!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 2800
crypto isakmp key < KEY > address < Удаленный маршрутизатор >
!
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
!
crypto ipsec profile vpn_tunnel
set transform-set vpn1
!
!
crypto map Moscow 1 ipsec-isakmp
description TunelToMoscow
set peer < Удаленный маршрутизатор >
set transform-set vpn1
set pfs group2
match address 115
reverse-route remote-peer < Удаленный маршрутизатор > static
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN
ip address <Мой IP адрес> <Моя Маска>
ip access-group 150 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map Moscow
!
interface Vlan1
ip address 192.168.13.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 < МОЙ Шлюз >
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.13.1 25 80.247.105.58 25 extendable
ip nat inside source static tcp 192.168.132 53 80.247.105.58 53 extendable
ip nat inside source static udp 192.168.13.2 53 80.247.105.58 53 extendable
ip nat inside source static tcp 192.168.13.3 443 80.247.105.58 443 extendable
ip nat inside source static udp 192.168.13.3 443 80.247.105.58 443 extendable
ip nat inside source static tcp 192.168.13.3 1024 80.247.105.58 1024 extendable
ip nat inside source static tcp 192.168.13.3 1400 80.247.105.58 1400 extendable
!
access-list 23 permit 192.168.13.0 0.0.0.255
access-list 100 remark === PERMIT ANY ANY ======================================
access-list 100 permit ip any any
access-list 101 deny ip 192.168.13.0 0.0.0.255 193.212.35.16 0.0.0.7
access-list 101 permit ip 192.168.13.0 0.0.0.255 any
access-list 110 permit tcp host 192.168.0.1 any eq smtp
access-list 110 deny ip host 192.168.0.1 any
access-list 115 permit ip host <Мой внешний IP> host <Удаленный роутер>
access-list 115 permit ip 192.168.13.0 0.0.0.255 193.212.35.16 0.0.0.7
access-list 115 permit ip host <Удаленный роутер> host <Мой внешний IP>
access-list 115 permit ip 193.212.35.16 0.0.0.7 192.168.13.0 0.0.0.255
access-list 115 deny ip any any
access-list 150 permit ip any any
no cdp run
route-map Moscow permit 1
match ip address 115
! Вот sh ip route:
C 192.168.13.0/24 is directly connected, Vlan1
193.212.35.0/29 is subnetted, 1 subnets
S 193.212.35.16 [1/0] via <IP адрес удаленного VPN маршрутизатора>
А вот самое интересное:
Protocol [ip]:
Target IP address: 193.212.35.16
Source address: 192.168.13.1
Numeric display [n]:
Timeout in seconds [3]: 1
Probe count [3]: 1
Minimum Time to Live [1]:
Maximum Time to Live [30]: 15
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 193.212.35.16
1 *
2 *
3 *
4 *
...
10 *
Скажите пожалуйста, в чем проблема? :(