Уважаемые!
Помогите разобраться и понять в чем фикус!
есть cisco 2511. необходимо было на одном интерфейче реализовать внешнюю и локальную сеть (не спрашивайте почему :( ). поднять vpdn, нат.
всё работает нормально, всё пингуется
конфиг ниже:
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
logging buffered 8192 debugging
no logging console
no logging monitor
aaa new-model
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
!
ip subnet-zero
ip name-server 63.213.32.130
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0 secondary
ip address 63.213.38.1 255.255.255.248
ip nat outside
!
interface Virtual-Template1
ip address negotiated
ip nat inside
peer default ip address pool VPDN_POOL
ppp authentication pap
!
interface Group-Async1
ip address negotiated
ip nat inside
encapsulation ppp
async mode dedicated
peer default ip address pool MODEMS_POOL
ppp authentication pap
group-range 1 16
!
ip local pool MODEMS_POOL 10.0.1.1 10.0.1.16
ip local pool VPDN_POOL 10.0.2.1 10.0.2.10
ip nat inside source list 2 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 63.213.38.6 10
ip route 63.213.32.130 255.255.255.255 63.213.38.6
ip route 63.213.37.62 255.255.255.255 63.213.38.6
ip route 82.222.112.1 255.255.255.255 63.213.38.6
no ip http server
!
logging trap debugging
logging 63.213.37.62
access-list 1 permit 63.213.38.5
access-list 1 permit 63.213.37.62
access-list 2 permit 10.0.2.0 0.0.0.255
access-list 2 permit 10.0.1.0 0.0.0.255
access-list 2 permit 10.0.0.0 0.0.0.255
snmp-server community SNMP_PRIVATE RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server host 63.213.38.5 SNMP_PRIVATE udp-port 161
snmp-server host 63.213.38.5 version 2c SNMP_PRIVATE snmp
radius-server host 63.213.38.5 auth-port 1812 acct-port 1813
radius-server retransmit 5
radius-server timeout 10
!
line con 0
line 1 16
flush-at-activation
modem Dialin
stopbits 1
speed 38400
flowcontrol hardware
line aux 0
line vty 0 4
session-timeout 30
access-class 1 in
!
ntp clock-period 17179874
ntp server 85.88.160.132
end
но вот потребовалось подцепиться на другию киску через tunnel, и нат дал дуба :(
ничего не пингуется (кроме локального интерфеса конечно)
помогите понять что я сделал не правильно натом...
конфиг ниже:
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
logging buffered 8192 debugging
no logging console
no logging monitor
aaa new-model
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization exec default group radius if-authenticated
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
!
ip subnet-zero
ip name-server 63.213.32.130
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
!
interface Tunnel0
ip address 82.222.112.138 255.255.255.252
ip nat outside
tunnel source 63.213.38.1
tunnel destination 82.222.112.1
tunnel key 893245368914
!
interface Ethernet0
ip address 10.0.0.1 255.255.255.0 secondary
ip address 63.213.38.1 255.255.255.248
!
interface Virtual-Template1
ip address negotiated
ip nat inside
peer default ip address pool VPDN_POOL
ppp authentication pap
!
interface Group-Async1
ip address negotiated
ip nat inside
encapsulation ppp
async mode dedicated
peer default ip address pool MODEMS_POOL
ppp authentication pap
group-range 1 16
!
ip local pool MODEMS_POOL 10.0.1.1 10.0.1.16
ip local pool VPDN_POOL 10.0.2.1 10.0.2.10
ip nat inside source list 2 interface Tunnel0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 82.222.112.137
ip route 0.0.0.0 0.0.0.0 63.213.38.6 10
ip route 63.213.32.130 255.255.255.255 63.213.38.6
ip route 63.213.37.62 255.255.255.255 63.213.38.6
ip route 82.222.112.1 255.255.255.255 63.213.38.6
no ip http server
!
logging trap debugging
logging 63.213.37.62
access-list 1 permit 63.213.38.5
access-list 1 permit 63.213.37.62
access-list 2 permit 10.0.2.0 0.0.0.255
access-list 2 permit 10.0.1.0 0.0.0.255
access-list 2 permit 10.0.0.0 0.0.0.255
snmp-server community SNMP_PRIVATE RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server host 63.213.38.5 SNMP_PRIVATE udp-port 161
snmp-server host 63.213.38.5 version 2c SNMP_PRIVATE snmp
radius-server host 63.213.38.5 auth-port 1812 acct-port 1813
radius-server retransmit 5
radius-server timeout 10
!
line con 0
line 1 16
flush-at-activation
modem Dialin
stopbits 1
speed 38400
flowcontrol hardware
line aux 0
line vty 0 4
session-timeout 30
access-class 1 in
!
ntp clock-period 17179874
ntp server 85.88.160.132
end