DrMdK
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
Подскажите пожалуйста почему команда show crypto isakmp sa может неправильно выводить адреса dst и src? Т.е. они перепутаны местами... Причём я уже настроил не один ВПН тунель а с одним провайдером у меня происходит так причём на одной прописываю заного криптомапы на другой они переворачиваются. Тунель устанавливается...
Конфигурация одной если надо выложу другой...
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname 2123
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable password 7 4656546
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.99.1 192.168.99.20
!
ip dhcp pool DHCP_POOL
network 192.168.99.0 255.255.255.0
domain-name msk.core.future.ru
dns-server 192.168.81.8
default-router 192.168.99.1
!
!
ip domain name msk.core.future.ru
ip name-server 8.8.8.8
ip ssh version 2
vpdn enable
!
!
!
!
crypto pki trustpoint TP-self-signed-3446913211
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3446913211
revocation-check none
rsakeypair TP-self-signed-3446913211
!
!
username rootc privilege 0 secret 5 545654
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 192.168.50.1
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set VPNTS esp-3des esp-sha-hmac
mode transport
crypto ipsec df-bit clear
!
crypto map fck1 1 ipsec-isakmp
set peer 192.168.50.1
set transform-set VPNTS
match address 115
!
!
!
interface Tunnel1
description Tunnel to Center Office-st
ip address 172.21.0.2 255.255.255.252
no ip redirects
no ip proxy-arp
ip mtu 1400
ip route-cache flow
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel destination 192.168.50.1
crypto map fck1
!
interface FastEthernet0/0
description Tunnel to Center Office-Stable
ip address 192.168.80.2 255.255.255.0
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map fck1
!
!
interface FastEthernet0/0/0
switchport access vlan 10
!
interface FastEthernet0/0/1
switchport access vlan 20
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.99.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan20
ip address 192.168.0.239 255.255.255.0
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
ppp authentication chap callin
ppp chap hostname 9015983160@leased.msk.skylink.ru
ppp chap password 7 13161C0B07050A21
crypto map fck1
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.80.1
ip route 192.168.80.0 255.255.255.0 172.21.0.1
ip route 192.168.81.0 255.255.255.0 172.21.0.1
!
no ip http server
no ip http secure-server
ip nat inside source route-map ISP1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.99.21
access-list 115 permit gre host 192.168.80.2 host 192.168.50.1
access-list 135 permit tcp host 192.168.99.21 any eq www
access-list 135 permit tcp host 192.168.99.21 any eq 443
access-list 135 permit tcp host 192.168.99.21 any eq domain
access-list 135 permit udp host 192.168.99.21 any eq domain
access-list 135 deny tcp any any
dialer-list 1 protocol ip permit
route-map ISP1 permit 10
match ip address 135
match interface FastEthernet0/0
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 0
login local
transport input ssh
line vty 5 15
privilege level 15
login local
transport input ssh
!
end
|
Всего записей: 5 | Зарегистр. 02-02-2010 | Отправлено: 16:44 25-09-2012 | Исправлено: DrMdK, 16:46 25-09-2012 |
|
