- Соединение через тунель не проходит, Аноним, 15:36 , 17-Окт-08 (1)
>Здравствуйте! Проблема такая: в главном офисе стоит циска 2821. она соединена тунелем >через инет с одним из нашим филлиалом. там стоит циска 1841. >пинги проходят на ура, только вот не могу соединится с мини >атс Avaya в филлиале через Avaya Site Administration. >Тунель не шифрованый. Файервол отключен на обоих цисках. Если если открыть порт >на внешнем ип и сделать передресацию на атс то всё прекрасно >соединяется. >Народ подскажите пожалуйста в чём может быть проблема??? Наверно циска режет какието >протоколы, хотя у меня никаких запретов не стоит... >Заранее спасибо!!! Конфиг, плз
- Соединение через тунель не проходит, sh_, 15:42 , 17-Окт-08 (2)
>>Народ подскажите пожалуйста в чём может быть проблема??? В маршрутизации...
- Соединение через тунель не проходит, fenix2k, 16:08 , 17-Окт-08 (3)
>Конфиг, плз Конфиг c2821: interface Tunnel0 description Tver ip address 192.168.254.2 255.255.255.0 ip mtu 1476 tunnel source GigabitEthernet0/1.4 tunnel destination 80.246.xxx.xxx tunnel path-mtu-discovery ! interface Tunnel1 description Dedenevo ip address 192.168.253.1 255.255.255.0 ip mtu 1476 tunnel source GigabitEthernet0/1.2 tunnel destination 192.168.218.3 tunnel path-mtu-discovery ! interface Tunnel2 description Dedenevo Selector ip address 192.168.252.1 255.255.255.0 ip mtu 1476 tunnel source GigabitEthernet0/1.2 tunnel destination 192.168.218.3 tunnel path-mtu-discovery ! interface Tunnel3 description to ryazan ip address 192.168.250.1 255.255.255.0 ip mtu 1476 tunnel source GigabitEthernet0/1.4 tunnel destination 80.72.xxx.xxx tunnel path-mtu-discovery ! interface GigabitEthernet0/0 description INTERNAL no ip address ip route-cache flow duplex auto speed 1000 ! interface GigabitEthernet0/0.1 description Ukim Lan$ETH-LAN$ encapsulation dot1Q 1 native ip address 192.168.1.220 255.255.255.0 ip nat inside ip virtual-reassembly ! interface GigabitEthernet0/0.2 description voice$ETH-LAN$ encapsulation dot1Q 3 ip address 192.168.7.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface GigabitEthernet0/0.3 description tushino$ETH-LAN$ encapsulation dot1Q 4 ip address 192.168.2.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface GigabitEthernet0/0.5 description video$ETH-LAN$ encapsulation dot1Q 16 ip address 10.10.0.1 255.255.255.0 ! interface GigabitEthernet0/1 description INET and RSI no ip address ip route-cache flow duplex auto speed 1000 ! interface GigabitEthernet0/1.1 description selector$ETH-LAN$ encapsulation dot1Q 11 ip address 192.168.219.2 255.255.255.0 ! interface GigabitEthernet0/1.2 description to rechsvyaz$ETH-LAN$ encapsulation dot1Q 271 ip address 192.168.218.2 255.255.255.0 ! interface GigabitEthernet0/1.4 description Inet$ETH-LAN$ encapsulation dot1Q 270 ip address 88.210.xxx.xxx 255.255.255.224 ip nat outside ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 88.210.xxx.xxx ip route 10.10.0.0 255.255.255.0 GigabitEthernet0/0.5 ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/0.1 ip route 192.168.2.0 255.255.255.0 GigabitEthernet0/0.3 ip route 192.168.4.0 255.255.255.0 Tunnel0 ip route 192.168.5.0 255.255.255.0 Tunnel3 ip route 192.168.7.0 255.255.255.0 GigabitEthernet0/0.2 ip route 192.168.9.0 255.255.255.0 Tunnel1 ip route 192.168.200.0 255.255.255.0 GigabitEthernet0/1.2 ip route 192.168.212.0 255.255.255.0 GigabitEthernet0/1.2 ip route 192.168.218.0 255.255.255.0 GigabitEthernet0/1.2 ip route 192.168.219.0 255.255.255.0 GigabitEthernet0/1.1 ip route 192.168.220.0 255.255.255.0 Tunnel2 ! ! ip http server ip http authentication local ip http secure-server ip nat pool pool1 88.210.xxx.xxx 88.210.xxx.xxx netmask 255.255.255.224 ip nat pool tushino 192.168.1.220 192.168.1.220 netmask 255.255.255.0 ip nat inside source list 175 interface GigabitEthernet0/1.4 overload ip nat inside source static tcp 192.168.7.10 5022 interface GigabitEthernet0/1.4 5022 ! access-list 101 remark SDM_ACL Category=16 access-list 101 permit ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 101 permit ip 10.10.0.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 102 remark tushino access-list 102 remark SDM_ACL Category=1 access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 102 deny ip 192.168.2.0 0.0.0.255 any access-list 103 remark tusheno access-list 103 remark SDM_ACL Category=1 access-list 103 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 103 deny ip any 192.168.2.0 0.0.0.255 access-list 104 remark SDM_ACL Category=4 access-list 104 permit ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255 access-list 104 permit ip 10.10.0.0 0.0.0.255 192.168.9.0 0.0.0.255 access-list 175 remark SDM_ACL Category=18 access-list 175 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 175 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 175 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 175 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 175 deny ip 192.168.2.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 175 deny ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 175 deny ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255 access-list 175 deny ip 192.168.2.0 0.0.0.255 192.168.9.0 0.0.0.255 access-list 175 deny ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255 access-list 175 permit ip 192.168.1.0 0.0.0.255 any access-list 175 permit ip 192.168.2.0 0.0.0.255 any access-list 175 permit ip 192.168.7.0 0.0.0.255 any access-list 176 remark tushino access-list 176 remark SDM_ACL Category=2 access-list 176 permit ip 192.168.2.0 0.0.0.255 host 192.168.1.1 ! route-map SDM_RMAP_1 permit 1 match ip address 175 Конфиг c1841: ! interface Tunnel1 ip address 192.168.254.1 255.255.255.0 ip mtu 1476 tunnel source FastEthernet0/1.1 tunnel destination 88.210.xxx.xxx tunnel path-mtu-discovery ! interface FastEthernet0/0 no ip address ip route-cache flow speed 100 full-duplex ! interface FastEthernet0/0.1 description $ETH-LAN$ encapsulation dot1Q 1 native ip address 192.168.4.1 255.255.255.0 ip access-group 103 in ip nat inside ip virtual-reassembly ! interface FastEthernet0/1 no ip address ip route-cache flow speed 100 full-duplex ! interface FastEthernet0/1.1 description $ETH-LAN$ encapsulation dot1Q 2 native ip address 80.246.xxx.xxx 255.255.255.224 ip access-group 105 in ip nat outside ip virtual-reassembly ! ip route 0.0.0.0 0.0.0.0 80.246.xxx.xxx ip route 192.168.1.0 255.255.255.0 Tunnel1 ip route 192.168.4.0 255.255.255.0 FastEthernet0/0.1 ip route 192.168.7.0 255.255.255.0 Tunnel1 ! ! ip http server ip http access-class 1 ip http authentication local no ip http secure-server ip nat pool pool1 80.246.xxx.xxx 80.246.xxx.xxx netmask 255.255.255.224 ip nat inside source static tcp 192.168.4.10 5022 interface FastEthernet0/1.1 5022 ip nat inside source route-map SDM_RMAP_1 pool pool1 overload ! access-list 1 permit 88.210.xxx.xxx access-list 1 remark SDM_ACL Category=1 access-list 1 permit 88.210.xxx.xxx 0.0.0.31 access-list 1 remark Auto generated by SDM Management Access feature access-list 1 permit 192.168.4.0 0.0.0.255 access-list 100 permit ip any any access-list 101 remark SDM_ACL Category=16 access-list 101 permit ip 192.168.4.0 0.0.0.255 10.10.0.0 0.0.0.255 access-list 101 permit ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255 access-list 103 remark Auto generated by SDM Management Access feature access-list 103 remark SDM_ACL Category=1 access-list 103 permit ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 103 permit ip any any access-list 104 remark SDM_ACL Category=4 access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255 access-list 175 remark SDM_ACL Category=18 access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255 access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255 access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 175 permit ip 192.168.4.0 0.0.0.255 any ! route-map SDM_RMAP_1 permit 1 match ip address 175
- Соединение через тунель не проходит, GolDi, 16:42 , 17-Окт-08 (4)
>[оверквотинг удален] > description $ETH-LAN$ > encapsulation dot1Q 2 native > ip address 80.246.xxx.xxx 255.255.255.224 > ip access-group 105 in > ip nat outside > ip virtual-reassembly >! >ip route 0.0.0.0 0.0.0.0 80.246.xxx.xxx >ip route 192.168.1.0 255.255.255.0 Tunnel1 >ip route 192.168.4.0 255.255.255.0 FastEthernet0/0.1 ^^^^^^^^^^ вот эта строка зачем? >[оверквотинг удален] >access-list 104 remark SDM_ACL Category=4 >access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255 >access-list 175 remark SDM_ACL Category=18 >access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255 >access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255 >access-list 175 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 >access-list 175 permit ip 192.168.4.0 0.0.0.255 any >! >route-map SDM_RMAP_1 permit 1 > match ip address 175
|