Привет всем!
Настроил я IPsec с партнером (Cisco 1841), все нормально, пакеты ходят, но.... выделил он мне сеть 172.28.41.0/24 - тоесть -это должны быть мои исходящие адреса, по схеме настроил нат (в принципе в других местах все тоже работает) смотрю по логам никакой трансляции адреса нет, подскажите где я опять протупил ......ПЛИЗЗЗ (на интерфейсе Loopback1 прописал айпи нужной сети дальше я выкладываю конфиг)
Спасибо (конфиг мой ниже)aaa authentication login default local
aaa authorization network default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
!
!
ip domain name
!
!
!
!
crypto key pubkey-chain rsa
addressed-key 222.222.222.222
address 222.222.222.222
key-string
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00C14217
BCE86A91 5A2C8AE1 36F99611 AF853BF0 7D6CB2A5 C665ED14 9AC66C02 5FD6DFB9
C03759E4 4C18AD58 89E175B8 BDEA2E4E BED8AB74 4AEC91AF 32B5B7BA E171DD23
920BCABB 774FD8BA 5E48DAA8 ABB537A2 85BD1CCA BB4C3962 26DDB63A 30440923
3677C47B FCE208E7 3DABE2EF A5CC6822 AB5E0FC6 8D11CA3E CDD00BB2 61020301 0001
quit
username mda password 7 09785B1B3B0A57
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
authentication rsa-encr
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto ipsec security-association lifetime kilobytes 3000
crypto ipsec security-association lifetime seconds 1200
!
crypto ipsec transform-set UPC-3DES esp-3des esp-sha-hmac comp-lzs
!
crypto dynamic-map dynmap 10
!
!
crypto map UPC-IPSEC 10 ipsec-isakmp
set peer 222.222.222.222
set transform-set UPC-3DES
match address 110
!
bridge irb
!
!
interface Tunnel1
description <<=Tunnel =>>
ip address 172.30.1.230 255.255.255.252
tunnel source FastEthernet0/1
tunnel destination 222.222.222.222
crypto map UPC-IPSEC
!
interface Loopback1
ip address 172.28.41.21 255.255.255.255
!
interface FastEthernet0/0
ip address 172.16.101.210 255.255.254.0
ip nat inside
ip virtual-reassembly
speed auto
full-duplex
!
interface FastEthernet0/1
ip address 333.333.333.333 255.255.255.252
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
no mop enabled
crypto map UPC-IPSEC
interface FastEthernet0/0/0
no cdp enable
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
ip address 172.16.105.5 255.255.255.0
ip nat outside
ip virtual-reassembly
!
ip local pool ippool 10.0.7.10
ip route 0.0.0.0 0.0.0.0 333.333.333.333
ip route 10.0.11.4 255.255.255.255 172.16.100.159
ip route 128.26.28.3 255.255.255.255 172.16.100.10
ip route 128.26.29.3 255.255.255.255 172.16.100.10
ip route 132.148.2.65 255.255.255.255 Tunnel1
ip route 192.168.1.0 255.255.255.0 172.16.100.6
ip route 192.168.4.0 255.255.255.0 172.16.100.6
ip route 192.168.5.0 255.255.255.0 172.16.100.6
ip route 192.168.6.0 255.255.255.0 172.16.100.6
ip route 192.168.40.0 255.255.255.0 172.16.101.1
ip route 192.168.170.0 255.255.255.0 172.16.100.6
ip route 192.168.236.0 255.255.255.0 172.16.101.1
ip route 193.111.173.56 255.255.255.255 172.16.100.1
!
!
no ip http server
no ip http secure-server
ip nat inside source list 170 interface Loopback1 overload
ip nat inside source list 188 interface FastEthernet0/1 overload
!
logging trap debugging
logging facility local4
logging 172.16.101.1
access-list 1 permit 172.16.101.1
access-list 7 permit 172.16.100.0 0.0.1.255
access-list 21 permit 172.16.100.185
access-list 21 permit 172.16.100.10
access-list 21 permit 172.16.101.1
access-list 50 permit 172.16.100.0 0.0.1.255 log
access-list 110 permit gre host 333.333.333.333 host 222.222.222.222
access-list 170 permit ip 172.16.100.0 0.0.1.255 132.148.0.0 0.0.0.255
access-list 188 permit ip host 172.16.100.185 any
access-list 188 deny tcp 172.16.100.0 0.0.1.255 any eq smtp
access-list 188 permit ip 172.16.100.0 0.0.1.255 any
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
on 06-Мрт-07, 13:01 
