Здравствуйте!
Пытаюсь поднять VPN сервер для удаленного доступа в локальную сеть.!
version 16.3
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname c4331
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.16.03.06.SPA.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
aaa new-model
!
aaa group server radius ACCESS
server name ke-a0
!
aaa authentication login default local
aaa authentication ppp default group ACCESS
aaa authorization network default group ACCESS
!
aaa session-id common
clock timezone MSK 4 0
clock calendar-valid
!
subscriber templating
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
license udi pid ISR4331/K9 sn FDO21481TU3
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
redundancy
mode none
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key Zaq12wsx address 0.0.0.0 no-xauth
crypto isakmp keepalive 3600
!
crypto ipsec transform-set L2TP-TRSET esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map DYN-L2TP-MAP 10
set nat demux
set transform-set L2TP-TRSET
reverse-route
!
crypto map L2TP-MAP 10 ipsec-isakmp dynamic DYN-L2TP-MAP
!
interface Loopback1
ip address 192.168.119.1 255.255.255.0
!
interface GigabitEthernet0/0/0
description WAN
ip address xx.xx.xx.195 255.255.255.240
ip nat outside
negotiation auto
crypto map L2TP-MAP
!
interface GigabitEthernet0/0/1
description LAN
ip address 192.168.125.2 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.125.1 255.255.255.0
negotiation auto
!
interface Virtual-Template1
ip unnumbered Loopback1
ip nat inside
peer default ip address pool PPTP_POOL
no keepalive
ppp encrypt mppe 128
ppp authentication ms-chap-v2
ppp ipcp dns 192.168.125.231
!
ip local pool PPTP_POOL 192.168.119.10 192.168.119.99
ip nat inside source list 100 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.193
!
access-list 100 permit ip 192.168.125.0 0.0.0.255 any
access-list 100 permit ip 192.168.119.0 0.0.0.255 any
!
radius server ke-a0
address ipv4 192.168.125.65 auth-port 1812 acct-port 1813
key 7 0735205D1F5B0E160F
!
control-plane
!
ntp server 192.168.125.231
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
end
Клиенты успешно подключаются, получают ip, но ни ЛС, ни внутренний интерфейс циски не пингуются. В локалке в качестве шлюза другой роутер, но путь к 192.168.119.0 он знает. Подскажите, в какую сторону смотреть.
Спасибо.