Доброго времени суток!
Есть циска, со следующей конфой...
version 12.4
service nagle
service pad to-xot
service pad from-xot
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Lipetsk_router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
aaa new-model
aaa authentication login default local
aaa authentication login userauthen local
aaa authentication login notest none
aaa authorization network foo local
!
!
aaa session-id common
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip inspect max-incomplete high 1000
ip inspect max-incomplete low 1000
ip inspect one-minute high 600
ip inspect one-minute low 600
ip inspect udp idle-time 600
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 50 block-time 1
ip inspect name fw ftp timeout 20
ip inspect name fw tcp
ip inspect name fw udp
ip inspect name fw cuseeme
ip inspect name fw daytime
ip inspect name fw discard
ip inspect name fw dns
ip inspect name fw echo
ip inspect name fw finger
ip inspect name fw fragment maximum 256 timeout 1
ip inspect name fw icmp
ip inspect name fw login
ip inspect name fw microsoft-ds timeout 20
ip inspect name fw tftp
ip inspect name fw pptp
ip inspect name fw telnet
ip inspect name fw streamworks
ip inspect name fw realaudio
ip inspect name fw router
ip inspect name fw ssh
ip inspect name fw http
ip domain name oblbank.ru
ip name-server 192.168.80.202
!
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-3104593062
subject-name cn=IOS-Self-Signed-Certificate-3104593062
revocation-check none
rsakeypair TP-self-signed-3104593062
!
crypto pki trustpoint TP-self-signed-2906423707
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2906423707

revocation-check none
rsakeypair TP-self-signed-2906423707
!
!
!
!
archive
log config
  hidekeys
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 40 5
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group cisco
key test1234
pool ippool
acl 120
!
!
crypto ipsec transform-set test esp-3des esp-md5-hmac
crypto ipsec transform-set foo esp-3des esp-sha-hmac
crypto ipsec nat-transparency spi-matching
!
crypto dynamic-map dynmap 1
set transform-set test
match address 199
crypto map test client authentication list userauthen
crypto map test isakmp authorization list foo
crypto map test client configuration address respond
crypto map test 20 ipsec-isakmp dynamic dynmap
!
!
!
!
!
!
interface Loopback0
no ip address
ip virtual-reassembly
!
interface Tunnel0
no ip address
shutdown
!
interface FastEthernet0/0
description -=Glodal_Network=-
ip address 195.34.235.126 255.255.255.252
ip access-group Internet in
ip nat outside
duplex auto
speed 100
crypto map test
!
interface FastEthernet0/1
description -=Local_Network=-
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed 100
interface FastEthernet0/3/0
ip address 192.168.80.31 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map PROXY
duplex auto
speed auto
!
interface Virtual-Template1
no ip address
!
interface Vlan1
no ip address
!
ip local pool ippool 192.168.254.1 192.168.254.254
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 195.34.235.125
ip route 10.5.0.0 255.255.0.0 192.168.80.161
ip route 10.7.0.0 255.255.0.0 192.168.80.161
ip http server
ip http secure-server
ip nat pool Inet 195.34.235.126 195.34.235.126 prefix-length 30
ip nat inside source route-map NAT_translate pool Inet overload
ip nat inside source static tcp 192.168.1.1 25 195.34.235.126 25 extendable
ip nat inside source static tcp 192.168.1.1 110 195.34.235.126 110 extendable
ip nat inside source static tcp 192.168.80.97 443 195.34.235.126 443 extendable
!
ip access-list extended Internet
remark -=Anelik=-
permit ip host 83.137.219.5 any
permit ip host 83.137.219.3 any
permit tcp any eq smtp any gt 1023 established
permit tcp any eq pop3 any gt 1023 established
permit tcp any eq ftp any gt 1023 established
permit tcp any eq 443 any gt 1023 established
permit icmp any any
permit tcp any eq domain any
permit udp any eq domain any
permit udp any any eq domain
permit tcp any any eq domain
permit tcp any eq www any gt 1023 established
permit udp any any eq 443
permit udp any any eq isakmp
permit udp any any eq 10000
permit tcp any any eq 10000
permit tcp any any eq 500
permit tcp any any eq 4500
permit udp any any eq non500-isakmp
permit esp any any
permit tcp any any eq 443
permit udp any any eq 25
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended NAT
permit icmp any any
permit ip 192.168.80.0 0.0.0.255 any
permit ip host 192.168.1.1 any
deny   ip 192.168.80.0 0.0.0.255 192.168.1.0 0.0.0.255
deny   ip 192.168.80.0 0.0.0.255 10.100.100.0 0.0.0.255
deny   ip any any
ip access-list extended PROX_SERV
permit tcp 192.168.80.0 0.0.0.255 any eq www
!
access-list 120 permit ip 192.168.80.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 199 permit ip 192.168.80.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 199 permit ip host 195.34.235.126 192.168.254.0 0.0.0.255
route-map PROXY permit 1
match ip address PROX_SERV
set ip next-hop 192.168.1.1
!
route-map NAT_translate permit 1
match ip address NAT
match interface FastEthernet0/0
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
end

Проблема такая соединяюсь впн клиентом через интернет на адрес 195.34.235.126... Клиент получает адрес из заданного пула... Пингую хост в сети 192.168.80.0... Пинг идёт ТОЛЬКО на этот хост... И при ответе пинга пишет что ответ приходит от 195.34.235.126... Отсоединяю клиента снова соедтняюсь... Хост, который пинговал до этотого уже не пингуетя, а пингуется какой-либо другой из сети 192.168.80.0, но снова пишет, что ответ идёт от 195.34.235.126 и т.д...
В чём проблема?