core: (c2600-ik9o3s3-mz.122-13.T1.bin)

crypto isakmp policy 20
authentication pre-share
group 2
crypto isakmp key 12345 address 1.1.1.1
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
!
!
crypto map ToFrag local-address FastEthernet0/0
crypto map ToFrag 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set myset
match address 120

interface Tunnel0
ip address 10.1.1.1 255.255.255.0
tunnel source 1.2.1.1
tunnel destination 1.1.1.1
crypto map ToFrag
!

interface FastEthernet0/0
description DMZ LAN
bandwidth 100000
ip address 1.2.1.1 255.255.255.192
ip access-group 103 in
ip access-group 104 out
no ip redirects
no ip unreachables
ip accounting output-packets
ip accounting access-violations
speed auto
half-duplex
no cdp enable
crypto map ToFrag
!
access-list 120 permit gre host 1.2.1.1 host 1.1.1.1
-----------------------------
frag: (c2600-jk8o3s-mz.122-8.T1.bin)

crypto isakmp policy 20
authentication pre-share
group 2
crypto isakmp key 12345 address 1.2.1.1
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto map ToCore local-address FastEthernet0/0
crypto map ToCore 10 ipsec-isakmp
set peer 1.2.1.1
set transform-set myset
match address 120
!
interface Tunnel0
ip address 10.1.1.2 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 1.2.1.1
crypto map ToCore
!
interface FastEthernet0/0
description DMZ
bandwidth 100000
ip address 1.1.1.1 255.255.255.240
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect cbac in
ip audit cbac in
no ip route-cache
no ip mroute-cache
speed 100
full-duplex
no cdp enable
crypto map ToCore
!
access-list 120 permit gre host 1.1.1.1 host 1.2.1.1

---------------------------------------------------------
на core счетчик 120го листа не увеличивается, на frag увеличивается.
deb int tu0
deb cry isakmp
deb cry ipsec
тишина :(

• не работает туннель. Help!, mix, 18:18 , 10-Ноя-03, (1)