backup ISDN oraz łączność VPN- problem

Unanswered Question
Jul 22nd, 2010

Witam! Mam taki problem z VPN'em oraz backupem na ISDN. Skonfigurowałem VPN'a oraz backup na ISDN i tak:

- VPN działa bez problemu ( backup niby także ) hosty z obydwóch sieci gdy jest ustanowione łącze VPN się pingują itd.


- Jeżeli zrywam łączność VPN automatycznie zestawiany jest kanał ISDN ale niestety hosty przestają się pingować ( upłynął limit czasu żądania )

Jeżeli ustawię odpowiednie routingi to jest OK ale działa albo jedno albo drugie ( czyli albo VPN  albo ISDN ).

Juz kombinuje drugi dzień ale niewiem co źle robię? Konfigi  są takie:

Główny

Code:

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname glowny
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
dot11 syslog
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
isdn switch-type basic-5ess
!
!
!
!
username drugi password 0 1234567
archive
  log config
   hidekeys
!
!
crypto isakmp policy 1
  encr aes
  authentication pre-share
  group 5
crypto isakmp key 1234567 address 91.55.20.15
!
!
crypto ipsec transform-set esp-aes-sha esp-aes esp-sha-hmac
!
crypto map vpn 10 ipsec-isakmp
  set peer 91.55.20.15
  set transform-set esp-aes-sha
  match address 101
!
!
!
!
!
!
interface FastEthernet0/0
  ip address 82.13.13.12 255.255.255.248
  duplex auto
  speed auto
  no keepalive
  crypto map vpn
!
interface FastEthernet0/1
  ip address 192.168.1.54 255.255.255.0
  duplex auto
  speed auto
  no keepalive
!
interface BRI0/1/0
  ip address 192.168.50.1 255.255.255.0
  encapsulation ppp
  dialer-group 1
  isdn switch-type basic-5ess
  isdn point-to-point-setup
  ppp authentication chap
  ppp multilink
!
interface Dialer1
  no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 82.13.13.11
ip route 0.0.0.0 0.0.0.0 192.168.50.2 200
!
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip list 101
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
  login
!
scheduler allocate 20000 1000
end

**********************************

drugi:

Code:
version 15.0
service timestamps debug uptime
service timestamps log datetime msec
no service password-encryption
!
hostname drugi
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
no ip source-route
!
!
!
!
no ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
isdn switch-type basic-5ess
!
!
username glowny password 0 1234567
!
!
!
!
crypto isakmp policy 1
  encr aes
  authentication pre-share
  group 5
crypto isakmp key 1234567 address 82.13.13.12
!
!
crypto ipsec transform-set esp-aes-sha esp-aes esp-sha-hmac
!
crypto map vpn 10 ipsec-isakmp
  set peer 82.13.13.12
  set transform-set esp-aes-sha
  match address 101
!
!
!
!
!
interface BRI0
  ip address 192.168.50.2 255.255.255.0
  encapsulation ppp
  no ip route-cache
  dialer idle-timeout 10
  dialer map ip 192.168.50.1 name zory broadcast 224343434
  dialer load-threshold 5 either
  dialer-group 1
  isdn switch-type basic-5ess
  isdn termination multidrop
  isdn point-to-point-setup
  ppp authentication chap
  ppp multilink
  !
!
interface FastEthernet0
  no keepalive
  !
!
interface FastEthernet1
  !
!
interface FastEthernet2
  !
!
interface FastEthernet3
  !
!
interface FastEthernet4
  !
!
interface FastEthernet5
  !
!
interface FastEthernet6
  !
!
interface FastEthernet7
  !
!
interface FastEthernet8
  no ip address
  shutdown
  duplex auto
  speed auto
  !
!
interface GigabitEthernet0
  ip address 91.55.20.15 255.255.255.248
  duplex auto
  speed auto
  crypto map vpn
  !
!
interface Vlan1
  ip address 192.168.2.54 255.255.255.0
  !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 91.55.20.11
ip route 0.0.0.0 0.0.0.0 192.168.50.1 200
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip list 101
!
!
!
!
!
!
control-plane
  !
!
!
line con 0
line aux 0
  transport input all
line vty 0 4
  login
!
scheduler max-task-time 5000
end



ip classless podobno działa domyslnie!

teraz np na routerze - drugi dodaje routing :

ip route 192.168.1.0 255.255.255.0 192.168.50.1 200 i na łączu  backupowym działa wszystko OK - hosty się pingują itd. Ale za to VPN nie  działa. Nawet działałem na VPN a po dodaniu routingu zaraz nastąpiło  przełączenie na backup ISDN ( wiadomo bo VPN siadł )


Był bym bardzo wdzięczny gdyby ktoś mógł mi pomóc z tymi routingami:)

Pozdrawiam

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
debbie_debbie Thu, 07/22/2010 - 12:17

Shortly after the  English:)

Hi all!

I'm sorry but my  English is poor. I do not know how to add routing to the VPN connection  after the break when the work backup ISDN network hosts to see it. VPN works, but  after the break when he begins to act ISDN backup hosts can not see. If I add the routing on the router "DRUGI", eg:
ip route  192.168.1.0 255.255.255.0 192.168.50.1 200

computers  operating on a backup ISDN link to see but after restoring the VPN  connection can not see. It works either ISDN or VPN.

Please help.

Actions

This Discussion