>OK
>покажите sh crypto ipsec sa
>
>
>и как проверяете что трафик в тунеле не ходит? другой админ пытается в мою сеть попасть я в его и пингум в обе стороны - ничего....
nterface: Dialer1
Crypto map tag: depfin, local addr 87.103.179.178
protected vrf: (none)
local ident (addr/mask/prot/port): (172.16.19.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.16.29.0/255.255.255.0/0/0)
current_peer 87.103.179.117 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 47, #pkts decrypt: 47, #pkts verify: 47
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 87.103.179.178, remote crypto endpt.: 87.103.179.117
path mtu 1492, ip mtu 1492
current outbound spi: 0xCC53FCDB(3428056283)
inbound esp sas:
spi: 0x927CEFE(153603838)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: C87X_MBRD:2, crypto map: depfin
sa timing: remaining key lifetime (k/sec): (4454236/2177)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xCC53FCDB(3428056283)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: C87X_MBRD:1, crypto map: depfin
sa timing: remaining key lifetime (k/sec): (4454237/2176)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
interface: Virtual-Access1
Crypto map tag: depfin, local addr 87.103.179.178
protected vrf: (none)
local ident (addr/mask/prot/port): (172.16.19.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.16.29.0/255.255.255.0/0/0)
current_peer 87.103.179.117 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 47, #pkts decrypt: 47, #pkts verify: 47
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 87.103.179.178, remote crypto endpt.: 87.103.179.117
path mtu 1492, ip mtu 1492
current outbound spi: 0xCC53FCDB(3428056283)
inbound esp sas:
spi: 0x927CEFE(153603838)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: C87X_MBRD:2, crypto map: depfin
sa timing: remaining key lifetime (k/sec): (4454236/2173)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xCC53FCDB(3428056283)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: C87X_MBRD:1, crypto map: depfin
sa timing: remaining key lifetime (k/sec): (4454237/2172)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas: