[Stak]

Суть такова: на роутере настроен POD , на нём терминируется pptp и ipsec-vpn (easy-vpn). Для pptp POD работает, а вот для ipsec-vpn - нет.

 

Дебаг для pptp:

116544: Jan 15 17:52:52: POD: 192.168.100.242 request queued

116545: Jan 15 17:52:52: ++++++ POD Attribute List ++++++

116546: Jan 15 17:52:52: 492FD594 0 00000009 username(365) 7 user1

116547: Jan 15 17:52:52:

116548: Jan 15 17:52:52: POD: 192.168.100.242 user tim-vpn 0.0.0.0 sessid 0x0 key 0x0

116549: Jan 15 17:52:52: POD: Line User IDB Session Id Key

116550: Jan 15 17:52:52: POD: Skip <NULL> <NULL> 0.0.0.0 0x3 0x0

116551: Jan 15 17:52:52: POD: Skip admin 192.168.40.37 0xCAC3 0x0

116552: Jan 15 17:52:52: POD: KILL Virtual- user1 192.168.111.225 0xCB93 0x0

116553: Jan 15 17:52:52: POD: Sending ACK from port 1700 to 192.168.100.242/32769

 

Дебаг для ipsec-vpn:

116558: Jan 15 17:53:26: POD: 192.168.100.242 request queued

116559: Jan 15 17:53:26: ++++++ POD Attribute List ++++++

116560: Jan 15 17:53:26: 48897554 0 00000009 username(365) 13 mavrichev-vpn

116561: Jan 15 17:53:26:

116562: Jan 15 17:53:26: POD: 192.168.100.242 user user2 0.0.0.0 sessid 0x0 key 0x0

116563: Jan 15 17:53:26: POD: Line User IDB Session Id Key

116564: Jan 15 17:53:26: POD: Skip <NULL> <NULL> 0.0.0.0 0x3 0x0

116565: Jan 15 17:53:26: POD: Skip admin 192.168.40.37 0xCAC3 0x0

116566: Jan 15 17:53:26: POD: Skip <NULL> <NULL> 0.0.0.0 0xCBB4 0x0

116567: Jan 15 17:53:26: POD: KILL <NULL> user2 192.168.111.97 0xCBC4 0x0

116568: Jan 15 17:53:26: POD: KILL <NULL> user2 192.168.111.97 0xCBCF 0x0

116569: Jan 15 17:53:26: POD: Added Reply Message: Session Not Removed

116570: Jan 15 17:53:26: POD: Added NACK Error Cause: Session Context Not Removable

116571: Jan 15 17:53:26: POD: Sending NAK from port 1700 to 192.168.100.242/32769

116572: Jan 15 17:53:26: RADIUS: 18 21 53657373696F6E204E6F742052656D6F766564

116573: Jan 15 17:53:26: RADIUS: 101 6 000001F8

 

Что характерно, для ipsec юзеров почему-то создаётся 2 сессии , а для pptp одна:

IPSEC:

c2821#sh aaa sessions

Total sessions since last reload: 3505

Session Id: 3

Unique Id: 1

User Name: *not available*

IP Address: 0.0.0.0

Idle Time: 0

CT Call Handle: 0

Session Id: 51907

Unique Id: 3229

User Name: admin

IP Address: 192.168.40.37

Idle Time: 0

CT Call Handle: 0

Session Id: 52148

Unique Id: 3244

User Name: *not available*

IP Address: 0.0.0.0

Idle Time: 0

CT Call Handle: 0

Session Id: 52164

Unique Id: 3245

User Name: user2

IP Address: 192.168.111.97

Idle Time: 0

CT Call Handle: 0

Session Id: 52175

Unique Id: 3245

User Name: user2

IP Address: 192.168.111.97

Idle Time: 0

CT Call Handle: 0

 

PPTP:

c2821#sh aaa sessions

Total sessions since last reload: 3501

Session Id: 3

Unique Id: 1

User Name: *not available*

IP Address: 0.0.0.0

Idle Time: 0

CT Call Handle: 0

Session Id: 51907

Unique Id: 3229

User Name: admin

IP Address: 192.168.40.37

Idle Time: 0

CT Call Handle: 0

Session Id: 52115

Unique Id: 3242

User Name: user1

IP Address: 192.168.111.225

Idle Time: 0

CT Call Handle: 0

 

Версия ИОСа c2800nm-adventerprisek9-mz.124-15.T5.bin, POD настроен как:

 

!

aaa server radius dynamic-author

client 192.168.100.242 server-key bla-bla-bla

auth-type any

ignore session-key

!

 

Сталкивался с таким кто-нибудь?