060355 04031311
73727676 706E2E6A 75737462 69742E70 74305C30 0D06092A 864886F7 0D010101
0500034B 00304802 4100A37C 64DF2A36 3E51A7D3 38A47353 F9E6013A 4B9EF00B
D09A903F AD6EA531 816EDD7A 626A85CA 5C689C8A E57FC6DF B0AD4400 77FF0687
DE906473 43105EE7 248F0203 010001A3 63306130 0F060355 1D130101 FF040530
030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304 18301680
14C48858 973BDD93 CDB06622 FC1C9650 BFD30A35 4C301D06 03551D0E 04160414
C4885897 3BDD93CD B06622FC 1C9650BF D30A354C 300D0609 2A864886 F70D0101
04050003 41002E41 7F0BE306 153B493C 5217DA60 5495C1A8 97742FCF 2AF6647D
1B899053 909F7C44 E3F2A301 DC5F8868 84AD8A0C 116D03D6 AD1A4550 EF80FDB9
09DCB407 444E
quit
!
!
!
crypto isakmp policy 1
encr 3des
group 2
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group vpn
dns 192.168.30.3
pool SDM_POOL_2
acl 102
include-local-lan
max-users 10
netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list default
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet1
switchport access vlan 2
no ip address
!
interface FastEthernet2
switchport access vlan 2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no ip address
!
interface FastEthernet4
switchport access vlan 2
no ip address
!
interface FastEthernet5
switchport access vlan 2
no ip address
!
interface FastEthernet6
no ip address
shutdown
!
interface FastEthernet7
no ip address
shutdown
!
interface FastEthernet8
switchport access vlan 10
no ip address
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan10
ip address 10.10.10.1 255.255.255.248
!
ip local pool SDM_POOL_1 10.20.30.40 10.20.30.50
ip local pool SDM_POOL_2 192.168.3.1 192.168.3.11
ip classless
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool poolnat 192.168.40.5 192.168.40.25 netmask 255.255.255.0
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
!
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.168.40.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=16
access-list 100 permit ip any 192.168.40.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.1
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.2
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.3
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.4
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.5
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.6
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.7
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.8
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.9
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.10
access-list 101 deny ip 192.168.1.0 0.0.0.255 host 192.168.3.11
access-list 101 deny ip any host 10.20.30.40
access-list 101 deny ip any host 10.20.30.41
access-list 101 deny ip any host 10.20.30.42
access-list 101 deny ip any host 10.20.30.43
access-list 101 deny ip any host 10.20.30.44
access-list 101 deny ip any host 10.20.30.45
access-list 101 deny ip any host 10.20.30.46
access-list 101 deny ip any host 10.20.30.47
access-list 101 deny ip any host 10.20.30.48
access-list 101 deny ip any host 10.20.30.49
access-list 101 deny ip any host 10.20.30.50
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
transport input telnet ssh
!
no scheduler allocate
ntp update-calendar
ntp server 192.168.30.10 source FastEthernet0
end