>> дело на 100% в конфиге
>
>ну и?
>долго ждать, пока конфигу выложишь? Building configuration...
Current configuration : 6531 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
aaa authorization network sdm_vpn_group_ml_3 local
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-2459858122
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2459858122
revocation-check none
rsakeypair TP-self-signed-2459858122
!
!
crypto pki certificate chain TP-self-signed-2459858122
certificate self-signed 01
---------------------KRIPTO KEY---------------------
quit
dot11 syslog
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip cef
ip domain name yourdomain.com
ip name-server 181.126.129.115
ip name-server 181.126.132.116
!
!
!
username --user-- privilege 15 secret 5 --pwl--
username --usrer1-- secret 5 --pwl--
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 5
group 2
crypto isakmp key --user-- address 185.x.x.x
!
crypto isakmp client configuration group --user--
key --user--
crypto isakmp profile sdm-ike-profile-1
match identity group --user--
client authentication list sdm_vpn_xauth_ml_3
isakmp authorization list sdm_vpn_group_ml_3
client configuration address respond
virtual-template 4
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA3
set isakmp-profile sdm-ike-profile-1
!
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-LAN$
ip address 181.x.x.x 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Virtual-Template4 type tunnel
ip unnumbered FastEthernet4
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 181.x.x.x
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 183.x.x.x
ip route 10.10.10.0 255.255.255.0 Vlan1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source list 175 interface FastEthernet4 overload
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
ip access-list extended nonat
remark SDM_ACL Category=18
permit ip host 10.10.10.2 any
permit ip host 10.10.10.3 any
permit ip host 10.10.10.4 any
permit ip host 10.10.10.5 any
permit ip host 10.10.10.6 any
permit ip host 10.10.10.7 any
permit ip host 10.10.10.8 any
permit ip host 10.10.10.9 any
permit ip host 10.10.10.10 any
permit ip host 10.10.10.11 any
permit ip host 10.10.10.12 any
!
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip host 10.10.10.0 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.10.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 175 permit ip 10.10.10.0 0.0.0.255 any
access-list 175 deny ip 10.10.1.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 175 permit ip 10.10.1.0 0.0.0.255 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address nonat
!
!
control-plane
!
banner login ^CCC
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use
.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
end