Доброго времени суток
cisco 857 c850-advsecurityk9-mz.124-15.T8.binнужно настроить второй PVC для Id-Phone,
interface ATM0.2 point-to-point
description ID-Phone
pvc 0/41
protocol bridge
нагуглил чуток, начал ваять, но завис на том куда повесить статический адрес (я так понял его надо с ATM0.1 убрать) и соответственно привязать тунель.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname r2
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxx
!
no aaa new-model
!
!
dot11 syslog
!
!
ip cef
no ip bootp server
ip domain name xxxxxxxxx
!
!
!
username user privilege 15 password 7 xxxxxxxxxxxxx
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key xxxxxxxxx address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 20 5
!
!
crypto ipsec transform-set r2-r1 esp-des esp-sha-hmac
mode transport
!
crypto map map1 10 ipsec-isakmp
set peer xxxxxxxxxxxx
set transform-set r2-r1
match address 101
!
archive
log config
hidekeys
!
!
ip ssh version 1
!
!
!
interface Tunnel10
ip address 10.1.1.2 255.255.255.0
tunnel source ATM0.1
tunnel destination xxxxxxxxxxx
crypto map map1
!
interface ATM0
no ip address
no snmp trap link-status
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description Inet
mtu 1492
ip address xxx.xxx.xxx.xxx 255.255.255.252 (внешний)
ip access-group From-Internet in
ip access-group From-Local out
ip nat outside
ip virtual-reassembly
atm route-bridged ip
pvc 10/50
protocol bridge
encapsulation aal5snap
!
crypto map map1
!
interface ATM0.2 point-to-point
description ID-Phone
pvc 0/41
protocol bridge
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
no ip address
encapsulation ppp
shutdown
no cdp enable
!
router rip
network 10.0.0.0
network 192.168.1.0
network 192.168.3.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
!
no ip http server
no ip http secure-server
ip nat inside source list NAT interface ATM0.1 overload
!
ip access-list extended From-Internet
deny ip 172.16.0.0 0.15.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip host 0.0.0.0 any
deny ip host 255.255.255.255 any
permit icmp any any
evaluate REF
ip access-list extended From-Local
permit ip any any reflect REF
ip access-list extended NAT
permit ip host 192.168.3.2 any
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 101 permit gre host xxx.xxx.xxx.xxx host xxx.xxx.xxx.xxx
access-list 103 permit ip host 192.168.3.2 any
no cdp run
!
control-plane
!
!
line con 0
password 7 072E036F4F0B1A544541
login
no modem enable
line aux 0
line vty 0 4
login local
transport input ssh
!
scheduler max-task-time 5000
end