Приветствую всех. Появилась такая проблема: когда захожу с помощью VPN CLient всё прекрастно прохожу авторизацию получаю IP и тд, но мне интерестно как должен быть настроен NAT ? У меня пропадает инет после соединения с VPN Server. Building configuration...
Current configuration : 4371 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ********
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$.9jC$rt57arEr0AOXIaUxuWRVM1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpnclient local
aaa authorization exec default local
aaa authorization network localgroup local
!
aaa session-id common
!
resource policy
!
clock timezone GMT 4
ip subnet-zero
!
!
ip cef
!
!
ip domain name ************
ip name-server ************
ip name-server ************
ip name-server ************
ip ssh version 2
!
!
!
crypto pki trustpoint TP-self-signed-1776375945
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1776375945
revocation-check none
rsakeypair TP-self-signed-1776375945
!
!
crypto pki certificate chain TP-self-signed-1776375945
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373736 33373539 3435301E 170D3130 30363139 31303132
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37373633
37353934 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C90D B3343EAE 4D320518 3B75A3F4 2D3BF1CE 6E172071 436ADCAD 1B643BAF
37E9BB08 B4956997 E659CA95 80456494 78069AC7 4923C8A5 EBE5437D 22AB0B1A
00F00D54 08552A79 86652DE2 719E9B04 812DB238 727EDD9C AE95F89C 4B30F24E
4E9F230B 06F32995 6E52989A 0978C002 574197F9 0861C369 F1B40EFD F8A0BE05
5E130203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 1947656F 53746174 2E737461 74697374 6963732E 676F762E
6765301F 0603551D 23041830 16801495 46A213DF F5E7970C 9D89184C 5AFEE807
511AD630 1D060355 1D0E0416 04149546 A213DFF5 E7970C9D 89184C5A FEE80751
1AD6300D 06092A86 4886F70D 01010405 00038181 002D4CC7 217D199D 082FE911
8C418620 6C03FF09 84F84483 15297AF0 5A322D65 7FD1F884 ADC0308C E256E442
F87F7810 B5DCB875 1BA1FB96 2AE8FF5C EF5801EE 7C01A4AD 6A99C796 59FC3962
9F1F34AA 8EF04C8F C99D359D 3F76A279 64E36B88 90962A35 3A911E54 1ED0697D
598C380C 65228C22 1A121A28 CAAFCDD5 E851795D F4
quit
username **** privilege 15 password 7 *************
username **** privilege 15 secret 5 ***************
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp keepalive 20 3
!
crypto isakmp client configuration group GEOSTAT
key asd890-=
dns ************ ************
domain *************
pool VPN_POOL
!
!
crypto ipsec transform-set clienttransform esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set clienttransform
!
!
crypto map mymap client authentication list vpnclient
crypto map mymap isakmp authorization list localgroup
crypto map mymap client configuration address respond
crypto map mymap 1000 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
description LINK TO WANEX$ETH-WAN$
ip address ************ *************
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
crypto map mymap
!
interface FastEthernet0/1
description INTERLAN$ETH-LAN$
ip address 172.17.0.2 255.255.0.0
ip access-group 10 in
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
ip local pool VPN_POOL 172.17.100.0 172.17.200.100
ip classless
ip route 0.0.0.0 0.0.0.0 *************
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 172.17.0.144 9996
!
ip http server
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 172.17.0.237 21 *********** 21 extendable
ip nat inside source static tcp 172.17.0.18 3000 *********** 3000 extendable
ip dns server
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 172.17.0.0 0.0.255.255
!
!
control-plane
!
!
banner motd ^C
**************************
DO NOT LOGIN HERE!!!!!!!!!
**************************
^C
!
line con 0
password 7 ************
line aux 0
line vty 0 4
exec-timeout 30 0
password 7 ***************
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
!
end