Mam problem z zestawieniem tuneli (a). Pierwszym tunelem był tunel do pol jednak po dodaniu reguły dla "vec" nie ma możliwości zestawienia połączenia do "pol" . Tunel "vec" zestawia się
Attribute Value
Router Model 861
Image Name c860-universalk9-mz.150-1.M3.bin
IOS Version 15.0(1)M3
Hostname gate2
Kod: Zaznacz cały
Building configuration...
Current configuration : 6606 bytes
!
! Last configuration change at 01:32:12 Warsaw Mon Mar 1 1993 by sadmin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gate2
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 $*******************
!
no aaa new-model
memory-size iomem 10
clock timezone Warsaw 1
!
ip source-route
!
!
!
!
no ip cef
ip domain name s*******
ip name-server 8.8.8.8
!
!
license udi pid CISCO861-K9 sn FCZ143993T6
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto isakmp policy 4
encr aes 256
hash sha
authentication pre-share
group 2
!
crypto isakmp policy 5
encr aes 256
hash sha
authentication pre-share
group 2
lifetime 1440
!
crypto isakmp policy 6
encr aes 256
hash sha
authentication pre-share
group 2
lifetime 3600
crypto isakmp key n******* address 212.*.**.**
crypto isakmp key c******* address 88.**.**.**
!
!
crypto ipsec transform-set vec esp-aes 256 esp-sha-hmac
crypto ipsec transform-set plus-aes256-sha esp-aes 256 esp-sha-hmac
crypto ipsec df-bit clear
no crypto ipsec nat-transparency udp-encaps
!
crypto map internet 5 ipsec-isakmp
description tunnel do vec
set peer 88.**.**.**
set transform-set vec
match address 110
reverse-route static
crypto map internet 6 ipsec-isakmp
description tunnel do polk
set peer 212.**.**.**
set transform-set plus-aes256-sha
match address polk
reverse-route static
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 80.**.**.** 255.255.255.240
ip virtual-reassembly
duplex auto
speed auto
crypto map internet
!
interface Vlan1
ip address 10.1.4.1 255.255.255.0 secondary
ip address 80.**.**.** 255.255.255.240
!
ip forward-protocol nd
ip http server
ip http access-class 99
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 80.**.**.1
ip route 80.**.**.1 255.255.255.255 FastEthernet4
ip route 80.**.**.2 255.255.255.255 FastEthernet4
ip route 80.**.**.3 255.255.255.255 FastEthernet4
ip route 80.**.**.4 255.255.255.255 FastEthernet4
ip route 80.**.**.8 255.255.255.255 FastEthernet4
ip route 80.**.**.9 255.255.255.255 FastEthernet4
!
ip access-list extended polk
remark siec polk
permit ip host 80.**.**.5 host 212.*.**.77
permit ip host 80.**.**.6 host 212.*.**.77
permit ip host 80.**.**.7 host 212.*.**.77
permit ip host 80.**.**.5 host 212.*.**.193
permit ip host 80.**.**.6 host 212.*.**.193
permit ip host 80.**.**.7 host 212.*.**.193
permit ip host 80.**.**.5 host 212.*.***.12
permit ip host 80.**.**.6 host 212.*.***.12
permit ip host 80.**.**.7 host 212.*.***.12
permit ip host 80.**.**.5 host 212.*.***.206
permit ip host 80.**.**.6 host 212.*.***.206
permit ip host 80.**.**.7 host 212.*.***.206
permit ip host 80.**.**.5 host 212.*.***.10
permit ip host 80.**.**.6 host 212.*.***.10
permit ip host 80.**.**.7 host 212.*.***.10
permit ip host 80.**.**.5 host 212.*.***.22
permit ip host 80.**.**.6 host 212.*.***.22
permit ip host 80.**.**.7 host 212.*.***.22
!
access-list 1 permit 80.**.**.5
access-list 1 permit 80.**.**.7
access-list 1 permit 80.**.**.6
access-list 1 permit 80.**.**.8
access-list 20 permit 89.***.***.238
access-list 20 permit 80.***.**.0 0.0.0.31
access-list 110 permit ip 10.1.4.0 0.0.0.255 10.25.100.0 0.0.0.255
snmp-server community public RO
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 20 in
login local
transport input ssh
!
scheduler max-task-time 5000
end
Kod: Zaznacz cały
Checking the tunnel status... Down
Encapsulation :0
Decapsulation :0
Send Error :0
Received Error :0
Checking interface status... Successful
Interface :FastEthernet4
Interface physical status :Up
Line protocol status :Up
Checking the configuration... Successful
Checking IPSec
Crypto map name : internet
Sequence number : 6
Crypto map type : Static
Peer : Configured
Transform set : Configured
Interesting traffic : Configured
IPSec configuration status : Valid
Checking IKE
IKE Policies : Configured
Policies with pre shared key authentication method : Configured
Global pre shared key with wild cards : Not configured
Pre-shared key for 212.2.102.235 Configured
IKE configuration status : Valid
Checking Routing... Successful
Peer :212.2.102.235:Valid(Routed through the crypto interface)
Traffic source :80.82.19.5:Valid(Route exists in routing table)
Traffic destination :212.2.96.77:Valid(Routed through the crypto interface)
Traffic source :80.82.19.6:Valid(Route exists in routing table)
Traffic destination :212.2.96.77:Valid(Routed through the crypto interface)
Traffic source :80.82.19.7:Valid(Route exists in routing table)
Traffic destination :212.2.96.77:Valid(Routed through the crypto interface)
Traffic source :80.82.19.5:Valid(Route exists in routing table)
Traffic destination :212.2.98.193:Valid(Routed through the crypto interface)
Traffic source :80.82.19.6:Valid(Route exists in routing table)
Traffic destination :212.2.98.193:Valid(Routed through the crypto interface)
Traffic source :80.82.19.7:Valid(Route exists in routing table)
Traffic destination :212.2.98.193:Valid(Routed through the crypto interface)
Traffic source :80.82.19.5:Valid(Route exists in routing table)
Traffic destination :212.2.119.12:Valid(Routed through the crypto interface)
Traffic source :80.82.19.6:Valid(Route exists in routing table)
Traffic destination :212.2.119.12:Valid(Routed through the crypto interface)
Traffic source :80.82.19.7:Valid(Route exists in routing table)
Traffic destination :212.2.119.12:Valid(Routed through the crypto interface)
Traffic source :80.82.19.5:Valid(Route exists in routing table)
Traffic destination :212.2.103.206:Valid(Routed through the crypto interface)
Traffic source :80.82.19.6:Valid(Route exists in routing table)
Traffic destination :212.2.103.206:Valid(Routed through the crypto interface)
Traffic source :80.82.19.7:Valid(Route exists in routing table)
Traffic destination :212.2.103.206:Valid(Routed through the crypto interface)
Traffic source :80.82.19.5:Valid(Route exists in routing table)
Traffic destination :212.2.119.10:Valid(Routed through the crypto interface)
Traffic source :80.82.19.6:Valid(Route exists in routing table)
Traffic destination :212.2.119.10:Valid(Routed through the crypto interface)
Traffic source :80.82.19.7:Valid(Route exists in routing table)
Traffic destination :212.2.119.10:Valid(Routed through the crypto interface)
Traffic source :80.82.19.5:Valid(Route exists in routing table)
Traffic destination :212.2.123.22:Valid(Routed through the crypto interface)
Traffic source :80.82.19.6:Valid(Route exists in routing table)
Traffic destination :212.2.123.22:Valid(Routed through the crypto interface)
Traffic source :80.82.19.7:Valid(Route exists in routing table)
Traffic destination :212.2.123.22:Valid(Routed through the crypto interface)
Checking peer connectivity... Successful
Peer :212.2.102.235:Successful
Checking NAT... Successful
Checking Firewall... Successful
Debugging the VPN connection ... Completed
Checking the tunnel status... Down
Encapsulation :0
Decapsulation :0
Send Error :0
Received Error :0
Kod: Zaznacz cały
:!:
Seba