forum.opennet.ru

Составление сообщения

Исходное сообщение

"cisco 1841: не могу настроить gre+ipsec туннель"
Отправлено demchenko, 30-Июн-10 14:54

>jasno. izvinjajus kanechno, no kak vi pingujete tunnel ip? prosto ping tunnel_ip?
>
>na ciske v pitere: ping 192.168.3.2 so 192.168.3.1 si 1300 re 100
>
>ili na ciske v moskve: ping 192.168.3.1 so 192.168.3.2 si 1300 re
>100
>
именно так (только без re 100).
если убрать "tunnel protection ipsec", т.е. оставить только gre туннель - сразу же этими же коммандами начинают пинговаться оба конца туннеля.

#ping 192.168.3.2 so 192.168.3.1 si 1300
Type escape sequence to abort.
Sending 5, 1300-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
.....
Success rate is 0 percent (0/5)
ipgate#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ipgate(config)#int tunnel1
ipgate(config-if)#no tunnel protection ipsec profile myprofile
ipgate(config-if)#^Z
ipgate#ping 192.168.3.2 so 192.168.3.1 si 1300
Type escape sequence to abort.
Sending 5, 1300-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms
ipgate#traceroute 192.168.3.2
Type escape sequence to abort.
Tracing the route to 192.168.3.2
  1 192.168.3.2 72 msec *  52 msec
>krome etogo necego strannogo ne vizhu. mozhno posmatret dalshe no bez full
>config ne obaitis. (jasno bez passwords :) ).
выкладываю полный конфиг, убраны только параметры про пользователей и доступ к консоли.
msk:

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
no aaa new-model
dot11 syslog
ip source-route
!
!
ip cef
ip domain name yourdomain.com
!
multilink bundle-name authenticated
!
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key vpn address 213.182.181.66 no-xauth
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile myprofile
set transform-set vpn1
!
interface Tunnel1
ip address 192.168.3.2 255.255.255.252
ip mtu 1420
tunnel source 212.45.2.67
tunnel destination 213.182.181.66
tunnel protection ipsec profile myprofile
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 192.168.2.100 255.255.255.0
ip tcp adjust-mss 1380
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/0
switchport access vlan 2
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
ip virtual-reassembly
!
interface Vlan2
ip address 212.45.2.67 255.255.255.248
ip virtual-reassembly
!
interface Vlan3
no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 212.45.2.65
ip route 10.0.0.0 255.0.0.0 Tunnel1
ip route 192.168.1.0 255.255.255.0 Tunnel1
ip route 192.168.2.0 255.255.255.0 FastEthernet0/0
ip route 192.168.3.0 255.255.255.252 Tunnel1
!
!

piter (эта циска уже "боевая", маршрутизацию и нат настраивал не я):

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ipgate
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
no logging monitor
!
aaa new-model
!
!
aaa authentication login rtr-remote local
aaa authorization network rtr-remote local
!
!
aaa session-id common
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip name-server 10.0.0.1
ip address-pool local
!
multilink bundle-name authenticated
!
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key vpn address 212.45.2.67 no-xauth
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile C
set transform-set vpn1
!
!
!
class-map match-all BOSS
match access-group 100
!
!
policy-map QOS-PITER
class BOSS
    shape average 4194304
    bandwidth percent 50
class class-default
    shape average 3000000
    fair-queue
!
!
!
!
interface Tunnel1
ip address 192.168.3.1 255.255.255.252
ip mtu 1420
tunnel source 213.182.181.66
tunnel destination 212.45.2.67
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
bandwidth 4096
ip address 192.168.1.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1380
ip policy route-map C-OUT
duplex auto
speed auto
no cdp enable
service-policy output QOS-PITER
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0/0
switchport access vlan 2
!
interface FastEthernet0/0/1
switchport access vlan 3
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 217.170.93.154 255.255.255.248 secondary
ip address 217.170.93.18 255.255.255.252
ip nat outside
ip virtual-reassembly
!
interface Vlan3
ip address 212.119.170.2 255.255.255.240 secondary
ip address 213.182.181.66 255.255.255.240
ip nat outside
ip virtual-reassembly
!
ip local policy route-map M-OUT
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 217.170.93.17
ip route 10.0.0.0 255.0.0.0 192.168.1.3
ip route 10.0.0.1 255.255.255.255 192.168.1.2
ip route 10.0.0.232 255.255.255.255 192.168.1.2
ip route 10.0.1.43 255.255.255.255 192.168.1.2
ip route 10.0.1.44 255.255.255.255 192.168.1.2
ip route 10.0.1.64 255.255.255.255 192.168.1.2
ip route 10.0.1.65 255.255.255.255 192.168.1.2
ip route 10.0.1.66 255.255.255.255 192.168.1.2
ip route 10.0.1.67 255.255.255.255 192.168.1.2
ip route 10.0.1.75 255.255.255.255 192.168.1.2
ip route 10.0.1.103 255.255.255.255 192.168.1.2
ip route 10.0.1.105 255.255.255.255 192.168.1.2
ip route 10.0.1.106 255.255.255.255 192.168.1.2
ip route 10.0.1.107 255.255.255.255 192.168.1.2
ip route 10.0.1.108 255.255.255.255 192.168.1.2
ip route 10.0.1.114 255.255.255.255 192.168.1.2
ip route 10.0.1.181 255.255.255.255 192.168.1.2
ip route 10.0.1.182 255.255.255.255 192.168.1.2
ip route 10.0.1.183 255.255.255.255 192.168.1.2
ip route 10.0.1.201 255.255.255.255 192.168.1.2
ip route 10.0.1.208 255.255.255.255 192.168.1.2
ip route 10.0.2.1 255.255.255.255 192.168.1.2
ip route 10.0.3.1 255.255.255.255 192.168.1.2
ip route 10.0.4.23 255.255.255.255 192.168.1.2
ip route 10.0.10.20 255.255.255.255 192.168.1.2
ip route 10.0.10.30 255.255.255.255 192.168.1.2
ip route 10.0.11.0 255.255.255.0 192.168.1.2
ip route 94.230.0.254 255.255.255.255 212.119.170.1
ip route 192.168.2.0 255.255.255.0 Tunnel1
!
ip nat inside source list 5 interface Vlan2 overload
ip nat inside source list 7 interface Vlan2 overload
ip nat inside source list 8 interface Vlan3 overload
ip nat inside source list 10 interface Vlan2 overload
ip nat inside source list 11 interface Vlan3 overload
ip nat inside source list 12 interface Vlan2 overload
ip nat inside source list 13 interface Vlan3 overload
ip nat inside source list 14 interface Vlan2 overload
ip nat inside source list 15 interface Vlan3 overload
ip nat inside source list 16 interface Vlan3 overload
ip nat inside source list 17 interface Vlan3 overload
ip nat inside source list 18 interface Vlan3 overload
ip nat inside source list 40 interface Vlan2 overload
ip nat inside source static 10.0.1.44 212.119.170.3
ip nat inside source static 10.0.1.22 212.119.170.4
ip nat inside source static 10.0.3.146 212.119.170.5
ip nat inside source static 10.0.1.126 212.119.170.6
ip nat inside source static 192.168.1.4 212.119.170.7
ip nat inside source static tcp 10.0.7.32 80 212.119.170.8 80 extendable
ip nat inside source static 10.0.3.147 212.119.170.9
ip nat inside source static 10.0.7.33 212.119.170.10
ip nat inside source static tcp 10.0.1.44 22 212.119.170.12 22 extendable
ip nat inside source static tcp 10.0.7.40 1090 212.119.170.12 1090 extendable
ip nat inside source static tcp 10.0.7.40 1199 212.119.170.12 1199 extendable
ip nat inside source static tcp 10.0.7.40 8083 212.119.170.12 8083 extendable
ip nat inside source static tcp 10.0.7.41 9874 212.119.170.12 9874 extendable
ip nat inside source static tcp 10.0.7.191 9940 212.119.170.12 9940 extendable
ip nat inside source static tcp 10.0.1.44 10022 212.119.170.12 10022 extendable
ip nat inside source static tcp 10.0.1.44 10023 212.119.170.12 10023 extendable
ip nat inside source static tcp 10.0.170.12 80 212.119.170.12 10080 extendable
ip nat inside source static tcp 10.0.7.41 443 212.119.170.12 10443 extendable
ip nat inside source static tcp 10.0.7.40 44499 212.119.170.12 11199 extendable
ip nat inside source static tcp 10.0.1.240 22 212.119.170.14 22 extendable
ip nat inside source static 10.0.3.3 213.182.181.68
ip nat inside source static 10.0.3.1 213.182.181.70
ip nat inside source static tcp 10.0.8.2 25 213.182.181.72 25 extendable
ip nat inside source static tcp 10.0.8.1 143 213.182.181.72 143 extendable
ip nat inside source static tcp 10.0.8.1 443 213.182.181.72 443 extendable
ip nat inside source static 10.0.1.105 213.182.181.73
ip nat inside source static 10.0.170.9 213.182.181.74
ip nat inside source static 10.0.0.4 217.170.93.155
ip nat inside source static 192.168.1.3 217.170.93.156
ip nat inside source static tcp 10.0.2.1 25 217.170.93.157 25 extendable
!
access-list 2 permit 10.0.7.10
access-list 2 permit 10.0.1.103
access-list 2 permit 10.0.1.114
access-list 5 permit 192.168.1.1
access-list 5 permit 192.168.1.2
access-list 5 permit 10.0.0.0 0.0.0.255
access-list 7 permit 192.168.1.3
access-list 10 permit 10.0.10.20
access-list 10 permit 10.0.10.30
access-list 11 permit 10.0.1.0 0.0.0.255
access-list 11 permit 10.0.11.0 0.0.0.255
access-list 12 permit 10.0.2.0 0.0.0.255
access-list 13 permit 10.0.3.0 0.0.0.255
access-list 14 permit 10.0.4.0 0.0.0.255
access-list 15 permit 10.0.5.0 0.0.0.255
access-list 16 permit 10.0.8.0 0.0.0.255
access-list 17 permit 10.0.170.0 0.0.0.255
access-list 18 permit 10.0.7.0 0.0.0.255
access-list 23 permit 10.0.0.0 0.255.255.255
access-list 40 permit 10.0.140.0 0.0.0.255
access-list 66 permit 213.182.181.66
access-list 90 permit 10.0.7.11
access-list 90 permit 10.0.7.10
access-list 90 permit 10.0.3.1
access-list 90 permit 10.0.0.2
access-list 90 permit 10.0.2.1
access-list 90 permit 10.0.1.1
access-list 90 permit 10.0.2.2
access-list 90 permit 10.0.2.3
access-list 90 permit 192.168.1.1
access-list 90 permit 192.168.1.3
access-list 90 permit 192.168.1.2
access-list 90 permit 10.0.1.101
access-list 90 permit 10.0.1.114
access-list 90 permit 10.0.3.148
dialer-list 1 protocol ip permit
!
!
!
route-map M-OUT permit 5
match ip address 66
set ip next-hop 213.182.181.65
!
route-map C-OUT permit 5
match ip address 5 10 15
set ip next-hop 217.170.93.17
!
route-map C-OUT permit 7
match ip address 7 12
set ip next-hop 217.170.93.17
!
route-map C-OUT permit 10
match ip address 8
set ip next-hop 212.119.170.1
!
route-map C-OUT permit 20
set ip next-hop 213.182.181.65
!
route-map C-OUT permit 30
match ip address 17 16
set ip next-hop 212.119.170.1
!
route-map C-OUT permit 40
match ip address 40 14 5
set ip next-hop 217.170.93.17
!
route-map C-OUT permit 99
set interface Null0
!

Исходное сообщение
"cisco 1841: не могу настроить gre+ipsec туннель" Отправлено demchenko, 30-Июн-10 14:54
>jasno. izvinjajus kanechno, no kak vi pingujete tunnel ip? prosto ping tunnel_ip? > >na ciske v pitere: ping 192.168.3.2 so 192.168.3.1 si 1300 re 100 > >ili na ciske v moskve: ping 192.168.3.1 so 192.168.3.2 si 1300 re >100 > именно так (только без re 100). если убрать "tunnel protection ipsec", т.е. оставить только gre туннель - сразу же этими же коммандами начинают пинговаться оба конца туннеля. #ping 192.168.3.2 so 192.168.3.1 si 1300 Type escape sequence to abort. Sending 5, 1300-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds: Packet sent with a source address of 192.168.3.1 ..... Success rate is 0 percent (0/5) ipgate#conf t Enter configuration commands, one per line. End with CNTL/Z. ipgate(config)#int tunnel1 ipgate(config-if)#no tunnel protection ipsec profile myprofile ipgate(config-if)#^Z ipgate#ping 192.168.3.2 so 192.168.3.1 si 1300 Type escape sequence to abort. Sending 5, 1300-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds: Packet sent with a source address of 192.168.3.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms ipgate#traceroute 192.168.3.2 Type escape sequence to abort. Tracing the route to 192.168.3.2 1 192.168.3.2 72 msec * 52 msec >krome etogo necego strannogo ne vizhu. mozhno posmatret dalshe no bez full >config ne obaitis. (jasno bez passwords :) ). выкладываю полный конфиг, убраны только параметры про пользователей и доступ к консоли. msk: ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname yourname ! boot-start-marker boot-end-marker ! logging message-counter syslog logging buffered 51200 warnings ! no aaa new-model dot11 syslog ip source-route ! ! ip cef ip domain name yourdomain.com ! multilink bundle-name authenticated ! ! crypto isakmp policy 5 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key vpn address 213.182.181.66 no-xauth ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set vpn1 esp-3des esp-md5-hmac mode transport ! crypto ipsec profile myprofile set transform-set vpn1 ! interface Tunnel1 ip address 192.168.3.2 255.255.255.252 ip mtu 1420 tunnel source 212.45.2.67 tunnel destination 213.182.181.66 tunnel protection ipsec profile myprofile ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$ ip address 192.168.2.100 255.255.255.0 ip tcp adjust-mss 1380 duplex auto speed auto no cdp enable ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/0/0 switchport access vlan 2 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Vlan1 no ip address ip virtual-reassembly ! interface Vlan2 ip address 212.45.2.67 255.255.255.248 ip virtual-reassembly ! interface Vlan3 no ip address ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 212.45.2.65 ip route 10.0.0.0 255.0.0.0 Tunnel1 ip route 192.168.1.0 255.255.255.0 Tunnel1 ip route 192.168.2.0 255.255.255.0 FastEthernet0/0 ip route 192.168.3.0 255.255.255.252 Tunnel1 ! ! piter (эта циска уже "боевая", маршрутизацию и нат настраивал не я): ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ipgate ! boot-start-marker boot-end-marker ! logging message-counter syslog logging buffered 51200 warnings no logging monitor ! aaa new-model ! ! aaa authentication login rtr-remote local aaa authorization network rtr-remote local ! ! aaa session-id common dot11 syslog ip source-route ! ! ! ! ip cef ip name-server 10.0.0.1 ip address-pool local ! multilink bundle-name authenticated ! ! crypto isakmp policy 5 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key vpn address 212.45.2.67 no-xauth ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set vpn1 esp-3des esp-md5-hmac mode transport ! crypto ipsec profile C set transform-set vpn1 ! ! ! class-map match-all BOSS match access-group 100 ! ! policy-map QOS-PITER class BOSS shape average 4194304 bandwidth percent 50 class class-default shape average 3000000 fair-queue ! ! ! ! interface Tunnel1 ip address 192.168.3.1 255.255.255.252 ip mtu 1420 tunnel source 213.182.181.66 tunnel destination 212.45.2.67 ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$ bandwidth 4096 ip address 192.168.1.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1380 ip policy route-map C-OUT duplex auto speed auto no cdp enable service-policy output QOS-PITER ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/0/0 switchport access vlan 2 ! interface FastEthernet0/0/1 switchport access vlan 3 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Vlan1 no ip address ! interface Vlan2 ip address 217.170.93.154 255.255.255.248 secondary ip address 217.170.93.18 255.255.255.252 ip nat outside ip virtual-reassembly ! interface Vlan3 ip address 212.119.170.2 255.255.255.240 secondary ip address 213.182.181.66 255.255.255.240 ip nat outside ip virtual-reassembly ! ip local policy route-map M-OUT ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 217.170.93.17 ip route 10.0.0.0 255.0.0.0 192.168.1.3 ip route 10.0.0.1 255.255.255.255 192.168.1.2 ip route 10.0.0.232 255.255.255.255 192.168.1.2 ip route 10.0.1.43 255.255.255.255 192.168.1.2 ip route 10.0.1.44 255.255.255.255 192.168.1.2 ip route 10.0.1.64 255.255.255.255 192.168.1.2 ip route 10.0.1.65 255.255.255.255 192.168.1.2 ip route 10.0.1.66 255.255.255.255 192.168.1.2 ip route 10.0.1.67 255.255.255.255 192.168.1.2 ip route 10.0.1.75 255.255.255.255 192.168.1.2 ip route 10.0.1.103 255.255.255.255 192.168.1.2 ip route 10.0.1.105 255.255.255.255 192.168.1.2 ip route 10.0.1.106 255.255.255.255 192.168.1.2 ip route 10.0.1.107 255.255.255.255 192.168.1.2 ip route 10.0.1.108 255.255.255.255 192.168.1.2 ip route 10.0.1.114 255.255.255.255 192.168.1.2 ip route 10.0.1.181 255.255.255.255 192.168.1.2 ip route 10.0.1.182 255.255.255.255 192.168.1.2 ip route 10.0.1.183 255.255.255.255 192.168.1.2 ip route 10.0.1.201 255.255.255.255 192.168.1.2 ip route 10.0.1.208 255.255.255.255 192.168.1.2 ip route 10.0.2.1 255.255.255.255 192.168.1.2 ip route 10.0.3.1 255.255.255.255 192.168.1.2 ip route 10.0.4.23 255.255.255.255 192.168.1.2 ip route 10.0.10.20 255.255.255.255 192.168.1.2 ip route 10.0.10.30 255.255.255.255 192.168.1.2 ip route 10.0.11.0 255.255.255.0 192.168.1.2 ip route 94.230.0.254 255.255.255.255 212.119.170.1 ip route 192.168.2.0 255.255.255.0 Tunnel1 ! ip nat inside source list 5 interface Vlan2 overload ip nat inside source list 7 interface Vlan2 overload ip nat inside source list 8 interface Vlan3 overload ip nat inside source list 10 interface Vlan2 overload ip nat inside source list 11 interface Vlan3 overload ip nat inside source list 12 interface Vlan2 overload ip nat inside source list 13 interface Vlan3 overload ip nat inside source list 14 interface Vlan2 overload ip nat inside source list 15 interface Vlan3 overload ip nat inside source list 16 interface Vlan3 overload ip nat inside source list 17 interface Vlan3 overload ip nat inside source list 18 interface Vlan3 overload ip nat inside source list 40 interface Vlan2 overload ip nat inside source static 10.0.1.44 212.119.170.3 ip nat inside source static 10.0.1.22 212.119.170.4 ip nat inside source static 10.0.3.146 212.119.170.5 ip nat inside source static 10.0.1.126 212.119.170.6 ip nat inside source static 192.168.1.4 212.119.170.7 ip nat inside source static tcp 10.0.7.32 80 212.119.170.8 80 extendable ip nat inside source static 10.0.3.147 212.119.170.9 ip nat inside source static 10.0.7.33 212.119.170.10 ip nat inside source static tcp 10.0.1.44 22 212.119.170.12 22 extendable ip nat inside source static tcp 10.0.7.40 1090 212.119.170.12 1090 extendable ip nat inside source static tcp 10.0.7.40 1199 212.119.170.12 1199 extendable ip nat inside source static tcp 10.0.7.40 8083 212.119.170.12 8083 extendable ip nat inside source static tcp 10.0.7.41 9874 212.119.170.12 9874 extendable ip nat inside source static tcp 10.0.7.191 9940 212.119.170.12 9940 extendable ip nat inside source static tcp 10.0.1.44 10022 212.119.170.12 10022 extendable ip nat inside source static tcp 10.0.1.44 10023 212.119.170.12 10023 extendable ip nat inside source static tcp 10.0.170.12 80 212.119.170.12 10080 extendable ip nat inside source static tcp 10.0.7.41 443 212.119.170.12 10443 extendable ip nat inside source static tcp 10.0.7.40 44499 212.119.170.12 11199 extendable ip nat inside source static tcp 10.0.1.240 22 212.119.170.14 22 extendable ip nat inside source static 10.0.3.3 213.182.181.68 ip nat inside source static 10.0.3.1 213.182.181.70 ip nat inside source static tcp 10.0.8.2 25 213.182.181.72 25 extendable ip nat inside source static tcp 10.0.8.1 143 213.182.181.72 143 extendable ip nat inside source static tcp 10.0.8.1 443 213.182.181.72 443 extendable ip nat inside source static 10.0.1.105 213.182.181.73 ip nat inside source static 10.0.170.9 213.182.181.74 ip nat inside source static 10.0.0.4 217.170.93.155 ip nat inside source static 192.168.1.3 217.170.93.156 ip nat inside source static tcp 10.0.2.1 25 217.170.93.157 25 extendable ! access-list 2 permit 10.0.7.10 access-list 2 permit 10.0.1.103 access-list 2 permit 10.0.1.114 access-list 5 permit 192.168.1.1 access-list 5 permit 192.168.1.2 access-list 5 permit 10.0.0.0 0.0.0.255 access-list 7 permit 192.168.1.3 access-list 10 permit 10.0.10.20 access-list 10 permit 10.0.10.30 access-list 11 permit 10.0.1.0 0.0.0.255 access-list 11 permit 10.0.11.0 0.0.0.255 access-list 12 permit 10.0.2.0 0.0.0.255 access-list 13 permit 10.0.3.0 0.0.0.255 access-list 14 permit 10.0.4.0 0.0.0.255 access-list 15 permit 10.0.5.0 0.0.0.255 access-list 16 permit 10.0.8.0 0.0.0.255 access-list 17 permit 10.0.170.0 0.0.0.255 access-list 18 permit 10.0.7.0 0.0.0.255 access-list 23 permit 10.0.0.0 0.255.255.255 access-list 40 permit 10.0.140.0 0.0.0.255 access-list 66 permit 213.182.181.66 access-list 90 permit 10.0.7.11 access-list 90 permit 10.0.7.10 access-list 90 permit 10.0.3.1 access-list 90 permit 10.0.0.2 access-list 90 permit 10.0.2.1 access-list 90 permit 10.0.1.1 access-list 90 permit 10.0.2.2 access-list 90 permit 10.0.2.3 access-list 90 permit 192.168.1.1 access-list 90 permit 192.168.1.3 access-list 90 permit 192.168.1.2 access-list 90 permit 10.0.1.101 access-list 90 permit 10.0.1.114 access-list 90 permit 10.0.3.148 dialer-list 1 protocol ip permit ! ! ! route-map M-OUT permit 5 match ip address 66 set ip next-hop 213.182.181.65 ! route-map C-OUT permit 5 match ip address 5 10 15 set ip next-hop 217.170.93.17 ! route-map C-OUT permit 7 match ip address 7 12 set ip next-hop 217.170.93.17 ! route-map C-OUT permit 10 match ip address 8 set ip next-hop 212.119.170.1 ! route-map C-OUT permit 20 set ip next-hop 213.182.181.65 ! route-map C-OUT permit 30 match ip address 17 16 set ip next-hop 212.119.170.1 ! route-map C-OUT permit 40 match ip address 40 14 5 set ip next-hop 217.170.93.17 ! route-map C-OUT permit 99 set interface Null0 !

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру