- Соединение через тунель не проходит,
 Аноним, 15:36 , 17-Окт-08 (1)>Здравствуйте! Проблема такая: в главном офисе стоит циска 2821. она соединена тунелем
>через инет с одним из нашим филлиалом. там стоит циска 1841.
>пинги проходят на ура, только вот не могу соединится с мини
>атс Avaya в филлиале через Avaya Site Administration.
>Тунель не шифрованый. Файервол отключен на обоих цисках. Если если открыть порт
>на внешнем ип и сделать передресацию на атс то всё прекрасно
>соединяется.
>Народ подскажите пожалуйста в чём может быть проблема??? Наверно циска режет какието
>протоколы, хотя у меня никаких запретов не стоит...
>Заранее спасибо!!! Конфиг, плз
- Соединение через тунель не проходит, sh_, 15:42 , 17-Окт-08 (2)
>>Народ подскажите пожалуйста в чём может быть проблема??? В маршрутизации...
- Соединение через тунель не проходит, fenix2k, 16:08 , 17-Окт-08 (3)
>Конфиг, плз Конфиг c2821: interface Tunnel0
description Tver
ip address 192.168.254.2 255.255.255.0
ip mtu 1476
tunnel source GigabitEthernet0/1.4
tunnel destination 80.246.xxx.xxx
tunnel path-mtu-discovery
!
interface Tunnel1
description Dedenevo
ip address 192.168.253.1 255.255.255.0
ip mtu 1476
tunnel source GigabitEthernet0/1.2
tunnel destination 192.168.218.3
tunnel path-mtu-discovery
!
interface Tunnel2
description Dedenevo Selector
ip address 192.168.252.1 255.255.255.0
ip mtu 1476
tunnel source GigabitEthernet0/1.2
tunnel destination 192.168.218.3
tunnel path-mtu-discovery
!
interface Tunnel3
description to ryazan
ip address 192.168.250.1 255.255.255.0
ip mtu 1476
tunnel source GigabitEthernet0/1.4
tunnel destination 80.72.xxx.xxx
tunnel path-mtu-discovery
!
interface GigabitEthernet0/0
description INTERNAL
no ip address
ip route-cache flow
duplex auto
speed 1000
!
interface GigabitEthernet0/0.1
description Ukim Lan$ETH-LAN$
encapsulation dot1Q 1 native
ip address 192.168.1.220 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0.2
description voice$ETH-LAN$
encapsulation dot1Q 3
ip address 192.168.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0.3
description tushino$ETH-LAN$
encapsulation dot1Q 4
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0.5
description video$ETH-LAN$
encapsulation dot1Q 16
ip address 10.10.0.1 255.255.255.0
!
interface GigabitEthernet0/1
description INET and RSI
no ip address
ip route-cache flow
duplex auto
speed 1000
!
interface GigabitEthernet0/1.1
description selector$ETH-LAN$
encapsulation dot1Q 11
ip address 192.168.219.2 255.255.255.0
!
interface GigabitEthernet0/1.2
description to rechsvyaz$ETH-LAN$
encapsulation dot1Q 271
ip address 192.168.218.2 255.255.255.0
!
interface GigabitEthernet0/1.4
description Inet$ETH-LAN$
encapsulation dot1Q 270
ip address 88.210.xxx.xxx 255.255.255.224
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 88.210.xxx.xxx
ip route 10.10.0.0 255.255.255.0 GigabitEthernet0/0.5
ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/0.1
ip route 192.168.2.0 255.255.255.0 GigabitEthernet0/0.3
ip route 192.168.4.0 255.255.255.0 Tunnel0
ip route 192.168.5.0 255.255.255.0 Tunnel3
ip route 192.168.7.0 255.255.255.0 GigabitEthernet0/0.2
ip route 192.168.9.0 255.255.255.0 Tunnel1
ip route 192.168.200.0 255.255.255.0 GigabitEthernet0/1.2
ip route 192.168.212.0 255.255.255.0 GigabitEthernet0/1.2
ip route 192.168.218.0 255.255.255.0 GigabitEthernet0/1.2
ip route 192.168.219.0 255.255.255.0 GigabitEthernet0/1.1
ip route 192.168.220.0 255.255.255.0 Tunnel2
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool pool1 88.210.xxx.xxx 88.210.xxx.xxx netmask 255.255.255.224
ip nat pool tushino 192.168.1.220 192.168.1.220 netmask 255.255.255.0
ip nat inside source list 175 interface GigabitEthernet0/1.4 overload
ip nat inside source static tcp 192.168.7.10 5022 interface GigabitEthernet0/1.4 5022
!
access-list 101 remark SDM_ACL Category=16
access-list 101 permit ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 102 remark tushino
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 deny ip 192.168.2.0 0.0.0.255 any
access-list 103 remark tusheno
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 deny ip any 192.168.2.0 0.0.0.255
access-list 104 remark SDM_ACL Category=4
access-list 104 permit ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 104 permit ip 10.10.0.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 175 remark SDM_ACL Category=18
access-list 175 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 175 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 175 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 175 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 175 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 175 deny ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 175 deny ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 175 deny ip 192.168.2.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 175 deny ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 175 permit ip 192.168.1.0 0.0.0.255 any
access-list 175 permit ip 192.168.2.0 0.0.0.255 any
access-list 175 permit ip 192.168.7.0 0.0.0.255 any
access-list 176 remark tushino
access-list 176 remark SDM_ACL Category=2
access-list 176 permit ip 192.168.2.0 0.0.0.255 host 192.168.1.1
!
route-map SDM_RMAP_1 permit 1
match ip address 175 Конфиг c1841:
!
interface Tunnel1
ip address 192.168.254.1 255.255.255.0
ip mtu 1476
tunnel source FastEthernet0/1.1
tunnel destination 88.210.xxx.xxx
tunnel path-mtu-discovery
!
interface FastEthernet0/0
no ip address
ip route-cache flow
speed 100
full-duplex
!
interface FastEthernet0/0.1
description $ETH-LAN$
encapsulation dot1Q 1 native
ip address 192.168.4.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
no ip address
ip route-cache flow
speed 100
full-duplex
!
interface FastEthernet0/1.1
description $ETH-LAN$
encapsulation dot1Q 2 native
ip address 80.246.xxx.xxx 255.255.255.224
ip access-group 105 in
ip nat outside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 80.246.xxx.xxx
ip route 192.168.1.0 255.255.255.0 Tunnel1
ip route 192.168.4.0 255.255.255.0 FastEthernet0/0.1
ip route 192.168.7.0 255.255.255.0 Tunnel1
!
!
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip nat pool pool1 80.246.xxx.xxx 80.246.xxx.xxx netmask 255.255.255.224
ip nat inside source static tcp 192.168.4.10 5022 interface FastEthernet0/1.1 5022
ip nat inside source route-map SDM_RMAP_1 pool pool1 overload
!
access-list 1 permit 88.210.xxx.xxx
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 88.210.xxx.xxx 0.0.0.31
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 remark SDM_ACL Category=16
access-list 101 permit ip 192.168.4.0 0.0.0.255 10.10.0.0 0.0.0.255
access-list 101 permit ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 103 permit ip any any
access-list 104 remark SDM_ACL Category=4
access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 175 remark SDM_ACL Category=18
access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 175 permit ip 192.168.4.0 0.0.0.255 any
!
route-map SDM_RMAP_1 permit 1
match ip address 175
- Соединение через тунель не проходит, GolDi, 16:42 , 17-Окт-08 (4)
>[оверквотинг удален]
> description $ETH-LAN$
> encapsulation dot1Q 2 native
> ip address 80.246.xxx.xxx 255.255.255.224
> ip access-group 105 in
> ip nat outside
> ip virtual-reassembly
>!
>ip route 0.0.0.0 0.0.0.0 80.246.xxx.xxx
>ip route 192.168.1.0 255.255.255.0 Tunnel1
>ip route 192.168.4.0 255.255.255.0 FastEthernet0/0.1 ^^^^^^^^^^ вот эта строка зачем?
>[оверквотинг удален]
>access-list 104 remark SDM_ACL Category=4
>access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255
>access-list 175 remark SDM_ACL Category=18
>access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255
>access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255
>access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
>access-list 175 permit ip 192.168.4.0 0.0.0.255 any
>!
>route-map SDM_RMAP_1 permit 1
> match ip address 175
|
Версия для распечатки
Соединение через тунель не проходит, 
