Powoli poznaję świat sieci. Mam do zrobienia proste zadanie i nie wiem gdzie jest błąd, co robię źle.
Mam zrobić w GN3 sieć VPN Site-to-Site. Znalazłem na YT filmik. Ale na filmiku działa a u mnie nie. I serdecznie proszę Was o pomoc.
Sieć, którą zrobiłem wygląda tak:
W GNS3 pracuję na routerach 3725. W GNS3 połączenie z lokalnym serverem jest, ponieważ widzę zielonego kółeczko.
Musiałem coś źle ustawić, ale tego nie widzę.
Dla przykładu, pingując z R1 z 20.20.20.1 "widzę" 10.10.10.1, nie widzę 10.10.10.2, widzę 20.20.20.2, nie widzę 172.16.10.1.
Pingując z R2 z 20.20.20.2 widzę 20.20.20.1, ale pingując z 172.16.10.1 (polecenie ping 20.20.20.1 source 172.16.10.1) to już nie widzę.
Oczywiście routery R3 i R4 się nie widzą.
Mogę prosić Was o pomoc?
Pozdrawiam
Poniżej sh run'y routerów.
R1:
Kod: Zaznacz cały
Current configuration : 1552 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 20.20.20.2
!
!
crypto ipsec transform-set myset esp-aes esp-sha-hmac
!
crypto map R1-R2 10 ipsec-isakmp
set peer 20.20.20.2
set transform-set myset
match address 101
!
!
ip tcp synwait-time 5
!
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 20.20.20.1 255.255.255.0
serial restart-delay 0
crypto map R1-R2
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 10.10.10.0 0.0.0.255 172.16.10.0 0.0.0.255
no cdp log mismatch duplex
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
Kod: Zaznacz cały
Current configuration : 1553 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 20.20.20.1
!
!
crypto ipsec transform-set myset esp-aes esp-sha-hmac
!
crypto map R2-R1 10 ipsec-isakmp
set peer 20.20.20.1
set transform-set myset
match address 101
!
!
!
ip tcp synwait-time 5
!
!
interface FastEthernet0/0
ip address 172.16.10.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 20.20.20.2 255.255.255.0
serial restart-delay 0
crypto map R2-R1
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 172.16.10.0 0.0.0.255 10.10.10.0 0.0.0.255
no cdp log mismatch duplex
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
Kod: Zaznacz cały
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 5
!
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
Kod: Zaznacz cały
Current configuration : 915 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 5
!
!
interface FastEthernet0/0
ip address 176.16.10.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end