forum.opennet.ru

Составление сообщения

Исходное сообщение

"Нет соединений по VPN каналу"
Отправлено SLSit10, 21-Янв-14 10:25

>> sh cry ips sa
>> sh ver
>> ip route есть в нужные подсети?
>> как проверяете что нет соединения?
> И полный конфиг внешних и внутренних интерфейсов
RouterA#
Building configuration...
Current configuration : 2038 bytes
!
! Last configuration change at 13:10:55 UTC Thu Jan 16 2014
! NVRAM config last updated at 13:10:57 UTC Thu Jan 16 2014
! NVRAM config last updated at 13:10:57 UTC Thu Jan 16 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterA
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$1mLF$C4F6G.PgOaWxFybnMFMh11
!
no aaa new-model
!
no ipv6 cef
!
ip cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO1941/K9 sn FGL1714224W
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
!
redundancy
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 10.145.151.61
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
!
crypto map rtp 2 ipsec-isakmp
set peer 10.145.151.61
set transform-set rtpset
match address 102
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.145.10.62 255.255.255.240
ip tcp adjust-mss 1400
duplex auto
speed auto
crypto map rtp
!
interface GigabitEthernet0/1
ip address 192.168.98.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
ip default-gateway 10.145.10.40
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
access-list 102 permit ip 192.168.98.0 0.0.0.255 192.168.99.0 0.0.0.255
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
RouterB#
Building configuration...
Current configuration : 2056 bytes
!
! Last configuration change at 04:46:56 UTC Fri Jan 17 2014
! NVRAM config last updated at 04:48:13 UTC Fri Jan 17 2014
! NVRAM config last updated at 04:48:13 UTC Fri Jan 17 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterB
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 daKYKG/09tp/TYVbvxlDi8/85nzz5u/yaMu4xzSWSiA
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FGL163712DS
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
!
redundancy
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 10.145.10.62
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
!
crypto map rtp 2 ipsec-isakmp
set peer 10.145.10.62
set transform-set rtpset
match address 101
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.145.151.61 255.255.255.0
ip tcp adjust-mss 1400
duplex auto
speed auto
crypto map rtp
!
interface GigabitEthernet0/1
ip address 192.168.99.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
ip default-gateway 10.145.151.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 101 permit ip 192.168.99.0 0.0.0.255 192.168.98.0 0.0.0.255
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Исходное сообщение
"Нет соединений по VPN каналу" Отправлено SLSit10, 21-Янв-14 10:25
>> sh cry ips sa >> sh ver >> ip route есть в нужные подсети? >> как проверяете что нет соединения? > И полный конфиг внешних и внутренних интерфейсов RouterA# Building configuration... Current configuration : 2038 bytes ! ! Last configuration change at 13:10:55 UTC Thu Jan 16 2014 ! NVRAM config last updated at 13:10:57 UTC Thu Jan 16 2014 ! NVRAM config last updated at 13:10:57 UTC Thu Jan 16 2014 version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterA ! boot-start-marker boot-end-marker ! enable secret 5 $1$1mLF$C4F6G.PgOaWxFybnMFMh11 ! no aaa new-model ! no ipv6 cef ! ip cef ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! license udi pid CISCO1941/K9 sn FGL1714224W license boot module c1900 technology-package securityk9 license boot module c1900 technology-package datak9 ! redundancy ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco123 address 10.145.151.61 ! crypto ipsec transform-set rtpset esp-des esp-md5-hmac ! crypto map rtp 2 ipsec-isakmp set peer 10.145.151.61 set transform-set rtpset match address 102 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 10.145.10.62 255.255.255.240 ip tcp adjust-mss 1400 duplex auto speed auto crypto map rtp ! interface GigabitEthernet0/1 ip address 192.168.98.1 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/0/0 no ip address ! interface GigabitEthernet0/0/1 no ip address ! interface GigabitEthernet0/0/2 no ip address ! interface GigabitEthernet0/0/3 no ip address ! interface Vlan1 no ip address ! ip default-gateway 10.145.10.40 ip forward-protocol nd ! no ip http server no ip http secure-server ! access-list 102 permit ip 192.168.98.0 0.0.0.255 192.168.99.0 0.0.0.255 ! control-plane ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 login transport input all ! scheduler allocate 20000 1000 end RouterB# Building configuration... Current configuration : 2056 bytes ! ! Last configuration change at 04:46:56 UTC Fri Jan 17 2014 ! NVRAM config last updated at 04:48:13 UTC Fri Jan 17 2014 ! NVRAM config last updated at 04:48:13 UTC Fri Jan 17 2014 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname RouterB ! boot-start-marker boot-end-marker ! ! enable secret 4 daKYKG/09tp/TYVbvxlDi8/85nzz5u/yaMu4xzSWSiA ! no aaa new-model ! ! no ipv6 cef ip source-route ip cef ! multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! license udi pid CISCO1941/K9 sn FGL163712DS license boot module c1900 technology-package securityk9 license boot module c1900 technology-package datak9 ! redundancy ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco123 address 10.145.10.62 ! crypto ipsec transform-set rtpset esp-des esp-md5-hmac ! crypto map rtp 2 ipsec-isakmp set peer 10.145.10.62 set transform-set rtpset match address 101 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 10.145.151.61 255.255.255.0 ip tcp adjust-mss 1400 duplex auto speed auto crypto map rtp ! interface GigabitEthernet0/1 ip address 192.168.99.1 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/0/0 no ip address ! interface GigabitEthernet0/0/1 no ip address ! interface GigabitEthernet0/0/2 no ip address ! interface GigabitEthernet0/0/3 no ip address ! interface Vlan1 no ip address ! ip default-gateway 10.145.151.1 ip forward-protocol nd ! no ip http server no ip http secure-server ! ! access-list 101 permit ip 192.168.99.0 0.0.0.255 192.168.98.0 0.0.0.255 ! control-plane ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 login transport input all ! scheduler allocate 20000 1000 end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

>>> sh cry ips sa 
>>> sh ver 
>>> ip route есть в нужные подсети?
>>> как проверяете что нет соединения?
>> И полный конфиг внешних и внутренних интерфейсов

> RouterA# 
> Building configuration...

> Current configuration : 2038 bytes 
> !
> ! Last configuration change at 13:10:55 UTC Thu Jan 16 2014 
> ! NVRAM config last updated at 13:10:57 UTC Thu Jan 16 2014 
 
> ! NVRAM config last updated at 13:10:57 UTC Thu Jan 16 2014 
 
> version 15.2 
> service timestamps debug datetime msec 
> service timestamps log datetime msec 
> no service password-encryption 
> !
> hostname RouterA 
> !
> boot-start-marker 
> boot-end-marker 
> !
> enable secret 5 $1$1mLF$C4F6G.PgOaWxFybnMFMh11 
> !
> no aaa new-model 
> !
> no ipv6 cef 
> !
> ip cef 
> !
> multilink bundle-name authenticated 
> !
> crypto pki token default removal timeout 0 
> !
> license udi pid CISCO1941/K9 sn FGL1714224W 
> license boot module c1900 technology-package securityk9 
> license boot module c1900 technology-package datak9 
> !
> redundancy 
> !
> crypto isakmp policy 1 
> encr 3des 
> hash md5 
> authentication pre-share 
> group 2 
> crypto isakmp key cisco123 address 10.145.151.61 
> !
> crypto ipsec transform-set rtpset esp-des esp-md5-hmac 
> !
> crypto map rtp 2 ipsec-isakmp 
> set peer 10.145.151.61 
> set transform-set rtpset 
> match address 102 
> !
> interface Embedded-Service-Engine0/0 
> no ip address 
> shutdown 
> !
> interface GigabitEthernet0/0 
> ip address 10.145.10.62 255.255.255.240 
> ip tcp adjust-mss 1400 
> duplex auto 
> speed auto 
> crypto map rtp 
> !
> interface GigabitEthernet0/1 
> ip address 192.168.98.1 255.255.255.0 
> duplex auto 
> speed auto 
> !
> interface GigabitEthernet0/0/0 
> no ip address 
> !
> interface GigabitEthernet0/0/1 
> no ip address 
> !
> interface GigabitEthernet0/0/2 
> no ip address 
> !
> interface GigabitEthernet0/0/3 
> no ip address 
> !
> interface Vlan1 
> no ip address 
> !
> ip default-gateway 10.145.10.40 
> ip forward-protocol nd 
> !
> no ip http server 
> no ip http secure-server 
> !
> access-list 102 permit ip 192.168.98.0 0.0.0.255 192.168.99.0 0.0.0.255 
> !
> control-plane 
> !
> line con 0 
> line aux 0 
> line 2 
> no activation-character 
> no exec 
> transport preferred none 
> transport input all 
> transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh 
> stopbits 1 
> line vty 0 4 
> login 
> transport input all 
> !
> scheduler allocate 20000 1000 
> end

> RouterB# 
> Building configuration...

> Current configuration : 2056 bytes 
> !
> ! Last configuration change at 04:46:56 UTC Fri Jan 17 2014 
> ! NVRAM config last updated at 04:48:13 UTC Fri Jan 17 2014 
 
> ! NVRAM config last updated at 04:48:13 UTC Fri Jan 17 2014 
 
> version 15.1 
> service timestamps debug datetime msec 
> service timestamps log datetime msec 
> no service password-encryption 
> !
> hostname RouterB 
> !
> boot-start-marker 
> boot-end-marker 
> !
> !
> enable secret 4 daKYKG/09tp/TYVbvxlDi8/85nzz5u/yaMu4xzSWSiA 
> !
> no aaa new-model 
> !
> !
> no ipv6 cef 
> ip source-route 
> ip cef 
> !
> multilink bundle-name authenticated 
> !
> crypto pki token default removal timeout 0 
> !
> !
> license udi pid CISCO1941/K9 sn FGL163712DS 
> license boot module c1900 technology-package securityk9 
> license boot module c1900 technology-package datak9 
> !
> redundancy 
> !
> crypto isakmp policy 1 
> encr 3des 
> hash md5 
> authentication pre-share 
> group 2 
> crypto isakmp key cisco123 address 10.145.10.62 
> !
> crypto ipsec transform-set rtpset esp-des esp-md5-hmac 
> !
> crypto map rtp 2 ipsec-isakmp 
> set peer 10.145.10.62 
> set transform-set rtpset 
> match address 101 
> !
> interface Embedded-Service-Engine0/0 
> no ip address 
> shutdown 
> !
> interface GigabitEthernet0/0 
> ip address 10.145.151.61 255.255.255.0 
> ip tcp adjust-mss 1400 
> duplex auto 
> speed auto 
> crypto map rtp 
> !
> interface GigabitEthernet0/1 
> ip address 192.168.99.1 255.255.255.0 
> duplex auto 
> speed auto 
> !
> interface GigabitEthernet0/0/0 
> no ip address 
> !
> interface GigabitEthernet0/0/1 
> no ip address 
> !
> interface GigabitEthernet0/0/2 
> no ip address 
> !
> interface GigabitEthernet0/0/3 
> no ip address 
> !
> interface Vlan1 
> no ip address 
> !
> ip default-gateway 10.145.151.1 
> ip forward-protocol nd 
> !
> no ip http server 
> no ip http secure-server 
> !
> !
> access-list 101 permit ip 192.168.99.0 0.0.0.255 192.168.98.0 0.0.0.255 
> !
> control-plane 
> !
> line con 0 
> line aux 0 
> line 2 
> no activation-character 
> no exec 
> transport preferred none 
> transport input all 
> transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh 
> stopbits 1 
> line vty 0 4 
> login 
> transport input all 
> !
> scheduler allocate 20000 1000 
> end

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру