Здравствуйте.
Необходимо создать VPN между 2-я офисами.Исходные данные:
Офис А: маршрутизатор Planet SG-1000
внеш 78.108.х.х
внутр 10.0.0.3
Офис В: Cisco 8xx
внеш 95.160.x.x
внутр 192.168.0.253
Кусог конфиг Cisco, отвечающий за VPN
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
lifetime 3600
crypto isakmp key 123456789 address 78.108.x.x
!
!
crypto ipsec transform-set VPN esp-3des esp-md5-hmac
mode transport
!
crypto map DBU 10 ipsec-isakmp
set peer 78.108.x.x
set security-association lifetime seconds 28800
set transform-set VPN
set pfs group1
match address 150
interface FastEthernet4
ip address 95.160.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map DBU
!
access-list 150 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
!
Router# sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
95.160.х.х 78.108.х.х QM_IDLE 2097 0 ACTIVE
IPv6 Crypto ISAKMP SA
Router# sh crypto ipsec sa
interface: FastEthernet4
Crypto map tag: DBU, local addr 95.160.x.x
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.0.0.0/255.255.255.0/0/0)
current_peer 78.108.x.x port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 95.160.x.x, remote crypto endpt.: 78.108.x.x
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet4
current outbound spi: 0x49C40E0D(1237585421)
inbound esp sas:
spi: 0x52C1AB(5423531)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 7, flow_id: Motorola SEC 1.0:7, crypto map: DBU
sa timing: remaining key lifetime (k/sec): (4508276/27690)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x49C40E0D(1237585421)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 8, flow_id: Motorola SEC 1.0:8, crypto map: DBU
sa timing: remaining key lifetime (k/sec): (4508276/27677)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
На Planet'е прописаны соответствущие ключи, время жизни и адреса.
И вопрос собственно где я ошибся при конигурировании устройств?
Заранее спасибо