forum.opennet.ru

Составление сообщения

Исходное сообщение

"ipsec"
Отправлено lam, 05-Дек-05 19:20

Доброго дня!
Помогите ламеру настроить IPSec! Isakmp отрабатывает нормально, но тунел не поднимается! Схема подключения: cisco 837--dslam--cisco2811
837:
Current configuration : 3292 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco837
!
security authentication failure rate 3 log
logging buffered 51200 warnings
enable secret 5 $1$eK9i$4difxUHYck70ZwSmz14vv1
!
username admin privilege 15 password 7 xxxx
aaa new-model
!
!
aaa authentication login default local
aaa authentication login pad none
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization exec pad none
aaa session-id common
ip subnet-zero
no ip source-route
no ip domain lookup
ip domain name yourdomain.com
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group pppoe
request-dialin
  protocol pppoe
!
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 0 1234567890 address 10.2.26.130
crypto isakmp keepalive 40
!
!
crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map pib 10 ipsec-isakmp
set peer 10.2.26.130
set transform-set ESP_3DES_MD5
set pfs group2
match address VPN
!
!
!
!
interface Loopback10
ip address 8.8.8.1 255.255.255.0
!
interface Null0
no ip unreachables
!
interface Ethernet0
ip address 10.2.26.1 255.255.255.128
ip nat inside
ip route-cache flow
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 1/82
  encapsulation aal5snap
  pppoe-client dial-pool-number 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
mtu 1492
ip address 10.2.26.132 255.255.255.128
ip nat outside
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname rrrr
ppp chap password 7 rfgfgfg
crypto map pib
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.0.0.0 255.0.0.0 10.2.26.130
ip http server
ip http access-class 2
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip access-list extended VPN
permit ip 10.2.26.0 0.0.0.127 10.0.0.0 0.255.255.255
permit ip 10.2.26.0 0.0.0.127 192.168.0.0 0.0.255.255
access-list 101 permit ip 10.2.26.0 0.0.0.127 10.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit
no cdp run
!
line con 0
exec-timeout 0 0
no modem enable
line aux 0
line vty 0 4
access-class 100 in
privilege level 15
transport input telnet
!
scheduler max-task-time 5000
!
end
2811:
odessa-2811#sh run
Building configuration...
Current configuration : 5144 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname odessa-2811
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.123-11.T3.bin
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$sEar$GHCO6hRStQjP23sEAVf6q/
!
username tobo15 password 7xxxxxxxxxxxx
aaa new-model
!
!
aaa authentication login default local-case
aaa authentication login pad none
aaa authentication enable default enable
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization exec pad none
aaa session-id common
ip subnet-zero
!
!
ip cef
!
!
no ip domain lookup
ip domain name upaa.od.pib.com.ua
ip ssh source-interface FastEthernet0/0
ip ips po max-events 100
vpdn enable
!
vpdn-group pppoe
accept-dialin
  protocol pppoe
  virtual-template 1
!
ipx routing 0013.c399.97e8
no ftp-server write-enable
!
x25 routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 01234567890 address 10.2.26.132
crypto isakmp keepalive 40
!
!
crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec df-bit clear
!
!
crypto map toboADSL 20 ipsec-isakmp
set peer 10.2.26.132
set transform-set ESP_3DES_MD5
set pfs group2
match address VPN_TOBOADSL
!
!
!
!
interface Loopback0
ip address 200.0.0.1 255.255.255.255
!
interface Loopback10
ip address 10.2.29.1 255.255.255.128
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
ip address 10.2.0.173 255.255.254.0
duplex auto
speed auto
ipx network 5
!
interface FastEthernet0/1
ip address 10.2.100.1 255.255.255.128
duplex auto
speed auto
!
interface FastEthernet0/0/0
switchport access vlan 2
no ip address
!
interface FastEthernet0/0/1
switchport access vlan 3
no ip address
!
interface FastEthernet0/0/2
switchport access vlan 4
no ip address
shutdown
!
interface FastEthernet0/0/3
switchport access vlan 5
no ip address
shutdown
!
interface Virtual-Template1
ip unnumbered Vlan3
ip nat inside
ip virtual-reassembly
no peer default ip address
ppp authentication chap
!
interface Vlan1
no ip address
!
interface Vlan3
ip address 10.2.26.130 255.255.255.128
ip nat outside
ip virtual-reassembly
pppoe enable
pppoe-client dial-pool-number 1
crypto map toboADSL
!
interface Vlan4
no ip address
!
interface Vlan5
no ip address
!
router rip
version 2
redistribute static
network 10.0.0.0
!
ip classless
ip route 10.2.26.0 255.255.255.128 10.2.26.132
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source route-map nonat interface Virtual-Template1 overload
!
ip access-list extended VPN
ip access-list extended VPN_TOBOADSL
permit ip 10.0.0.0 0.255.255.255 10.2.26.0 0.0.0.127
permit ip 192.168.0.0 0.0.255.255 10.2.26.0 0.0.0.127
permit ip 10.0.0.0 0.255.255.255 10.2.29.0 0.0.0.127
permit ip any 10.2.26.0 0.0.0.127
!
!
!
!
!
!
!
!
control-plane
Буду благодарен за любую инфу, ссылки!

Исходное сообщение
"ipsec" Отправлено lam, 05-Дек-05 19:20
Доброго дня! Помогите ламеру настроить IPSec! Isakmp отрабатывает нормально, но тунел не поднимается! Схема подключения: cisco 837--dslam--cisco2811 837: Current configuration : 3292 bytes ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname Cisco837 ! security authentication failure rate 3 log logging buffered 51200 warnings enable secret 5 $1$eK9i$4difxUHYck70ZwSmz14vv1 ! username admin privilege 15 password 7 xxxx aaa new-model ! ! aaa authentication login default local aaa authentication login pad none aaa authentication enable default enable aaa authentication ppp default local aaa authorization exec default local aaa authorization exec pad none aaa session-id common ip subnet-zero no ip source-route no ip domain lookup ip domain name yourdomain.com ! ! no ip bootp server ip cef ip audit notify log ip audit po max-events 100 vpdn enable ! vpdn-group pppoe request-dialin protocol pppoe ! no ftp-server write-enable ! ! ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key 0 1234567890 address 10.2.26.130 crypto isakmp keepalive 40 ! ! crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec df-bit clear ! crypto map pib 10 ipsec-isakmp set peer 10.2.26.130 set transform-set ESP_3DES_MD5 set pfs group2 match address VPN ! ! ! ! interface Loopback10 ip address 8.8.8.1 255.255.255.0 ! interface Null0 no ip unreachables ! interface Ethernet0 ip address 10.2.26.1 255.255.255.128 ip nat inside ip route-cache flow no cdp enable hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive pvc 1/82 encapsulation aal5snap pppoe-client dial-pool-number 1 ! dsl operating-mode auto hold-queue 224 in ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address shutdown duplex auto speed auto ! interface FastEthernet3 no ip address shutdown duplex auto speed auto ! interface FastEthernet4 no ip address shutdown duplex auto speed auto ! interface Dialer0 no ip address no cdp enable ! interface Dialer1 mtu 1492 ip address 10.2.26.132 255.255.255.128 ip nat outside encapsulation ppp dialer pool 1 no cdp enable ppp authentication chap callin ppp chap hostname rrrr ppp chap password 7 rfgfgfg crypto map pib ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 10.0.0.0 255.0.0.0 10.2.26.130 ip http server ip http access-class 2 ip http authentication local no ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! ! ip access-list extended VPN permit ip 10.2.26.0 0.0.0.127 10.0.0.0 0.255.255.255 permit ip 10.2.26.0 0.0.0.127 192.168.0.0 0.0.255.255 access-list 101 permit ip 10.2.26.0 0.0.0.127 10.0.0.0 0.255.255.255 dialer-list 1 protocol ip permit no cdp run ! line con 0 exec-timeout 0 0 no modem enable line aux 0 line vty 0 4 access-class 100 in privilege level 15 transport input telnet ! scheduler max-task-time 5000 ! end 2811: odessa-2811#sh run Building configuration... Current configuration : 5144 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname odessa-2811 ! boot-start-marker boot system flash:c2800nm-adventerprisek9-mz.123-11.T3.bin boot-end-marker ! logging buffered 51200 warnings enable secret 5 $1$sEar$GHCO6hRStQjP23sEAVf6q/ ! username tobo15 password 7xxxxxxxxxxxx aaa new-model ! ! aaa authentication login default local-case aaa authentication login pad none aaa authentication enable default enable aaa authentication ppp default local aaa authorization exec default local aaa authorization exec pad none aaa session-id common ip subnet-zero ! ! ip cef ! ! no ip domain lookup ip domain name upaa.od.pib.com.ua ip ssh source-interface FastEthernet0/0 ip ips po max-events 100 vpdn enable ! vpdn-group pppoe accept-dialin protocol pppoe virtual-template 1 ! ipx routing 0013.c399.97e8 no ftp-server write-enable ! x25 routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key 01234567890 address 10.2.26.132 crypto isakmp keepalive 40 ! ! crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec df-bit clear ! ! crypto map toboADSL 20 ipsec-isakmp set peer 10.2.26.132 set transform-set ESP_3DES_MD5 set pfs group2 match address VPN_TOBOADSL ! ! ! ! interface Loopback0 ip address 200.0.0.1 255.255.255.255 ! interface Loopback10 ip address 10.2.29.1 255.255.255.128 ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$ ip address 10.2.0.173 255.255.254.0 duplex auto speed auto ipx network 5 ! interface FastEthernet0/1 ip address 10.2.100.1 255.255.255.128 duplex auto speed auto ! interface FastEthernet0/0/0 switchport access vlan 2 no ip address ! interface FastEthernet0/0/1 switchport access vlan 3 no ip address ! interface FastEthernet0/0/2 switchport access vlan 4 no ip address shutdown ! interface FastEthernet0/0/3 switchport access vlan 5 no ip address shutdown ! interface Virtual-Template1 ip unnumbered Vlan3 ip nat inside ip virtual-reassembly no peer default ip address ppp authentication chap ! interface Vlan1 no ip address ! interface Vlan3 ip address 10.2.26.130 255.255.255.128 ip nat outside ip virtual-reassembly pppoe enable pppoe-client dial-pool-number 1 crypto map toboADSL ! interface Vlan4 no ip address ! interface Vlan5 no ip address ! router rip version 2 redistribute static network 10.0.0.0 ! ip classless ip route 10.2.26.0 255.255.255.128 10.2.26.132 ! ! ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source route-map nonat interface Virtual-Template1 overload ! ip access-list extended VPN ip access-list extended VPN_TOBOADSL permit ip 10.0.0.0 0.255.255.255 10.2.26.0 0.0.0.127 permit ip 192.168.0.0 0.0.255.255 10.2.26.0 0.0.0.127 permit ip 10.0.0.0 0.255.255.255 10.2.29.0 0.0.0.127 permit ip any 10.2.26.0 0.0.0.127 ! ! ! ! ! ! ! ! control-plane Буду благодарен за любую инфу, ссылки!

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, [email protected] (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру