forum.opennet.ru

Составление сообщения

Исходное сообщение

"VPN на cisco 1721 не пингуется LAN"
Отправлено dpvvdt, 24-Май-10 23:00

настроил route-map - в дебаге ната вижу что пакеты для ВПН туда больше не ходят но при этом
симптомы те же ничего не пингуется.

!
! Last configuration change at 21:10:23 MSK Mon May 24 2010 by dpvvdt
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname home
!
boot-start-marker
boot-end-marker
!
logging buffered 32768 informational
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
aaa authorization network default local
!
!
aaa session-id common
clock timezone MSK 3
clock summer-time MSK recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
no ip subnet-zero
no ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.77 192.168.0.254
!
ip dhcp pool localnet
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 213.140.228.252 64.102.255.44
!
!
no ip bootp server
ip domain name home
ip name-server 213.140.228.252
ip name-server 64.102.255.44
ip multicast-routing
ip inspect name Inspect icmp
ip inspect name Inspect tcp
ip inspect name Inspect udp
ip inspect name Inspect dns
ip inspect name Inspect ssh
ip inspect name Inspect ntp
ip inspect name Inspect http
ip inspect name Inspect https
ip inspect name Inspect smtp
ip inspect name Inspect pop3
ip ddns update method DynDNS
HTTP
  add http://******:******@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
  remove http://******:******@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 28 0 0 0
interval minimum 28 0 0 0
!
!
multilink bundle-name authenticated
vpdn enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username ****** privilege 15 secret 5 ******************************
username ****** privilege 0 secret 5 ******************************!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration address-pool local vpnpool
crypto isakmp xauth timeout 60
!
crypto isakmp client configuration group iphone
key ***************
dns 213.140.228.252
pool vpnpool
acl 110
include-local-lan
!
!
crypto ipsec transform-set iphonetrans esp-3des esp-sha-hmac
!
crypto dynamic-map iphonedynmap 10
set transform-set iphonetrans
reverse-route
!
!
crypto map VPN client authentication list default
crypto map VPN isakmp authorization list default
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic iphonedynmap
!
archive
log config
  hidekeys
!
!
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/35
  pppoe-client dial-pool-number 1
!
!
interface ATM0.2 point-to-point
pvc 0/91
  encapsulation aal5snap
!
!
interface FastEthernet0
no ip address
shutdown
speed auto
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip pim dense-mode
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1400
!
interface Dialer1
mtu 1492
ip ddns update hostname ********************
ip ddns update DynDNS
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim dense-mode
ip nat outside
ip inspect Inspect in
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname **********
ppp chap password 7 ******************
ppp pap sent-username ********** password 7 ******************
crypto map VPN
!
ip local pool vpnpool 172.16.1.1 172.16.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map nonat interface Dialer1 overload
!
access-list 1 permit ip 192.168.0.0 0.0.0.255 any
access-list 1 deny any
access-list 100 deny   tcp any any eq 22 log
access-list 100 permit tcp any any
access-list 100 permit udp any any
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list 100 deny   ip any any log
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
access-list 122 deny   ip 192.168.0.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 122 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
!
!
!
route-map nonat permit 10
match ip address 122
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner login

!
line con 0
speed 115200
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
ntp clock-period 17180273
ntp server 194.149.67.130
ntp server 193.233.9.7
end

Исходное сообщение
"VPN на cisco 1721 не пингуется LAN" Отправлено dpvvdt, 24-Май-10 23:00
настроил route-map - в дебаге ната вижу что пакеты для ВПН туда больше не ходят но при этом симптомы те же ничего не пингуется. ! ! Last configuration change at 21:10:23 MSK Mon May 24 2010 by dpvvdt ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service sequence-numbers ! hostname home ! boot-start-marker boot-end-marker ! logging buffered 32768 informational ! aaa new-model ! ! aaa authentication login default local aaa authorization console aaa authorization exec default local aaa authorization network default local ! ! aaa session-id common clock timezone MSK 3 clock summer-time MSK recurring last Sun Mar 2:00 last Sun Oct 3:00 ! ! no ip subnet-zero no ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.0.1 ip dhcp excluded-address 192.168.0.77 192.168.0.254 ! ip dhcp pool localnet network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 dns-server 213.140.228.252 64.102.255.44 ! ! no ip bootp server ip domain name home ip name-server 213.140.228.252 ip name-server 64.102.255.44 ip multicast-routing ip inspect name Inspect icmp ip inspect name Inspect tcp ip inspect name Inspect udp ip inspect name Inspect dns ip inspect name Inspect ssh ip inspect name Inspect ntp ip inspect name Inspect http ip inspect name Inspect https ip inspect name Inspect smtp ip inspect name Inspect pop3 ip ddns update method DynDNS HTTP add http://****:**@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a> remove http://**:**@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a> interval maximum 28 0 0 0 interval minimum 28 0 0 0 ! ! multilink bundle-name authenticated vpdn enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username ** privilege 15 secret 5 ************************** username ** privilege 0 secret 5 **************************! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp client configuration address-pool local vpnpool crypto isakmp xauth timeout 60 ! crypto isakmp client configuration group iphone key *********** dns 213.140.228.252 pool vpnpool acl 110 include-local-lan ! ! crypto ipsec transform-set iphonetrans esp-3des esp-sha-hmac ! crypto dynamic-map iphonedynmap 10 set transform-set iphonetrans reverse-route ! ! crypto map VPN client authentication list default crypto map VPN isakmp authorization list default crypto map VPN client configuration address respond crypto map VPN 65535 ipsec-isakmp dynamic iphonedynmap ! archive log config hidekeys ! ! ip ssh authentication-retries 2 ip ssh version 2 ! ! ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface ATM0.2 point-to-point pvc 0/91 encapsulation aal5snap ! ! interface FastEthernet0 no ip address shutdown speed auto ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface Vlan1 ip address 192.168.0.1 255.255.255.0 ip pim dense-mode ip nat inside ip virtual-reassembly ip tcp adjust-mss 1400 ! interface Dialer1 mtu 1492 ip ddns update hostname **************** ip ddns update DynDNS ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip pim dense-mode ip nat outside ip inspect Inspect in ip virtual-reassembly encapsulation ppp dialer pool 1 ppp chap hostname ****** ppp chap password 7 ************** ppp pap sent-username ****** password 7 **************** crypto map VPN ! ip local pool vpnpool 172.16.1.1 172.16.1.254 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer1 ! ! no ip http server no ip http secure-server ip nat inside source route-map nonat interface Dialer1 overload ! access-list 1 permit ip 192.168.0.0 0.0.0.255 any access-list 1 deny any access-list 100 deny tcp any any eq 22 log access-list 100 permit tcp any any access-list 100 permit udp any any access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable access-list 100 deny ip any any log access-list 110 permit ip 192.168.0.0 0.0.0.255 any access-list 122 deny ip 192.168.0.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 122 permit ip 192.168.0.0 0.0.0.255 any no cdp run ! ! ! route-map nonat permit 10 match ip address 122 ! ! ! control-plane ! ! ! ! ! ! ! ! banner login ! line con 0 speed 115200 line aux 0 line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! ntp clock-period 17180273 ntp server 194.149.67.130 ntp server 193.233.9.7 end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру