alesha
Зарегистрирован: 12.11.2004 Сообщения: 159
|
Добавлено: Вт Дек 23 2008 10:42 Заголовок сообщения: Настройка VPN |
|
|
Доброго времени суток!
Имеем циско 2801 со следующей конфой...
Current configuration : 3697 bytes
!
version 12.4
service nagle
service pad to-xot
service pad from-xot
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Lipetsk_router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable password 7 094B44100D09031906150638
!
aaa new-model
aaa authentication login default local
aaa authentication login notest none
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
!
aaa session-id common
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip domain name yourdomain.com
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3104593062
subject-name cn=IOS-Self-Signed-Certificate-3104593062
revocation-check none
rsakeypair TP-self-signed-3104593062
username pyrikov privilege 15 password 7 050C0C1635405A02141C1500
archive
log config
hidekeys
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group 3000client
key cisco123
dns 192.168.80.202
wins 192.168.80.202
domain oblbank.ru
pool ippool
acl 108
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
!
!
interface FastEthernet0/0
description -=Glodal_Network=-
ip address 195.34.235.126 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed 100
crypto map clientmap
!
interface FastEthernet0/1
description -=Local_Network=-
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed 100
!
interface FastEthernet0/1/0
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface FastEthernet0/3/0
no ip address
duplex auto
speed auto
!
interface Vlan1
!
ip local pool ippool 192.168.1.10 192.168.1.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 195.34.235.125
ip route 192.168.80.0 255.255.255.0 192.168.1.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static 192.168.1.1 195.34.235.126
!
access-list 108 permit ip 192.168.0.0 0.0.255.255 192.168.1.0 0.0.0.255
!
!
!
При попытке конекта на порт FastEthernet0/0 посредством Cisco VPN Client через интернет...
Клиент отвечает "remote peer is not longer responding"
В чём косяк? |
|