07-22-2010 11:34 AM - edited 03-04-2019 09:09 AM
Witam! Mam taki problem z VPN'em oraz backupem na ISDN. Skonfigurowałem VPN'a oraz backup na ISDN i tak:
- VPN działa bez problemu ( backup niby także ) hosty z obydwóch sieci gdy jest ustanowione łącze VPN się pingują itd.
- Jeżeli zrywam łączność VPN automatycznie zestawiany jest kanał ISDN ale niestety hosty przestają się pingować ( upłynął limit czasu żądania )
Jeżeli ustawię odpowiednie routingi to jest OK ale działa albo jedno albo drugie ( czyli albo VPN albo ISDN ).
Juz kombinuje drugi dzień ale niewiem co źle robię? Konfigi są takie:
Główny
Code:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname glowny
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
dot11 syslog
no ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
isdn switch-type basic-5ess
!
!
!
!
username drugi password 0 1234567
archive
log config
hidekeys
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp key 1234567 address 91.55.20.15
!
!
crypto ipsec transform-set esp-aes-sha esp-aes esp-sha-hmac
!
crypto map vpn 10 ipsec-isakmp
set peer 91.55.20.15
set transform-set esp-aes-sha
match address 101
!
!
!
!
!
!
interface FastEthernet0/0
ip address 82.13.13.12 255.255.255.248
duplex auto
speed auto
no keepalive
crypto map vpn
!
interface FastEthernet0/1
ip address 192.168.1.54 255.255.255.0
duplex auto
speed auto
no keepalive
!
interface BRI0/1/0
ip address 192.168.50.1 255.255.255.0
encapsulation ppp
dialer-group 1
isdn switch-type basic-5ess
isdn point-to-point-setup
ppp authentication chap
ppp multilink
!
interface Dialer1
no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 82.13.13.11
ip route 0.0.0.0 0.0.0.0 192.168.50.2 200
!
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip list 101
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
**********************************
drugi:
Code: version 15.0
service timestamps debug uptime
service timestamps log datetime msec
no service password-encryption
!
hostname drugi
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
no ip source-route
!
!
!
!
no ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
isdn switch-type basic-5ess
!
!
username glowny password 0 1234567
!
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 5
crypto isakmp key 1234567 address 82.13.13.12
!
!
crypto ipsec transform-set esp-aes-sha esp-aes esp-sha-hmac
!
crypto map vpn 10 ipsec-isakmp
set peer 82.13.13.12
set transform-set esp-aes-sha
match address 101
!
!
!
!
!
interface BRI0
ip address 192.168.50.2 255.255.255.0
encapsulation ppp
no ip route-cache
dialer idle-timeout 10
dialer map ip 192.168.50.1 name zory broadcast 224343434
dialer load-threshold 5 either
dialer-group 1
isdn switch-type basic-5ess
isdn termination multidrop
isdn point-to-point-setup
ppp authentication chap
ppp multilink
!
!
interface FastEthernet0
no keepalive
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
no ip address
shutdown
duplex auto
speed auto
!
!
interface GigabitEthernet0
ip address 91.55.20.15 255.255.255.248
duplex auto
speed auto
crypto map vpn
!
!
interface Vlan1
ip address 192.168.2.54 255.255.255.0
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 91.55.20.11
ip route 0.0.0.0 0.0.0.0 192.168.50.1 200
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip list 101
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
transport input all
line vty 0 4
login
!
scheduler max-task-time 5000
end
ip classless podobno działa domyslnie!
teraz np na routerze - drugi dodaje routing :
ip route 192.168.1.0 255.255.255.0 192.168.50.1 200 i na łączu backupowym działa wszystko OK - hosty się pingują itd. Ale za to VPN nie działa. Nawet działałem na VPN a po dodaniu routingu zaraz nastąpiło przełączenie na backup ISDN ( wiadomo bo VPN siadł )
Był bym bardzo wdzięczny gdyby ktoś mógł mi pomóc z tymi routingami:)
Pozdrawiam
07-22-2010 12:17 PM
Shortly after the English:)
Hi all!
I'm sorry but my English is poor. I do not know how to add routing to the VPN connection after the break when the work backup ISDN network hosts to see it. VPN works, but after the break when he begins to act ISDN backup hosts can not see. If I add the routing on the router "DRUGI", eg:
ip route 192.168.1.0 255.255.255.0 192.168.50.1 200
computers operating on a backup ISDN link to see but after restoring the VPN connection can not see. It works either ISDN or VPN.
Please help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide