Исходное сообщение
"851 не пингуется удаленная сеть через туннель" Отправлено Летчик, 07-Май-08 13:21
Виноват, конфиг офисной циски : ! version 12.4 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption no service dhcp ! hostname cis-877-kirova ! boot-start-marker boot-end-marker ! logging userinfo logging buffered 51200 debugging no logging console ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default local aaa authorization exec default local aaa authorization network default local ! aaa session-id common ! resource policy ! clock timezone PCTime 3 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool sdm-pool    import all    network 10.10.10.0 255.255.255.248    default-router 10.10.10.1    lease 0 2 ! ! ip domain name onego.local ip name-server 192.168.1.250 vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin   protocol pptp   virtual-template 1 ! ! ! bridge irb ! ! ! interface Tunnel8 description to_parfenova ip address 172.22.8.1 255.255.255.0 ip mtu 1428 ip tcp adjust-mss 1390 ip ospf mtu-ignore tunnel source Vlan3 tunnel destination 172.16.51.68 tunnel path-mtu-discovery ! interface Tunnel4 description to_sampo90 ip address 172.22.10.254 255.255.255.0 ip mtu 1452 ip tcp adjust-mss 1390 tunnel source Vlan3 tunnel destination 217.77.49.177 tunnel path-mtu-discovery ! interface Tunnel3 description to_baza_nordlink bandwidth 4000 ip address 192.168.203.1 255.255.255.0 ip mtu 1428 ip tcp adjust-mss 1412 tunnel source BVI1 tunnel destination 172.16.179.241 tunnel path-mtu-discovery ! interface Tunnel0 description to_baza_spline bandwidth 10000 ip address 192.168.200.1 255.255.255.0 ip directed-broadcast ip mtu 1452 ip tcp adjust-mss 1428 delay 500 tunnel source BVI2 tunnel destination 10.1.112.10 tunnel path-mtu-discovery ! interface Tunnel7 ip address 172.22.3.1 255.255.255.0 tunnel source BVI1 tunnel destination 172.16.195.146 tunnel path-mtu-discovery ! interface Tunnel17 description to_admin ip address 172.22.9.1 255.255.255.0 ip mtu 1412 ip tcp adjust-mss 1396 ip ospf mtu-ignore tunnel source Vlan3 tunnel destination 10.10.104.43 tunnel path-mtu-discovery ! interface Tunnel202 bandwidth 100000 ip address 192.168.202.1 255.255.255.0 delay 100 tunnel source Vlan3 tunnel destination 10.10.192.134 tunnel path-mtu-discovery ! interface Tunnel22 ip address 172.22.22.1 255.255.255.0 tunnel source Vlan3 tunnel destination 172.16.129.192 tunnel path-mtu-discovery ! interface Loopback204 ip address 192.168.204.199 255.255.255.0 ! interface ATM0 mtu 1492 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto dsl enable-training-log ! interface ATM0.1 point-to-point logging event subif-link-status no snmp trap link-status pvc 0/33   encapsulation aal5snap ! bridge-group 1 ! interface FastEthernet0 ! interface FastEthernet1 shutdown ! interface FastEthernet2 description to_sampo switchport access vlan 3 ! interface FastEthernet3 description to_spline switchport access vlan 4 ! interface Virtual-Template1 ip unnumbered Loopback204 ip mtu 1452 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1428 ip mroute-cache autodetect encapsulation ppp peer default ip address pool pptp-1 ppp encrypt mppe auto ppp authentication chap ms-chap ms-chap-v2 callin ! interface Vlan1 description LAN$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 192.168.50.199 255.255.255.0 secondary ip address 192.168.1.199 255.255.255.0 ip access-group 102 in ip helper-address 192.168.0.254 ip helper-address 192.168.0.44 ip directed-broadcast ip mtu 1492 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1428 ! interface Vlan3 description Sampo.ru ip address 217.77.52.241 255.255.255.252 ip nat outside ip virtual-reassembly ! interface Vlan4 no ip address bridge-group 2 bridge-group 2 spanning-disabled ! interface BVI1 ip address 172.16.76.51 255.255.255.0 ip access-group 104 in ip mtu 1452 ip nat outside ip virtual-reassembly ip tcp adjust-mss 1412 ! interface BVI2 mac-address 000f.3d1b.87a4 ip address 10.1.140.5 255.255.255.0 ip access-group 100 in ip access-group 101 out ip mtu 1492 ip virtual-reassembly ! router eigrp 9999 traffic-share min across-interfaces redistribute rip route-map 50 passive-interface ATM0 passive-interface ATM0.1 passive-interface BVI1 passive-interface BVI2 passive-interface Vlan4 network 192.168.1.0 network 192.168.200.0 network 192.168.202.0 network 192.168.203.0 network 192.168.204.0 no auto-summary ! router rip version 2 redistribute eigrp 9999 passive-interface ATM0 passive-interface ATM0.1 passive-interface Vlan3 passive-interface BVI1 passive-interface BVI2 passive-interface Vlan4 network 172.22.0.0 network 192.168.1.0 network 192.168.50.0 network 192.168.200.0 network 192.168.201.0 network 192.168.202.0 network 192.168.204.0 neighbor 192.168.201.254 neighbor 192.168.200.254 neighbor 192.168.0.254 distribute-list 50 in no auto-summary ! ip local pool pptp-1 192.168.204.210 192.168.204.230 ip forward-protocol udp 3183 ip route 0.0.0.0 0.0.0.0 217.77.52.242 150 ip route 10.1.0.0 255.255.0.0 10.1.140.254 150 ip route 172.16.179.241 255.255.255.255 172.16.76.1 20 ip route 172.16.195.146 255.255.255.255 172.16.76.1 ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 170 interface Vlan3 overload ip nat inside source static tcp 192.168.1.1 3389 interface Vlan3 3389 ip nat inside source static tcp 192.168.1.1 80 interface Vlan3 80 ip nat inside source static tcp 192.168.1.1 110 interface Vlan3 110 ip nat inside source static tcp 192.168.1.1 25 interface Vlan3 25 ip nat inside source route-map nordlink-NAT interface BVI1 overload ip nat inside source route-map spline-NAT interface BVI2 overload ! logging trap debugging logging 192.168.1.1 access-list 15 remark nordlink-GW access-list 15 remark SDM_ACL Category=1 access-list 15 permit 172.16.76.1 access-list 16 remark Spline-GW access-list 16 remark SDM_ACL Category=1 access-list 16 permit 10.1.140.254 access-list 23 remark SDM_ACL Category=17 access-list 23 permit 172.21.0.25 access-list 23 permit 172.21.0.30 access-list 23 permit 192.168.0.0 0.0.255.255 access-list 23 permit 192.168.17.0 0.0.0.255 access-list 23 permit 172.22.3.0 0.0.0.255 access-list 23 permit 192.168.30.0 0.0.0.255 access-list 23 permit 192.168.32.0 0.0.0.255 access-list 50 remark SDM_ACL Category=1 access-list 50 deny   192.168.50.0 0.0.0.255 access-list 50 deny   192.168.51.0 0.0.0.255 access-list 50 permit 192.168.0.0 0.0.255.255 access-list 100 remark SDM_ACL Category=1 access-list 100 permit ip any any access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip any any access-list 102 remark Auto generated by SDM Management Access feature access-list 102 remark SDM_ACL Category=1 access-list 102 permit udp host 192.168.1.1 eq domain any access-list 102 permit ip any any access-list 103 remark SDM_ACL Category=1 access-list 103 permit udp any any eq 22 access-list 103 permit tcp any any eq 22 access-list 103 permit ip 192.168.0.0 0.0.255.255 any access-list 103 permit ip 192.168.17.0 0.0.0.255 any access-list 103 permit ip 172.22.3.0 0.0.0.255 any access-list 103 permit ip 192.168.30.0 0.0.0.255 any access-list 103 permit ip 172.21.0.0 0.0.0.255 any access-list 104 remark Auto generated by SDM Management Access feature access-list 104 remark SDM_ACL Category=1 access-list 104 permit ip any any access-list 150 remark over nordlink access-list 150 remark SDM_ACL Category=2 access-list 150 deny   tcp any any eq smtp log access-list 150 permit ip 192.168.1.0 0.0.0.255 any access-list 150 permit ip 192.168.39.0 0.0.0.255 any access-list 160 remark over spline access-list 160 remark SDM_ACL Category=2 access-list 160 permit icmp 192.168.1.0 0.0.0.255 any access-list 160 permit tcp host 192.168.1.1 any eq www access-list 160 permit tcp host 192.168.1.1 any eq 3128 access-list 160 permit tcp host 192.168.1.1 any eq 443 access-list 160 permit tcp host 192.168.1.1 any range 8000 8090 access-list 160 permit tcp host 192.168.1.1 any eq domain access-list 160 permit udp host 192.168.1.1 any eq domain access-list 160 permit udp host 192.168.1.1 any eq ntp access-list 160 permit tcp host 192.168.1.1 any eq ftp access-list 160 permit tcp host 192.168.1.1 any eq ftp-data access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq pop3 access-list 160 permit ip 192.168.39.0 0.0.0.255 any access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq smtp log access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq 5190 access-list 160 permit tcp 192.168.1.0 0.0.0.255 any eq 443 access-list 170 remark SDM_ACL Category=2 access-list 170 deny   ip host 217.77.52.241 any access-list 170 permit ip host 192.168.1.1 any access-list 170 permit ip host 192.168.1.250 any access-list 170 permit icmp 192.168.0.0 0.0.0.255 any access-list 170 permit icmp 192.168.200.0 0.0.0.255 any access-list 170 permit icmp 192.168.203.0 0.0.0.255 any access-list 170 deny   ip any any log snmp-server community public RO no cdp run ! ! ! route-map rip-map permit 10 match ip address permit 10 50 ! route-map nordlink-NAT permit 10 match ip address 150 match ip next-hop 15 ! route-map spline-NAT permit 10 match ip address 160 match ip next-hop 16 ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip bridge 2 route ip banner login Kirova router  ! line con 0 no modem enable line aux 0 line vty 0 4 access-class 103 in exec-timeout 30 0 privilege level 15 transport input telnet ssh ! scheduler max-task-time 5000 ! webvpn context Default_context ssl authenticate verify all ! no inservice ! end