Архив форумов ЦИТФорума

[giageo]

shto nado nastroit na cisco 1841 dla togo shtobi VPN koncentrator poluchal sessii dla opredelennoi gruppi tolko ot opredelennogo IP adresa - ja pitalsa eto sdelat s pomochju
crypto isakpm profile NEWVPN
match identity address x.x.x.x

no routre ne obrashaet vniamania na etu zapis - xota vrodebi peer identity nado propisivat imenno v etom meste.

Pomogite PLZ

[and3008]

Строчек надо минимум раз в 20 больше.

www.cisco.com
Там примеры и ответы.

[giageo]

tut imeetsa v vidu shto crypto dynamic VPN uje nastroen, edinstvennoe shto nado dobavit tak eto zapis kotoraja budet razreshat ogranichivat PEER identity dla konkretnoi gruppi ..
shtobi opredelennaja gruppa prinimala sesii tolko ot konkretnogo PEERA
etoi gruppe nado ukazat MATCH IDENTITY ADDRESS no eto ne rabotaet, podskajite plz shto nado dobavit esho ...?
(ogranichit prosto ACL-om nakladivaja ego na interface ne reshit etu problemu tak kak mne nujno tolko dla opredelennoi gruppi eto sdelat ane dla VSEX grupp )

aaa authentication login NEWAUTH local
aaa authorization network NEWAUTHOR local

username NEW password 0 NEW

crypto isakmp policy 1
encr aes
authentication pre-share
group 2


crypto isakmp client configuration group NEWGROUP
key NEW
pool NEWPOOL
acl 111
max-logins 2


crypto isakmp profile NEWPROFILE
match identity group NEWGROUP
client authentication list NEWAUTH
match identity address k.k.k.k
isakmp authorization list NEWAUTHOR
client configuration address respond

crypto ipsec transform-set AES_SHA esp-aes esp-sha-hmac

crypto dynamic-map IPSEC 11
set transform-set AES_SHA
set isakmp-profile NEWPROFILE
reverse-route

ip local pool NEWPOOL x.x.x.x

access-list 111 permit ip host q.q.q.q host z.z.z.z
access-list 111 remark NEWACL