The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"Некорректная работа сервера клиентского доступа PPTP"
Вариант для распечатки  
Пред. тема | След. тема 
Форум Маршрутизаторы CISCO и др. оборудование. (VPN, VLAN, туннель)
Изначальное сообщение [ Отслеживать ]

"Некорректная работа сервера клиентского доступа PPTP"  +/
Сообщение от retrooo_7 (ok) on 07-Фев-16, 00:02 
Здравствуте коллеги!
На днях фирма приобрела новый маршрутизатор cisco ISR 4431, при переносе конфига со старой циски 2921
работает все, кроме пользовательских подключений VPN(vpdn pptp), точнее они работают, но не маршрутзируются...
Пользователь подключается к сети, получает IP, IP в машрутах на циске коннектед, передается  на филиальские циски через GRE по средствам OSPF,НО
когда клиент делает обращение к какому либо хосту в организации, пакет доходит до получателя, получатель шлет ответ И ответ не доходит до клиента, а теряется
на циске, такое ощущение, что циска не знает куда возвращать пакет.Прошу заметить, что на 2921 этот конфиг работает без запинок...
Собственно описание всего и вся
Старая циска Cisco CISCO2921/K9 (revision 1.0)
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9_NPE-M), Version 15.3(2)T

Новая циска cisco ISR4431/K9 (1RU)
Cisco IOS XE Software, Version 03.13.03.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4                                                                                                


Конфиг

version 15.4
service telnet-zeroidle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service pt-vty-logging
service sequence-numbers
no platform punt-keepalive disable-kernel-core
!
hostname krr-cs1_1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging exception 65536
logging count
logging userinfo
logging buffered 65536
logging reload alerts
logging rate-limit all 100
no logging console
enable secret 5 $1$tVIt$TwZrH
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local group radius
aaa authorization exec default local 
aaa authorization network default if-authenticated 
aaa accounting network default
!
aaa accounting network VPN-USERS
 action-type start-stop
 group radius
!
!
!
!
!
!
aaa session-id common
clock timezone AST 3 0
!
!
!
ip name-server 192.168.210.253 192.168.210.251
ip domain lookup source-interface Loopback1
ip domain name mycomp.ru
ip dhcp excluded-address 10.100.100.1 10.100.100.100
ip dhcp excluded-address 10.100.100.199 10.100.100.254
ip dhcp excluded-address 192.168.50.0 192.168.50.19
ip dhcp excluded-address 192.168.203.0 192.168.203.19
ip dhcp excluded-address 192.168.51.0 192.168.51.19
ip dhcp excluded-address 192.168.203.200 192.168.203.255
ip dhcp excluded-address 192.168.203.69
ip dhcp excluded-address 192.168.203.94
ip dhcp excluded-address 192.168.203.68
ip dhcp excluded-address 192.168.52.1 192.168.52.10
ip dhcp excluded-address 192.168.48.1 192.168.48.10
ip dhcp excluded-address 192.168.49.0
!
ip dhcp pool users-vpn
 network 10.100.100.0 255.255.255.0
 domain-name mycomp.ru
 dns-server 192.168.210.253 192.168.210.251 
!
ip dhcp pool TLGUEST
 network 192.168.50.0 255.255.255.0
 default-router 192.168.50.1 
 domain-name mycomp.ru
 dns-server 8.8.8.8 
!
ip dhcp pool mycomp2
 network 192.168.203.0 255.255.255.0
 default-router 192.168.203.1 
 domain-name mycomp.ru
 dns-server 192.168.210.253 192.168.210.251 
 option 43 hex 0104.c0a8.cb14
 lease 180
!
ip dhcp pool mycomp2_TL
 network 192.168.51.0 255.255.255.0
 default-router 192.168.51.1 
 domain-name mycomp.ru
 dns-server 192.168.210.253 192.168.210.251 
!
ip dhcp pool VOIP
 network 192.168.52.0 255.255.254.0
 default-router 192.168.52.1 
 domain-name mycomp.ru
 dns-server 192.168.210.253 192.168.210.251 
 option 66 ascii 192.168.52.2
 lease 180
!
ip dhcp pool TL3
 network 192.168.48.0 255.255.254.0
 default-router 192.168.48.1 
 domain-name mycomp.ru
 dns-server 192.168.210.253 
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
vpdn enable
!
vpdn-group pptp
 ! Default L2TP VPDN group
 ! Default PPTP VPDN group
 accept-dialin
  protocol any
  virtual-template 1
!
!
!
!
!
license udi pid ISR4431/K9 sn FOC19471AXH
license boot level appxk9 disable
license boot level uck9 disable
!
spanning-tree extend system-id
!
!
redundancy
 mode none
!
!
vlan internal allocation policy ascending
!
track 75 ip sla 75 reachability
 delay down 60 up 60
!
track 88 ip sla 88 reachability
 delay down 60 up 60
!
track 207 ip sla 207 reachability
 delay down 60 up 60
!
track 208 ip sla 208 reachability
 delay down 60 up 60
!
!
class-map match-all CM_WIFI_TO_EXT
 match access-group name ACL_WIFI_TO_EXT
class-map match-all no_gre_fil
 match access-group 117
class-map match-all real-time
 match precedence 5 
class-map match-any gre_fil
 match access-group 27
class-map match-any realtime-marking
 match protocol rtp
!
policy-map PM_WIFI_IN_1
 class CM_WIFI_TO_EXT
  police 5242500
 class class-default
policy-map PM_ISP_OUT_1
 class class-default
  shape peak 20971520   
!
!
!
!
!
!
interface Loopback0
 description -- system loopback
 ip address 194.22.8.30 255.255.255.255
!
interface Loopback1
 ip address 10.200.200.1 255.255.255.255
!
interface Loopback2
 description tunnel2
 194.22.8.1
!
interface Loopback3
 description tunnel3
 194.22.8.25
!
interface Loopback4
 description NAT_FOR_MAIL_TALE
 ip address 194.22.8.4 255.255.255.255
 ip nat outside
!
interface Loopback5
 description -- for NAT
 ip address 194.22.8.6 255.255.255.255
 ip nat outside
!
interface Loopback6
 description youtrack_mysrv
 ip address 194.22.8.28 255.255.255.255
!
interface Loopback7
 description NAT_FOR_MAIL
 ip address 194.22.8.22 255.255.255.255
 ip nat outside
 ip access-group 116 in
!
interface Loopback8
 description NAT_FOR_VTASKMOB
 ip address 194.22.8.23 255.255.255.255
 ip nat outside
!
interface Tunnel3
 description NEW
 ip address 10.13.13.1 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication tra-tun3
 ip nhrp map multicast dynamic
 ip nhrp network-id 171623
 ip nhrp registration no-unique
 ip policy route-map from_RO_LAN
 ip ospf network broadcast
 ip ospf hello-interval 30
 ip ospf priority 10
 ip ospf mtu-ignore
 ip ospf cost 100
 tunnel source 194.22.8.1
 tunnel mode gre multipoint
 tunnel key 171623
!
interface GigabitEthernet0/0/0
 description krr_cs2_g0/0
 ip address 10.111.111.1 255.255.255.252
 negotiation auto
!
interface GigabitEthernet0/0/1
 description to_krr-sw1_g1/0/1
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/1.52
 description SIP_PHONES
 encapsulation dot1Q 52
 ip address 192.168.52.1 255.255.254.0
 ip nat inside
 ip policy route-map 115
 no cdp enable
!
interface GigabitEthernet0/0/1.100
 description LAN
 encapsulation dot1Q 100
 ip nat inside
 ip policy route-map from_GK_LAN
 no cdp enable
!
interface GigabitEthernet0/0/1.101
 description -- to MTS AS58322 (upstream)
 encapsulation dot1Q 101
 ip address 77.66.27.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip access-group 117 in
 no cdp enable
!
interface GigabitEthernet0/0/1.134
 description -- to PROV AS58322 (upstream)
 encapsulation dot1Q 134
 ip address 193.242.14.2 255.255.255.254
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip access-group 117 in
 no cdp enable
!
interface GigabitEthernet0/0/1.200
 description DMZ
 encapsulation dot1Q 200
 ip address 192.168.100.1 255.255.255.128
 ip nat inside
 ip ospf hello-interval 5
 ip ospf priority 10
 ip ospf cost 10
 no cdp enable
!
interface GigabitEthernet0/0/1.204
 description TL_GUEST
 encapsulation dot1Q 204
 ip address 192.168.50.1 255.255.255.0
 ip nat inside
 no cdp enable
!
interface GigabitEthernet0/0/1.205
 description WiFi_BOSS
 encapsulation dot1Q 205
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
 no cdp enable
 service-policy input PM_WIFI_IN_1
!
interface GigabitEthernet0/0/1.211
 description TL3
 encapsulation dot1Q 211
 ip address 192.168.48.1 255.255.254.0
 ip nat inside
 no cdp enable
!
interface GigabitEthernet0/0/1.243
 description dc-food
 encapsulation dot1Q 243
 ip address 192.168.203.1 255.255.255.0
 ip nat inside
 ip policy route-map from_GK_LAN
 no cdp enable
!
interface GigabitEthernet0/0/1.244
 description TL_GUEST_TRMEDIA
 encapsulation dot1Q 244
 ip address 192.168.51.1 255.255.255.0
 ip nat inside
 no cdp enable
!
interface GigabitEthernet0/0/1.255
 description krr_lan_MGMT
 encapsulation dot1Q 255
 ip address 10.200.201.1 255.255.255.240
 ip nat inside
 no cdp enable
!
!
!
interface GigabitEthernet0/0/3
 no ip address
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 negotiation auto
!
interface Virtual-Template1
 ip dhcp client hostname mycomp.ru
 ip unnumbered Loopback0
 ip nat inside
 peer default ip address dhcp-pool users-vpn
 ppp authentication ms-chap-v2
 ppp authorization local
 ppp accounting VPN-USERS
!
interface Vlan1
 no ip address
!
router ospf 1
 redistribute connected subnets route-map vpdnip_ospf
 passive-interface GigabitEthernet0/0/0
 passive-interface GigabitEthernet0/0/2
 passive-interface GigabitEthernet0/0/3
 network 10.12.12.0 0.0.0.255 area 0
 network 10.13.13.0 0.0.0.255 area 0
 network 10.200.200.0 0.0.0.255 area 0
 network 10.200.201.0 0.0.0.15 area 1
 network 192.168.20.0 0.0.0.255 area 1
 network 192.168.48.0 0.0.1.255 area 1
 network 192.168.50.0 0.0.0.255 area 1
 network 192.168.51.0 0.0.0.255 area 1
 network 192.168.52.0 0.0.1.255 area 1
 network 192.168.100.0 0.0.0.127 area 1
 network 192.168.203.0 0.0.0.255 area 1
 network 192.168.206.0 0.0.0.255 area 1
 network 192.168.208.0 0.0.3.255 area 1
 neighbor 10.12.12.2 cost 1
!
router bgp 201631
 no bgp fast-external-fallover
 bgp log-neighbor-changes
 bgp deterministic-med
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 neighbor 77.66.207.221 remote-as 60490
 neighbor 77.66.207.221 description -- MTS tehnicheskaya (upstream) 
 neighbor 193.242.148.200 remote-as 58314
 neighbor 193.242.148.200 description -- PROV (upstream)
 neighbor 212.188.45.204 remote-as 8359
 neighbor 212.188.45.204 description -- MTS fullview (upstream)
 neighbor 212.188.45.204 ebgp-multihop 10
 !
 address-family ipv4
  redistribute static route-map static-to-bgp
  neighbor 77.66.207.221 activate
  neighbor 77.66.207.221 send-community both
  neighbor 77.66.207.221 remove-private-as
  neighbor 77.66.207.221 route-map uAS8359-import in
  neighbor 77.66.207.221 route-map uAS8359-export out
  neighbor 193.242.148.200 activate
  neighbor 193.242.148.200 send-community both
  neighbor 193.242.148.200 remove-private-as
  neighbor 193.242.148.200 advertisement-interval 1
  neighbor 193.242.148.200 route-map uAS58322-import in
  neighbor 193.242.148.200 route-map uAS58322-export out
  neighbor 212.188.45.204 activate
  neighbor 212.188.45.204 send-community both
  neighbor 212.188.45.204 remove-private-as
  neighbor 212.188.45.204 advertisement-interval 1
  neighbor 212.188.45.204 route-map uAS8359-import in
  neighbor 212.188.45.204 route-map uAS8359-export out
 exit-address-family
!
ip nat inside source route-map dynamic-nat interface Loopback5 overload
ip nat inside source route-map dynamic-nat-mail interface Loopback7 overload
ip nat inside source route-map dynamic-nat-mail-TALE interface Loopback4 overload
ip nat inside source route-map dynamic-nat-yt-TALE interface Loopback6 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 18.0.0.0 2 name floating-default-to-mit
ip route 0.0.0.0 0.0.0.0 4.0.0.0 3 name floating-default-to-level3
ip route 0.0.0.0 0.0.0.0 128.15.0.0 4 name floating-default-to-llnl
ip route 0.0.0.0 0.0.0.0 132.249.0.0 5 name floating-default-to-sdsc
ip route 0.0.0.0 0.0.0.0 194.226.64.0 6 name floating-default-to-rosniiros
ip route 0.0.0.0 255.0.0.0 Null0 name martians-route
ip route 127.0.0.0 255.0.0.0 Null0 name martians-route
ip route 194.22.8.0 255.255.255.0 Null0 tag 609 name aggregate-to-bgp
ip route 212.188.45.204 255.255.255.255 77.66.207.221 name to-ebgp-peer-mts
ip route 217.79.225.8 255.255.255.255 77.66.206.97 name mikhail-emergancy
ip ssh version 2
!
ip community-list standard type-aggregate permit 609
!
ip access-list extended ACL_WIFI_TO_EXT
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip any any
ip access-list extended border-filter-in
ip access-list extended from_2ndISP
 permit ip any host 193.242.149.83
ip access-list extended to-inet
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.0.0.0 0.240.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 deny   ip any 194.22.8.0 0.0.0.255
 permit ip any any
ip access-list extended vlan100-out
 permit ip 192.168.0.0 0.0.255.255 any
 permit ip 10.0.0.0 0.255.255.255 any
 permit ip 172.16.0.0 0.15.255.255 any
 permit tcp any host 192.168.210.78 eq www
!
!
ip prefix-list allocated-blocks description -- registered address blocks
ip prefix-list allocated-blocks seq 10 deny 194.22.8.0/24 le 32
!
ip prefix-list default-networks description networks we use to point default to
ip prefix-list default-networks seq 10 permit 18.0.0.0/8
ip prefix-list default-networks seq 20 permit 4.0.0.0/8
ip prefix-list default-networks seq 30 permit 128.15.0.0/16
ip prefix-list default-networks seq 40 permit 132.249.0.0/16
ip prefix-list default-networks seq 50 permit 194.226.64.0/20
!
ip prefix-list martians description RFC3330 martians nets
ip prefix-list martians seq 5 permit 0.0.0.0/8 le 32
ip prefix-list martians seq 10 permit 10.0.0.0/8 le 32
ip prefix-list martians seq 15 permit 127.0.0.0/8 le 32
ip prefix-list martians seq 20 permit 169.254.0.0/16 le 32
ip prefix-list martians seq 25 permit 172.16.0.0/12 le 32
ip prefix-list martians seq 30 permit 192.0.2.0/24 le 32
ip prefix-list martians seq 35 permit 192.42.172.0/24 le 32
ip prefix-list martians seq 40 permit 192.88.99.0/24 le 32
ip prefix-list martians seq 45 permit 192.168.0.0/16 le 32
ip prefix-list martians seq 50 permit 198.18.0.0/15 le 32
ip prefix-list martians seq 55 permit 224.0.0.0/4 le 32
ip prefix-list martians seq 60 permit 240.0.0.0/4 le 32
ip sla 75
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1.134
 frequency 10
ip sla schedule 75 life forever start-time now
ip sla 88
 icmp-echo 192.168.211.1 source-interface GigabitEthernet0/0/1.100
 frequency 10
ip sla schedule 88 life forever start-time now
ip sla 99
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1.101
 frequency 10
ip sla schedule 99 life forever start-time now
ip sla 207
 icmp-echo 10.3.1.2 source-interface Tunnel3
 frequency 10
ip sla schedule 207 life forever start-time now
ip sla 208
 icmp-echo 10.2.2.2 source-interface GigabitEthernet0/0/1.138
 frequency 10
ip sla schedule 208 life forever start-time now
access-list 25 permit 192.168.208.0 0.0.3.255
access-list 25 permit 192.168.100.0 0.0.0.127
access-list 25 permit 10.100.100.0 0.0.0.255
access-list 25 permit 10.10.10.0 0.0.0.255
access-list 25 permit 10.11.11.0 0.0.0.255
access-list 25 permit 10.200.200.0 0.0.0.255
access-list 25 permit 10.111.111.0 0.0.0.3
access-list 25 permit 192.168.52.0 0.0.1.255
access-list 26 permit 192.168.211.10
access-list 26 permit 192.168.211.13
access-list 28 permit any
access-list 33 permit 10.100.100.0 0.0.0.255
access-list 34 permit 192.168.210.252
access-list 34 permit 192.168.209.98
access-list 77 permit 192.168.209.245
access-list 78 permit 192.168.208.250
access-list 78 permit 192.168.208.237
access-list 78 permit 192.168.210.85
access-list 79 permit 192.168.208.250
access-list 79 permit 192.168.210.102
access-list 80 permit 192.168.210.96
access-list 88 deny   192.168.208.250
access-list 88 deny   192.168.209.245
access-list 88 deny   192.168.210.96
access-list 88 deny   192.168.210.102
access-list 88 permit 10.2.1.0 0.0.0.255
access-list 88 permit 10.2.2.0 0.0.0.255
access-list 88 permit 10.1.1.0 0.0.0.255
access-list 88 permit 10.1.2.0 0.0.0.255
access-list 88 permit 10.3.1.0 0.0.0.255
access-list 88 permit 10.3.2.0 0.0.0.255
access-list 88 permit 10.3.3.0 0.0.0.255
access-list 88 permit 10.10.10.0 0.0.0.255
access-list 88 permit 10.100.100.0 0.0.0.255
access-list 88 permit 10.200.200.0 0.0.0.255
access-list 88 permit 10.200.201.0 0.0.0.255
access-list 88 permit 192.168.10.0 0.0.0.255
access-list 88 permit 192.168.20.0 0.0.0.255
access-list 88 permit 192.168.100.0 0.0.0.127
access-list 88 permit 192.168.203.0 0.0.0.255
access-list 88 permit 192.168.205.0 0.0.0.255
access-list 88 permit 192.168.206.0 0.0.0.255
access-list 88 permit 192.168.207.0 0.0.0.255
access-list 88 permit 192.168.208.0 0.0.3.255
access-list 88 permit 192.168.212.0 0.0.3.255
access-list 88 permit 192.168.216.0 0.0.3.255
access-list 88 permit 192.168.220.0 0.0.3.255
access-list 88 permit 192.168.224.0 0.0.3.255
access-list 88 permit 192.168.232.0 0.0.3.255
access-list 88 permit 192.168.236.0 0.0.3.255
access-list 88 permit 192.168.240.0 0.0.3.255
access-list 88 permit 192.168.244.0 0.0.0.255
access-list 88 permit 10.11.11.0 0.0.0.255
access-list 88 permit 192.168.48.0 0.0.1.255
access-list 88 permit 192.168.50.0 0.0.0.255
access-list 88 permit 192.168.52.0 0.0.1.255
access-list 88 permit 193.242.149.0 0.0.0.255
access-list 88 permit 192.168.155.0 0.0.0.255
access-list 88 permit 192.168.156.0 0.0.0.255
access-list 88 permit 192.168.157.0 0.0.0.255
access-list 177 deny   ip 192.168.237.0 0.0.0.255 any
access-list 177 deny   ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.1.1.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.1.2.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.2.1.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.2.2.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.3.1.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.3.2.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.3.3.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.5.5.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.11.11.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.100.100.0 0.0.0.255
access-list 177 deny   ip 192.168.0.0 0.0.255.255 10.200.200.0 0.0.0.255
access-list 177 permit ip 192.168.0.0 0.0.255.255 any
access-list 178 deny   ip host 192.168.208.28 any
access-list 178 deny   ip host 192.168.210.102 any
access-list 178 deny   ip 192.168.48.0 0.0.1.255 any
access-list 178 deny   ip 192.168.50.0 0.0.0.255 any
access-list 178 deny   ip 192.168.52.0 0.0.1.255 any
access-list 178 deny   ip 192.168.208.0 0.0.3.255 192.168.0.0 0.0.255.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.1.1.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.1.2.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.2.1.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.2.2.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.3.1.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.3.2.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.3.3.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.5.5.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.11.11.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.100.100.0 0.0.0.255
access-list 178 deny   ip 192.168.208.0 0.0.3.255 10.200.200.0 0.0.0.255
access-list 178 deny   ip 192.168.203.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 178 deny   ip 192.168.203.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 178 deny   ip 192.168.203.0 0.0.0.255 10.11.11.0 0.0.0.255
access-list 178 deny   ip 192.168.203.0 0.0.0.255 10.100.100.0 0.0.0.255
access-list 178 deny   ip 192.168.203.0 0.0.0.255 10.200.200.0 0.0.0.255
access-list 178 deny   ip 192.168.206.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 178 deny   ip 192.168.206.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 178 deny   ip 192.168.206.0 0.0.0.255 10.11.11.0 0.0.0.255
access-list 178 deny   ip 192.168.206.0 0.0.0.255 10.100.100.0 0.0.0.255
access-list 178 deny   ip 192.168.207.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 178 deny   ip 192.168.207.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 178 deny   ip 192.168.207.0 0.0.0.255 10.11.11.0 0.0.0.255
access-list 178 deny   ip 192.168.207.0 0.0.0.255 10.100.100.0 0.0.0.255
access-list 178 deny   ip 192.168.207.0 0.0.0.255 10.200.200.0 0.0.0.255
access-list 178 deny   ip 192.168.100.0 0.0.0.127 any
access-list 178 deny   ip host 192.168.208.78 any
access-list 178 deny   ip host 192.168.210.78 any
access-list 178 deny   ip host 192.168.208.118 any
access-list 178 deny   ip host 192.168.208.175 any
access-list 178 deny   ip host 192.168.208.233 any
access-list 178 deny   ip host 192.168.209.79 any
access-list 178 deny   ip host 192.168.209.98 any
access-list 178 deny   ip host 192.168.208.215 any
access-list 178 deny   ip host 192.168.209.201 any
access-list 178 deny   ip host 192.168.209.211 any
access-list 178 deny   ip host 192.168.210.250 any
access-list 178 deny   ip host 192.168.210.252 any
access-list 178 deny   ip host 192.168.211.1 any
access-list 178 deny   ip host 192.168.211.10 any
access-list 178 deny   ip host 192.168.211.12 any
access-list 178 deny   ip host 192.168.211.13 any
access-list 178 deny   ip host 192.168.208.168 any
access-list 178 deny   ip host 192.168.208.156 any
access-list 178 deny   ip host 192.168.208.124 any
access-list 178 deny   ip host 192.168.209.245 any
access-list 178 deny   ip host 192.168.209.20 any
access-list 178 deny   ip host 192.168.208.61 any
access-list 178 deny   ip host 192.168.211.216 any
access-list 178 deny   ip host 192.168.209.57 any
access-list 178 deny   ip host 192.168.210.189 any
access-list 178 deny   ip host 192.168.208.209 any
access-list 178 deny   ip host 192.168.208.80 any
access-list 178 deny   ip host 192.168.210.85 any
access-list 178 deny   ip host 192.168.208.237 any
access-list 178 deny   ip host 192.168.209.26 any
access-list 178 deny   ip host 192.168.210.55 any
access-list 178 deny   ip host 192.168.210.171 any
access-list 178 deny   ip host 192.168.208.250 any
access-list 178 permit ip 192.168.203.0 0.0.0.255 any
access-list 178 permit ip 192.168.205.0 0.0.0.255 any
access-list 178 permit ip 192.168.206.0 0.0.0.255 any
access-list 178 permit ip 192.168.207.0 0.0.0.255 any
access-list 178 permit ip 192.168.208.0 0.0.3.255 any
!
route-map dynamic-nat-mail permit 10
 match ip address 77
!
route-map ISP1-NAT permit 10
 match ip address 88
!
route-map ISP2-NAT permit 10
 match ip address 88
!
route-map aggregate-to-bgp permit 10
 set local-preference 1000
 set origin igp
 set community 609
!
route-map dynamic-nat-vtaskmob permit 10
 match ip address 78
!
route-map dynamic-nat permit 10
 match ip address 88
!
route-map 115 permit 10
 match ip address 115
 set ip next-hop verify-availability 193.242.149.1 10 track 75
 set ip next-hop verify-availability 77.66.206.97 20 track 99
!
route-map from_2ndISP permit 10
 match ip address from_2ndISP
!
route-map vpdnip_ospf permit 10
 match ip address 33
!
route-map from_RO_LAN permit 10
 match ip address 177
 set ip next-hop verify-availability 192.168.211.1 10 track 88
!
route-map uAS8359-export permit 10
 description -- advertise only my AS prefixes
 match community type-aggregate
!
route-map gre_fil permit 10
 match ip address 27
!
route-map gre_fil permit 20
 match policy-list 28
!
route-map dynamic-nat-mail-TALE permit 10
 match ip address 79
!
route-map uAS8359-import deny 20
 description -- filter martians, default and our own prefixes
 match ip address prefix-list martians allocated-blocks
!
route-map uAS8359-import permit 100
 match ip address prefix-list default-networks
 set local-preference 200
 set community 626
!
route-map uAS8359-import permit 200
 set local-preference 100
 set community 626
!
route-map dynamic-nat-yt-TALE permit 10
 match ip address 80
!
route-map from_GK_LAN permit 10
 match ip address 178
 set ip next-hop verify-availability 192.168.211.1 10 track 88
!
route-map uAS58322-import deny 20
 description -- filter martians, default and our own prefixes
 match ip address prefix-list martians allocated-blocks
!
route-map uAS58322-import permit 100
 match ip address prefix-list default-networks
 set local-preference 200
 set community 626
!
route-map uAS58322-import permit 200
 set local-preference 100
 set community 626
!
route-map uAS58322-export permit 10
 description -- advertise only my AS prefixes
 match community type-aggregate
!
route-map static-to-bgp permit 10
 match tag 609
 set local-preference 1000
 set origin igp
 set community 609
!

Ответить | Правка | Cообщить модератору

Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "Некорректная работа сервера клиентского доступа PPTP"  +/
Сообщение от Andrey (??) on 08-Фев-16, 22:06 
>[оверквотинг удален]
>  description -- advertise only my AS prefixes
>  match community type-aggregate
> !
> route-map static-to-bgp permit 10
>  match tag 609
>  set local-preference 1000
>  set origin igp
>  set community 609
> !
>

А в филиалах IP клиентских VPN прилетают по OSPF?

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

2. "Некорректная работа сервера клиентского доступа PPTP"  +/
Сообщение от retrooo_7 (ok) on 09-Фев-16, 08:52 

> А в филиалах IP клиентских VPN прилетают по OSPF?

Да прилетают

Ответить | Правка | ^ к родителю #1 | Наверх | Cообщить модератору

3. "Некорректная работа сервера клиентского доступа PPTP"  +/
Сообщение от retrooo_7 (ok) on 10-Фев-16, 10:31 

>> А в филиалах IP клиентских VPN прилетают по OSPF?
> Да прилетают

Тема закрыта, техподдержка циски ответила, на новых IOS полноценную поддержку pptp выпилили, поэтому и не работает

Ответить | Правка | ^ к родителю #2 | Наверх | Cообщить модератору

4. "Некорректная работа сервера клиентского доступа PPTP"  +/
Сообщение от ShyLion (ok) on 11-Фев-16, 12:53 
>>> А в филиалах IP клиентских VPN прилетают по OSPF?
>> Да прилетают
> Тема закрыта, техподдержка циски ответила, на новых IOS полноценную поддержку pptp выпилили,
> поэтому и не работает

Всмысле "выпилили" ? Клиента выпилии?

Ответить | Правка | ^ к родителю #3 | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру