3 / 3 / 0
Регистрация: 29.07.2011
Сообщений: 13
|
|
1 | |
не получается правильно настроить VPN08.10.2011, 07:32. Показов 1845. Ответов 0
Метки нет (Все метки)
Доброе утро!
Ребят у меня есть мост впн п2п оборудование cisco 876 и cisco 887. Со стороны 876 айпи статический, а с 887 динамический. Вроде бы все нормально работает с обеих сторон вижу локальные сети и подключаюсь к серверу, только есть не большая пробрела с достуром в DVR через вебброузер. Пигую вроде все ок а страница не открывается.. фаейвол вроде бы отключен.. посмотрите пожалуйста что не так я настроил.. а то уже замучался спасибо cisco 876 version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Aheloou ! boot-start-marker boot-end-marker ! logging message-counter syslog no logging buffered enable secret 5 $XXXXXXXXXX ! no aaa new-model clock timezone ATHENS 2 clock summer-time ATHENS recurring last Sun Mar 3:00 last Sun Oct 4:00 ! crypto pki trustpoint TP-self-signed-10461806 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-10461806 revocation-check none rsakeypair TP-self-signed-10461806 ! ! crypto pki certificate chain TP-self-signed-10461806 certificate self-signed 01 quit dot11 syslog ip source-route ! ! ! ! ip cef ip name-server 195.170.2.1 ip name-server 195.170.0.2 no ipv6 cef ntp logging ntp master ntp server 155.207.1.8 ! multilink bundle-name authenticated ! ! ! username XXXXXXX privilege 15 secret 5 XXXXXXXX ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key XXXXXXXXX address 83.235.XX.XX crypto isakmp key XXXXXXXX address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA match address 102 ! ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to83.235.XX.XX set peer 83.235.XX.XX set transform-set ESP-3DES-SHA1 match address 103 crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! archive log config hidekeys ! ! ip tcp synwait-time 10 ! ! ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface ATM0 no ip address no atm ilmi-keepalive ! interface ATM0.1 point-to-point pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 switchport access vlan 100 spanning-tree portfast ! interface FastEthernet1 spanning-tree portfast ! interface FastEthernet2 spanning-tree portfast ! interface FastEthernet3 spanning-tree portfast ! interface Vlan1 no ip address no ip redirects no ip proxy-arp ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Vlan100 ip address 192.168.2.1 255.255.255.0 ip access-group ETHERNET_IN in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Dialer0 mtu 1492 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username XXX@XXX.XX password 7 XXXXXXXX crypto map SDM_CMAP_1 ! ip local pool SDM_POOL_1 192.168.2.9 192.168.2.20 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ip http server ip http authentication local ip http secure-server ! ! ip nat inside source static tcp 192.168.2.100 8080 interface Dialer0 8080 ip nat inside source static tcp 192.168.2.100 9000 interface Dialer0 9000 ip nat inside source static tcp 192.168.2.100 9001 interface Dialer0 9001 ip nat inside source static tcp 192.168.2.127 2020 interface Dialer0 8088 ip nat inside source static tcp 192.168.2.100 8888 interface Dialer0 8888 ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ! ip access-list extended ETHERNET_IN deny ip host 255.255.255.255 any deny ip 127.0.0.0 0.255.255.255 any permit ip any any ! access-list 1 permit 192.168.2.0 0.0.0.255 access-list 100 remark What to proccess for NAT access-list 100 remark CCP_ACL Category=16 access-list 100 remark IPSec Rule access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 100 permit ip 192.168.2.0 0.0.0.255 any access-list 100 deny ip any any log access-list 101 remark What to proccess for IPSec access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 102 remark CCP_ACL Category=4 access-list 102 remark IPSec Rule access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 103 remark CCP_ACL Category=4 access-list 103 remark IPSec Rule access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 access-list 199 remark What to process for Telnet access-list 199 permit ip 192.168.2.0 0.0.0.255 any access-list 199 deny ip any any dialer-list 1 protocol ip permit ! ! ! ! route-map SDM_RMAP_1 permit 1 match ip address 100 ! ! control-plane ! ! line con 0 login local no modem enable line aux 0 line vty 0 4 login local transport input all transport output all ! scheduler max-task-time 5000 end cisco 887 version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Myrouter ! boot-start-marker boot-end-marker ! logging buffered 51200 enable secret 5 XXXXXXXX ! no aaa new-model memory-size iomem 10 clock timezone ATHENS 2 clock summer-time ATHENS recurring last Sun Mar 3:00 last Sun Oct 4:00 ! crypto pki trustpoint TP-self-signed-1294242805 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1294242805 revocation-check none rsakeypair TP-self-signed-1294242805 ! ! crypto pki certificate chain TP-self-signed-1294242805 certificate self-signed 01 quit ip source-route ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.50 ip dhcp excluded-address 192.168.1.61 192.168.1.254 ! ip dhcp pool ccp-pool import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 dns-server 195.170.0.1 195.170.2.2 ! ! ip cef ip domain name mydomain.com ip name-server 195.170.0.1 ip name-server 195.170.2.2 no ipv6 cef ! ! ! ! username XXXXXXX privilege 15 secret 5 XXXXXXXXXX ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key XXXXXXXX address 79.129.XX.XX ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to79.129.XX.XX set peer 79.129.XX.XX set transform-set ESP-3DES-SHA1 match address 102 ! ! ! ! ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface ATM0 no ip address no atm ilmi-keepalive ! interface ATM0.1 point-to-point pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface wlan-ap0 description Service module interface to manage the embedded AP ip unnumbered Vlan1 arp timeout 0 ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$ ip address 192.168.1.254 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Dialer0 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username XXX@XXX.XX password 0 XXXXXX no cdp enable crypto map SDM_CMAP_1 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ip route 0.0.0.0 0.0.0.0 Dialer0 ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark CCP_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 23 remark CCP_ACL Category=16 access-list 23 permit 192.168.1.0 0.0.0.255 access-list 100 remark CCP_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 remark CCP_ACL Category=2 access-list 101 remark IPSec Rule access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.1.0 0.0.0.255 any access-list 102 remark CCP_ACL Category=4 access-list 102 remark IPSec Rule access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 dialer-list 1 protocol ip permit no cdp run ! ! ! ! route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! control-plane ! banner login ^CAuthorized Access Only!^C ! line con 0 login local no modem enable line aux 0 line 2 no activation-character no exec transport preferred none transport input all line vty 0 4 privilege level 15 login local transport input telnet ssh transport output telnet ssh ! scheduler max-task-time 5000 ntp update-calendar ntp server 155.207.1.8 prefer source Dialer0 end
0
|
08.10.2011, 07:32 | |
Ответы с готовыми решениями:
0
Не получается настроить VPN на mikrotik Не получается настроить VPN-подключение на роутере Не получается правильно настроить подсеть Как правильно настроить прерывание (Получается заметно медленее, чем loop() |
08.10.2011, 07:32 | |
08.10.2011, 07:32 | |
Помогаю со студенческими работами здесь
1
Как настроить VPN? Как настроить VPN? Настроить vpn на centos 6 Как настроить VPN? Настроить VPN в гостевой машине Как настроить Vpn на дедике? Искать еще темы с ответами Или воспользуйтесь поиском по форуму: |