Добрый день!
Не могу понять почему у меня разные MTU на интерфесах Tunell на маршрутизаторах.Пинги через тунель идут через один!!!
Первый маршрутизатор
interface: Dialer0
Crypto map tag: vpn, local addr. yyy.yyy.yyy.yyyprotected vrf:
local ident (addr/mask/prot/port): (yyy.yyy.yyy.yyy/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (xxx.xxx.xxx.xxx/255.255.255.255/47/0)
current_peer: xxx.xxx.xxx.xxx:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 19, #pkts encrypt: 19, #pkts digest 19
#pkts decaps: 16, #pkts decrypt: 16, #pkts verify 16
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0local crypto endpt.: yyy.yyy.yyy.yyy, remote crypto endpt.: xxx.xxx.xxx.xxx
path mtu 1500, media mtu 1500
current outbound spi: CD6CE629inbound esp sas:
spi: 0x5254EC5A(1381297242)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport, }
slot: 0, conn id: 2000, flow_id: 1, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4392980/3568)
IV size: 8 bytes
replay detection support: Yinbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xCD6CE629(3446466089)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport, }
slot: 0, conn id: 2001, flow_id: 2, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4392980/3568)
IV size: 8 bytes
replay detection support: Youtbound ah sas:
outbound pcp sas:
interface: Virtual-Access2
Crypto map tag: vpn, local addr. yyy.yyy.yyy.yyyprotected vrf:
local ident (addr/mask/prot/port): (yyy.yyy.yyy.yyy/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (xxx.xxx.xxx.xxx/255.255.255.255/47/0)
current_peer: xxx.xxx.xxx.xxx:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 19, #pkts encrypt: 19, #pkts digest 19
#pkts decaps: 16, #pkts decrypt: 16, #pkts verify 16
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0local crypto endpt.: yyy.yyy.yyy.yyy, remote crypto endpt.: xxx.xxx.xxx.xxx
path mtu 1500, media mtu 1500
current outbound spi: CD6CE629inbound esp sas:
spi: 0x5254EC5A(1381297242)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport, }
slot: 0, conn id: 2000, flow_id: 1, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4392980/3568)
IV size: 8 bytes
replay detection support: Yinbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xCD6CE629(3446466089)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport, }
slot: 0, conn id: 2001, flow_id: 2, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4392980/3566)
IV size: 8 bytes
replay detection support: Youtbound ah sas:
outbound pcp sas:
interface: Tunnel0
Crypto map tag: vpn, local addr. yyy.yyy.yyy.yyyprotected vrf:
local ident (addr/mask/prot/port): (yyy.yyy.yyy.yyy/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (xxx.xxx.xxx.xxx/255.255.255.255/47/0)
current_peer: xxx.xxx.xxx.xxx:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 19, #pkts encrypt: 19, #pkts digest 19
#pkts decaps: 16, #pkts decrypt: 16, #pkts verify 16
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0local crypto endpt.: yyy.yyy.yyy.yyy, remote crypto endpt.: xxx.xxx.xxx.xxx
path mtu 1500, media mtu 1500
current outbound spi: CD6CE629inbound esp sas:
spi: 0x5254EC5A(1381297242)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport, }
slot: 0, conn id: 2000, flow_id: 1, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4392980/3562)
IV size: 8 bytes
replay detection support: Yinbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xCD6CE629(3446466089)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport, }
slot: 0, conn id: 2001, flow_id: 2, crypto map: vpn
sa timing: remaining key lifetime (k/sec): (4392980/3562)
IV size: 8 bytes
replay detection support: Youtbound ah sas:
outbound pcp sas:
Второй:
interface: Dialer0
Crypto map tag: vpn, local addr. xxx.xxx.xxx.xxxprotected vrf:
local ident (addr/mask/prot/port): (xxx.xxx.xxx.xxx/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (yyy.yyy.yyy.yyy/255.255.255.255/47/0)
current_peer: yyy.yyy.yyy.yyy:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0local crypto endpt.: xxx.xxx.xxx.xxx, remote crypto endpt.: yyy.yyy.yyy.yyy
path mtu 1476, media mtu 1476
current outbound spi: 0inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
interface: Tunnel0
Crypto map tag: vpn, local addr. xxx.xxx.xxx.xxxprotected vrf:
local ident (addr/mask/prot/port): (xxx.xxx.xxx.xxx/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (yyy.yyy.yyy.yyy/255.255.255.255/47/0)
current_peer: yyy.yyy.yyy.yyy:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0local crypto endpt.: xxx.xxx.xxx.xxx, remote crypto endpt.: yyy.yyy.yyy.yyy
path mtu 1476, media mtu 1476
current outbound spi: 0inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access3
Crypto map tag: vpn, local addr. xxx.xxx.xxx.xxxprotected vrf:
local ident (addr/mask/prot/port): (xxx.xxx.xxx.xxx/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (yyy.yyy.yyy.yyy/255.255.255.255/47/0)
current_peer: yyy.yyy.yyy.yyy:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0local crypto endpt.: xxx.xxx.xxx.xxx, remote crypto endpt.: yyy.yyy.yyy.yyy
path mtu 1476, media mtu 1476
current outbound spi: 0inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
В дагонкуВот схема
LOCAL1 -> Cisco 2651 < Tunnel over ADSL> Cisco 837-> LOCAL 2
Между кошками ADSL На интерфейсе ATM, Tunnel0 и Dialer0 вот что написано
ATM0/0 is up, line protocol is up
Hardware is DSLSAR (with Alcatel ADSL Module)
MTU 4470 bytes, sub MTU 4470, BW 512 Kbit, DLY 1000 usec,
reliability 255/255, txload 4/255, rxload 9/255
Encapsulation ATM, loopback not set
Encapsulation(s): AAL5 AAL2, PVC mode
23 maximum active VCs, 256 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 532
Queueing strategy: Per VC Queueing
5 minute input rate 20000 bits/sec, 11 packets/sec
5 minute output rate 9000 bits/sec, 10 packets/sec
2472356 packets input, 589924058 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
4492965 packets output, 816029506 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.250.1/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source xxx.xxx.xxx.xxx (Dialer0), destination yyy.yyy.yyy.yyy
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
Checksumming of packets disabled, fast tunneling enabled
Last input 00:01:03, output 00:01:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1447 packets input, 164075 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
975 packets output, 105011 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped outDialer0 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is xxx.xxx.xxx.xxx/30
MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Interface is bound to Vi3
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w4d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2472006 packets input, 589882565 bytes
4493288 packets output, 798341192 bytes