vexor Опубликовано 30 сентября, 2010 · Жалоба Cisco 3725. Конфиг. no aaa new-model ip subnet-zero ip cef ! ! ip name-server 192.168.0.223 ip audit po max-events 100 ! no crypto xauth FastEthernet0/0.30 ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 lifetime 3600 crypto isakmp key testkey address _IP1_ 255.255.255.0 no-xauth crypto isakmp aggressive-mode disable ! ! crypto ipsec transform-set gw5 ah-sha-hmac esp-3des esp-md5-hmac crypto ipsec transform-set aes esp-aes esp-sha-hmac crypto ipsec transform-set 3des esp-3des esp-sha-hmac crypto ipsec transform-set des esp-des no crypto ipsec nat-transparency udp-encaps ! crypto map vpns local-address FastEthernet0/0.30 crypto map vpns 20 ipsec-isakmp description GW5-test set peer _IP1_ set transform-set gw5 aes 3des des set pfs group2 match address 102 reverse-route remote-peer ! ! ! ! interface FastEthernet0/0 no ip address speed auto full-duplex no mop enabled ! interface FastEthernet0/0.10 ! interface FastEthernet0/0.30 encapsulation dot1Q 30 native ip address MYIP 255.255.255.252 ip nat outside crypto map vpns ! interface Serial0/0 no ip address shutdown no fair-queue ! interface FastEthernet0/1 description Office no ip address duplex auto speed auto ! interface FastEthernet0/1.10 encapsulation dot1Q 10 native ip address 192.168.0.252 255.255.255.0 ip nat inside ! ip nat inside source list nat interface FastEthernet0/0.30 overload ip classless ip route 0.0.0.0 0.0.0.0 MYROUTE ! no ip http server no ip http secure-server ! ip access-list extended nat deny ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255 log-input permit ip 192.168.0.0 0.0.0.255 any log-input deny ip any any ! logging trap debugging logging source-interface FastEthernet0/1.10 logging 192.168.0.254 access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.5.0 0.0.0.255 log-input ! end Соединение типа устанавливается ( swan говорит что tunnel established ). При попытке сделать например пинг - пусто. core#show cry is sa dst src state conn-id slot MYIP IP QM_IDLE 102 0 core#sh ip ro Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 217.171.4.221 to network 0.0.0.0 MYNET/30 is subnetted, 1 subnets C MYNET is directly connected, FastEthernet0/0.30 S 192.168.5.0/24 [1/0] via IP IPNET/32 is subnetted, 1 subnets S IP [1/0] via 0.0.0.0, FastEthernet0/0.30 C 192.168.0.0/24 is directly connected, FastEthernet0/1.10 S* 0.0.0.0/0 [1/0] via 217.171.4.221 В чем может быть косяк ? Вставить ник Цитата Ответить с цитированием Поделиться сообщением Ссылка на сообщение Поделиться на других сайтах More sharing options...