отмена
Отображаются результаты для 
Вместо этого искать 
Вы имели в виду: 
Объявления
Добро пожаловать в Сообщество Технической поддержки Cisco. Мы рады получить обратную связь .
New Member

cisco 2921 pptp, зоны и ipsec. Доступ для pptp

Здравствуйте.
Есть роутер в центральной точке.
У него построено несколько ipsec туннелей.
Также настроен pptp сервер. из вне подключение работает по pptp.
Но есть проблема.

При подключении pptp внутренняя сеть видна, но туннели не пингуються.
Зона висит на интерфейсе.
Также по pptp соединению роутер не пускает в интернет.
С зонами сталкиваюсь впервые. Сильно не пинать.

В общем надо открыть для pptp соеденений доступ в туннели и интернет.

 

Код:

!
! Last configuration change at 10:00:49 Moscow Thu Mar 19 2015 by admin
! NVRAM config last updated at 09:51:16 Moscow Thu Mar 19 2015 by admin
! NVRAM config last updated at 09:51:16 Moscow Thu Mar 19 2015 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C2921/K9
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret level 2 4 ****
!
aaa new-model
!
!
aaa authentication ppp default local-case
aaa authorization network default local
!
aaa attribute list color10
 attribute type addr 192.168.7.202 service ppp protocol ip mandatory
!
aaa attribute list service
 attribute type addr 192.168.7.201 service ppp protocol ip mandatory
!
aaa attribute list cam
 attribute type addr 192.168.7.203 service ppp protocol ip mandatory
!
aaa attribute list reg1
 attribute type addr 192.168.7.204 service ppp protocol ip mandatory
!
aaa attribute list eco
 attribute type addr 192.168.7.205 service ppp protocol ip mandatory
!
!
!
!
!
aaa session-id common
clock timezone Moscow 3 0
clock summer-time Moscow date Mar 30 2003 2:00 Oct 26 2003 3:00
!
ip cef
!
!
!
ip dhcp excluded-address 192.168.7.191 192.168.7.255
ip dhcp excluded-address 192.168.7.1 192.168.7.186
!
ip dhcp pool CENTRAL
 network 192.168.7.0 255.255.255.0
 default-router 192.168.7.249
 dns-server 192.168.7.249
 lease 0 0 30
!
ip dhcp pool File
 host 192.168.7.2 255.255.255.0
 client-identifier 0190.2b34.31ff.33
 client-name File
!
ip dhcp pool TOWN
 host 192.168.7.3 255.255.255.0
 client-identifier 0100.0ea6.349c.30
 client-name TOWN
!
ip dhcp pool TOWER
 host 192.168.7.4 255.255.255.0
 client-identifier 0100.1109.2b05.da
 client-name TOWER
!
ip dhcp pool 1CSERVER
 host 192.168.7.5 255.255.255.0
 client-identifier 0100.19db.aa12.c2
 client-name 1CSERVER
!
ip dhcp pool SERVISEBASE
 host 192.168.7.7 255.255.255.0
 client-identifier 0100.1109.661a.be
 client-name SERVISEBASE
!
ip dhcp pool WIN3
 host 192.168.7.8 255.255.255.0
 client-identifier 0100.3048.c574.02
 client-name WIN3
!
ip dhcp pool NETGEAR
 host 192.168.7.9 255.255.255.0
 client-identifier 0100.223f.a9e4.53
 client-name NETGEAR
!
ip dhcp pool WINUN1PKFJLBIA
 host 192.168.7.10 255.255.255.0
 client-identifier 018c.89a5.dde1.a1
 client-name WINUN1PKFJLBIA
!
ip dhcp pool noname1
 host 192.168.7.11 255.255.255.0
 client-identifier 01d4.3d7e.30eb.61
 client-name noname1
!
ip dhcp pool SERVICE2
 host 192.168.7.12 255.255.255.0
 client-identifier 0100.19db.ad88.4f
 client-name SERVICE2
!
ip dhcp pool NOV5
 host 192.168.7.13 255.255.255.0
 client-identifier 0100.1617.98cd.4f
 client-name NOV5
!
ip dhcp pool nov25
 host 192.168.7.14 255.255.255.0
 client-identifier 0100.13d3.a939.ca
 client-name nov25
!
ip dhcp pool SERVICE7
 host 192.168.7.16 255.255.255.0
 client-identifier 0100.2197.91d5.50
 client-name SERVICE7
!
ip dhcp pool COLOR17
 host 192.168.7.18 255.255.255.0
 client-identifier 0100.2185.5963.a9
 client-name COLOR17
!
ip dhcp pool COLOR1
 host 192.168.7.20 255.255.255.0
 client-identifier 016c.626d.d3a7.5a
 client-name COLOR1
!
ip dhcp pool SERVICE9
 host 192.168.7.21 255.255.255.0
 client-identifier 0100.19db.ac87.5f
 client-name SERVICE9
!
ip dhcp pool SKUPKA
 host 192.168.7.24 255.255.255.0
 client-identifier 0100.0c76.2ac1.cf
 client-name SKUPKA
!
ip dhcp pool COLOR22
 host 192.168.7.26 255.255.255.0
 client-identifier 0100.2522.d8c3.7e
 client-name COLOR22
!
ip dhcp pool MARINA
 host 192.168.7.27 255.255.255.0
 client-identifier 0100.10dc.97ca.12
 client-name MARINA
!
ip dhcp pool COLOR8
 host 192.168.7.28 255.255.255.0
 client-identifier 0100.1966.589f.33
 client-name COLOR8
!
ip dhcp pool COLOR30
 host 192.168.7.29 255.255.255.0
 client-identifier 0100.2522.5d4f.37
 client-name COLOR30
!
ip dhcp pool NOV11
 host 192.168.7.30 255.255.255.0
 client-identifier 0194.de80.10c3.be
 client-name NOV11
!
ip dhcp pool noname2
 host 192.168.7.32 255.255.255.0
 client-identifier 0100.1966.945f.2a
 client-name noname2
!
ip dhcp pool SERVICE1
 host 192.168.7.35 255.255.255.0
 client-identifier 0100.1966.5927.8b
 client-name SERVICE1
!
ip dhcp pool nov28
 host 192.168.7.36 255.255.255.0
 client-identifier 01bc.5ff4.aa0b.df
 client-name nov28
!
ip dhcp pool COLOR15
 host 192.168.7.37 255.255.255.0
 client-identifier 0100.19db.aa12.c5
 client-name COLOR15
!
ip dhcp pool COLOR20
 host 192.168.7.38 255.255.255.0
 client-identifier 0100.2522.686f.d3
 client-name COLOR20
!
ip dhcp pool SERVICE4
 host 192.168.7.41 255.255.255.0
 client-identifier 0100.1d60.0c21.85
 client-name SERVICE4
!
ip dhcp pool COLOR9
 host 192.168.7.43 255.255.255.0
 client-identifier 016c.626d.d3a7.99
 client-name COLOR9
!
ip dhcp pool COLOR
 host 192.168.7.45 255.255.255.0
 client-identifier 011c.6f65.24f0.d9
 client-name COLOR
!
ip dhcp pool color16
 host 192.168.7.46 255.255.255.0
 client-identifier 0150.465d.7650.d2
 client-name color16
!
ip dhcp pool color14
 host 192.168.7.23 255.255.255.0
 client-identifier 0100.2522.c8c7.b0
 client-name color14
!
ip dhcp pool noname3
 host 192.168.7.15 255.255.255.0
 client-identifier 0100.1617.98cd.2d
 client-name noname3
!
ip dhcp pool nov33
 host 192.168.7.48 255.255.255.0
 client-identifier 0100.1ec9.3079.2a
 client-name nov33
!
ip dhcp pool noname4
 host 192.168.7.50 255.255.255.0
 client-identifier 0100.1966.ee88.90
 client-name noname4
!
ip dhcp pool nov6
 host 192.168.7.47 255.255.255.0
 client-identifier 0110.bf48.71ba.f7
 client-name nov6
!
ip dhcp pool noname5
 host 192.168.7.52 255.255.255.0
 client-identifier 016c.626d.d3a9.33
 client-name noname5
!
ip dhcp pool NOV17
 host 192.168.7.53 255.255.255.0
 client-identifier 0100.19db.c8de.23
 client-name NOV17
!
ip dhcp pool NOV30
 host 192.168.7.54 255.255.255.0
 client-identifier 0100.2522.0a18.77
 client-name NOV30
!
ip dhcp pool COLOR10
 host 192.168.7.56 255.255.255.0
 client-identifier 01d4.3d7e.b1c1.85
 client-name COLOR10
!
ip dhcp pool COLOR13
 host 192.168.7.57 255.255.255.0
 client-identifier 0140.6186.c9f4.be
 client-name COLOR13
!
ip dhcp pool COLOR2
 host 192.168.7.58 255.255.255.0
 client-identifier 0150.e549.218e.d8
 client-name COLOR2
!
ip dhcp pool COLOR35
 host 192.168.7.59 255.255.255.0
 client-identifier 0100.1109.657e.89
 client-name COLOR35
!
ip dhcp pool noname6
 host 192.168.7.61 255.255.255.0
 client-identifier 0100.1d92.0932.9f
 client-name noname6
!
ip dhcp pool noname8
 host 192.168.7.68 255.255.255.0
 client-identifier 0100.15f2.9d14.f5
 client-name noname8
!
ip dhcp pool NOV23
 host 192.168.7.69 255.255.255.0
 client-identifier 0100.1125.bc5d.4e
 client-name NOV23
!
ip dhcp pool NOV7
 host 192.168.7.67 255.255.255.0
 client-identifier 01bc.5ff4.0fd8.50
 client-name NOV7
!
ip dhcp pool COLOR24
 host 192.168.7.66 255.255.255.0
 client-identifier 016c.626d.cc59.cc
 client-name COLOR24
!
ip dhcp pool N23
 host 192.168.7.72 255.255.255.0
 client-identifier 0100.1ec9.3089.52
 client-name N23
!
ip dhcp pool LUX20
 host 192.168.7.73 255.255.255.0
 client-identifier 011c.6f65.372b.9c
 client-name LUX20
!
ip dhcp pool COLOR29
 host 192.168.7.75 255.255.255.0
 client-identifier 0100.1966.587c.1e
 client-name COLOR29
!
ip dhcp pool noname9
 host 192.168.7.79 255.255.255.0
 client-identifier 0150.e549.afc1.11
 client-name noname9
!
ip dhcp pool LUX1
 host 192.168.7.80 255.255.255.0
 client-identifier 011c.6f65.369b.3c
 client-name LUX1
!
ip dhcp pool LUX3
 host 192.168.7.82 255.255.255.0
 client-identifier 0100.1cf0.117c.c3
 client-name LUX3
!
ip dhcp pool SEC001599714BBD
 host 192.168.7.91 255.255.255.0
 client-identifier 0100.1599.714b.bd
 client-name SEC001599714BBD
!
ip dhcp pool COLOR36
 host 192.168.7.95 255.255.255.0
 client-identifier 01bc.5ff4.eea5.9d
 client-name COLOR36
!
ip dhcp pool NOV35
 host 192.168.7.96 255.255.255.0
 client-identifier 01bc.5ff4.eea4.56
 client-name NOV35
!
ip dhcp pool noname11
 host 192.168.7.151 255.255.255.0
 client-identifier 01f0.7d68.0f83.64
 client-name noname11
!
ip dhcp pool noname12
 host 192.168.7.152 255.255.255.0
 client-identifier 01f0.7d68.0f91.3d
 client-name noname12
!
ip dhcp pool noname13
 host 192.168.7.153 255.255.255.0
 client-identifier 01f0.7d68.0f90.b4
 client-name noname13
!
ip dhcp pool noname14
 host 192.168.7.166 255.255.255.0
 client-identifier 0168.7f74.5af6.b6
 client-name noname14
!
ip dhcp pool noname15
 host 192.168.7.171 255.255.255.0
 client-identifier 0168.7f74.5af7.30
 client-name noname15
!
ip dhcp pool noname16
 host 192.168.7.167 255.255.255.0
 client-identifier 0168.7f74.5af5.5a
 client-name noname16
!
ip dhcp pool noname18
 host 192.168.7.175 255.255.255.0
 client-identifier 0164.66b3.8c01.b5
 client-name noname18
!
ip dhcp pool noname19
 host 192.168.7.168 255.255.255.0
 client-identifier 0100.2369.7e4e.20
 client-name noname19
!
ip dhcp pool nov4
 host 192.168.7.179 255.255.255.0
 client-identifier 0188.532e.b4b6.35
 client-name nov4
!
ip dhcp pool android1e42c553e158638d
 host 192.168.7.180 255.255.255.0
 client-identifier 01b0.df3a.097a.0b
 client-name android1e42c553e158638d
!
ip dhcp pool SEC0015998367A7
 host 192.168.7.194 255.255.255.0
 client-identifier 0100.1599.8367.a7
 client-name SEC0015998367A7
!
ip dhcp pool XRX0000AAF017A7
 host 192.168.7.195 255.255.255.0
 client-identifier 0100.00aa.f017.a7
 client-name XRX0000AAF017A7
!
ip dhcp pool noname22
 host 192.168.7.196 255.255.255.0
 client-name noname22
!
ip dhcp pool noname23
 host 192.168.7.197 255.255.255.0
 client-identifier 0100.1195.0fda.cf
 client-name noname23
!
ip dhcp pool PS6E69DD
 host 192.168.7.198 255.255.255.0
 client-name PS6E69DD
!
ip dhcp pool BUHG
 host 192.168.7.202 255.255.255.0
 client-identifier 0100.226b.3a34.e0
 client-name BUHG
!
ip dhcp pool noname24
 host 192.168.7.211 255.255.255.0
 client-identifier 010c.2724.3148.17
 client-name noname24
!
ip dhcp pool noname25
 host 192.168.7.214 255.255.255.0
 client-identifier 010c.6803.c136.be
 client-name noname25
!
ip dhcp pool noname26
 host 192.168.7.213 255.255.255.0
 client-identifier 01b4.e9b0.8c14.52
 client-name noname26
!
ip dhcp pool noname27
 host 192.168.7.215 255.255.255.0
 client-identifier 010c.2724.3166.8c
 client-name noname27
!
ip dhcp pool noname28
 host 192.168.7.216 255.255.255.0
 client-identifier 0168.86a7.c599.22
 client-name noname28
!
ip dhcp pool noname29
 host 192.168.7.217 255.255.255.0
 client-identifier 01b4.e9b0.000d.23
 client-name noname29
!
ip dhcp pool noname30
 host 192.168.7.218 255.255.255.0
 client-identifier 01b4.e9b0.8c1c.ed
 client-name noname30
!
ip dhcp pool noname31
 host 192.168.7.219 255.255.255.0
 client-identifier 0128.34a2.f6dd.4d
 client-name noname31
!
ip dhcp pool noname32
 host 192.168.7.220 255.255.255.0
 client-identifier 0100.055d.59ad.6e
 client-name noname32
!
ip dhcp pool noname33
 host 192.168.7.221 255.255.255.0
 client-identifier 0100.00aa.a8c1.bb
 client-name noname33
!
ip dhcp pool XRX9C934E18533D
 host 192.168.7.222 255.255.255.0
 client-identifier 019c.934e.1853.3d
 client-name XRX9C934E18533D
!
ip dhcp pool noname34
 host 192.168.7.223 255.255.255.0
 client-identifier 0180.c16e.9005.4c
 client-name noname34
!
ip dhcp pool XRX0000AACDAD60
 host 192.168.7.224 255.255.255.0
 client-identifier 0100.00aa.cdad.60
 client-name XRX0000AACDAD60
!
ip dhcp pool noname35
 host 192.168.7.226 255.255.255.0
 client-identifier 0130.f70d.02f3.6b
 client-name noname35
!
ip dhcp pool noname36
 host 192.168.7.227 255.255.255.0
 client-identifier 0130.f70d.02f3.66
 client-name noname36
!
ip dhcp pool noname37
 host 192.168.7.228 255.255.255.0
 client-identifier 01d4.94a1.3146.10
 client-name noname37
!
ip dhcp pool noname38
 host 192.168.7.229 255.255.255.0
 client-identifier 01f0.2929.e2c6.0d
 client-name noname38
!
ip dhcp pool noname39
 host 192.168.7.231 255.255.255.0
 client-identifier 01c8.be19.264a.d0
 client-name noname39
!
ip dhcp pool noname40
 host 192.168.7.232 255.255.255.0
 client-identifier 0114.d64d.8930.80
 client-name noname40
!
ip dhcp pool noname41
 host 192.168.7.235 255.255.255.0
 client-identifier 01b8.621f.885d.ac
 client-name noname41
!
ip dhcp pool noname42
 host 192.168.7.236 255.255.255.0
 client-identifier 01b8.621f.886f.b0
 client-name noname42
!
ip dhcp pool noname43
 host 192.168.7.237 255.255.255.0
 client-identifier 01b8.621f.8870.e4
 client-name noname43
!
ip dhcp pool noname44
 host 192.168.7.238 255.255.255.0
 client-identifier 01b8.621f.8865.c0
 client-name noname44
!
ip dhcp pool noname45
 host 192.168.7.240 255.255.255.0
 client-identifier 01bc.5ff4.f253.4e
 client-name noname45
!
ip dhcp pool noname46
 host 192.168.7.245 255.255.255.0
 client-identifier 0100.1761.1084.47
 client-name noname46
!
ip dhcp pool noname47
 host 192.168.7.246 255.255.255.0
 client-identifier 0100.1761.1081.d3
 client-name noname47
!
ip dhcp pool noname48
 host 192.168.7.248 255.255.255.0
 client-identifier 016c.9ced.fe2c.2f
 client-name noname48
!
ip dhcp pool noname49
 host 192.168.7.250 255.255.255.0
 client-identifier 0100.40ef.f099.f6
 client-name noname49
!
ip dhcp pool noname50
 host 192.168.7.253 255.255.255.0
 client-identifier 0134.dbfd.7ff5.3d
 client-name noname50
!
ip dhcp pool noname51
 host 192.168.7.254 255.255.255.0
 client-identifier 0134.bdc8.39ec.67
 client-name noname51
!
ip dhcp pool Color11
 host 192.168.7.19 255.255.255.0
 client-identifier 0144.8a5b.6b9d.b4
 client-name Color11
!
ip dhcp pool Color12
 host 192.168.7.22 255.255.255.0
 client-identifier 01bc.5ff4.ef2f.be
 client-name Color12
!
ip dhcp pool Nov13
 host 192.168.7.33 255.255.255.0
 client-identifier 0100.138f.e3fc.34
 client-name Nov13
!
ip dhcp pool Nov29
 host 192.168.7.34 255.255.255.0
 client-identifier 016c.626d.d3a8.d6
 client-name Nov29
!
ip dhcp pool Service5
 host 192.168.7.39 255.255.255.0
 client-identifier 01bc.5ff4.0fd8.4d
 client-name Service5
!
ip dhcp pool Noc32
 host 192.168.7.49 255.255.255.0
 client-identifier 0100.1ec9.30b5.40
 client-name Nov32
!
ip dhcp pool Color3
 host 192.168.7.51 255.255.255.0
 client-identifier 0144.8a5b.6b9f.6c
 client-name Color3
!
ip dhcp pool Color5
 host 192.168.7.55 255.255.255.0
 client-identifier 01bc.5ff4.eea5.7f
 client-name Color5
!
ip dhcp pool Color21
 host 192.168.7.60 255.255.255.0
 client-identifier 0100.19db.ae57.6d
 client-name Color21
!
ip dhcp pool Nov22
 host 192.168.7.64 255.255.255.0
 client-identifier 0110.bf48.0e2f.10
 client-name Nov22
!
ip dhcp pool Color27
 host 192.168.7.65 255.255.255.0
 client-identifier 0100.2522.e457.ae
 client-name Color27
!
ip dhcp pool Color34
 host 192.168.7.70 255.255.255.0
 client-identifier 0164.66b3.0573.79
 client-name Color34
!
ip dhcp pool Color28
 host 192.168.7.74 255.255.255.0
 client-identifier 01d4.3d7e.30ec.68
 client-name Color28
!
ip dhcp pool Color4
 host 192.168.7.76 255.255.255.0
 client-identifier 0100.19db.e8e2.b6
 client-name Color4
!
ip dhcp pool Color7
 host 192.168.7.78 255.255.255.0
 client-identifier 0144.8a5b.6b97.ad
 client-name Color7
!
ip dhcp pool Lux5
 host 192.168.7.90 255.255.255.0
 client-identifier 014c.72b9.8d0d.09
 client-name Lux5
!
ip dhcp pool Lux12
 host 192.168.7.92 255.255.255.0
 client-identifier 014c.72b9.c434.39
 client-name lux12
!
ip dhcp pool Lux13
 host 192.168.7.93 255.255.255.0
 client-identifier 0160.eb69.6818.3f
 client-name Lux13
!
ip dhcp pool nov36
 host 192.168.7.97 255.255.255.0
 client-identifier 01bc.5ff4.eea5.a1
 client-name nov36
!
ip dhcp pool iphoneVKoz
 host 192.168.7.177 255.255.255.0
 client-identifier 01d4.f46f.7b79.67
 client-name iphoneVKoz
!
ip dhcp pool al
 host 192.168.7.178 255.255.255.0
 hardware-address 6477.91da.5642
 client-name al
!
ip dhcp pool ev
 host 192.168.7.181 255.255.255.0
 client-identifier 01bc.8556.2d6e.0b
 client-name ev
!
ip dhcp pool nik
 host 192.168.7.184 255.255.255.0
 client-identifier 01d0.22be.26b1.ab
 client-name nik
!
ip dhcp pool MacBookAir
 host 192.168.7.186 255.255.255.0
 client-identifier 0164.76ba.a128.d4
 client-name MacBookAir
!
ip dhcp pool NOV21
 host 192.168.7.77 255.255.255.0
 client-identifier 0100.0854.13ce.bf
 client-name NOV21
!
ip dhcp pool Mig-nach
 host 192.168.7.100 255.255.255.0
 client-identifier 0194.de80.6a37.eb
 client-name Mig-nataly
!
ip dhcp pool Mig-alla
 host 192.168.7.101 255.255.255.0
 client-identifier 0194.de80.68e2.11
 client-name alla
!
ip dhcp pool Mig-andrey
 host 192.168.7.102 255.255.255.0
 client-identifier 0110.c37b.5059.81
 client-name Mig-andrey
!
ip dhcp pool Mig-sergey
 host 192.168.7.103 255.255.255.0
 client-identifier 01bc.ee7b.8c58.63
 client-name Mig-sergey
!
ip dhcp pool Mig-dap2590
 host 192.168.7.104 255.255.255.0
 client-identifier 0114.d64d.ea77.d0
 client-name Mig-dap2590
!
ip dhcp pool Mig-pjpro400mfp
 host 192.168.7.105 255.255.255.0
 client-identifier 012c.59e5.d118.d6
 client-name Mig-pjpro400mfp
!
ip dhcp pool Mig-Dgd
 host 192.168.7.106 255.255.255.0
 client-identifier 0100.1075.393d.0b
 client-name Mig-Dgd
!
ip dhcp pool color37
 host 192.168.7.63 255.255.255.0
 client-identifier 0190.489a.b3b8.0b
 client-name color37
!
ip dhcp pool service8
 host 192.168.7.40 255.255.255.0
 client-identifier 0100.19db.d015.a2
 client-name service8
!
ip dhcp pool color15
 host 192.168.7.42 255.255.255.0
 client-identifier 016c.626d.d3a8.5f
 client-name color15
!
ip dhcp pool nov2
 host 192.168.7.44 255.255.255.0
 client-identifier 01f8.1a67.1b3c.fc
 client-name nov2
!
ip dhcp pool nov13
 host 192.168.7.62 255.255.255.0
 client-identifier 0100.2185.62df.77
 client-name nov13
!
ip dhcp pool lenovo50
 host 192.168.7.71 255.255.255.0
 client-identifier 0190.489a.b3a8.69
 client-name lenovo50
!
ip dhcp pool lux4
 host 192.168.7.83 255.255.255.0
 client-identifier 0100.8048.2076.4d
 client-name lux4
!
ip dhcp pool lux6
 host 192.168.7.85 255.255.255.0
 client-identifier 011c.6f65.3718.de
 client-name lux6
!
ip dhcp pool nov50
 host 192.168.7.150 255.255.255.0
 client-identifier 01d0.5099.1d7b.6b
 client-name nov50
!
ip dhcp pool bezp
 host 192.168.7.182 255.255.255.0
 client-identifier 0100.5056.c000.01
 client-name bezp
!
ip dhcp pool iphonee
 host 192.168.7.183 255.255.255.0
 client-identifier 0128.e14c.e386.4a
 client-name iphonee
!
ip dhcp pool TPlinkWA801Zvezda
 host 192.168.7.174 255.255.255.0
 client-identifier 01a0.f3c1.dfa5.3f
 client-name TPlinkWA801Zvezda
!
ip dhcp pool File1
 host 192.168.7.1 255.255.255.0
 client-identifier 0100.0423.af04.1d
 client-name File
!
ip dhcp pool cisco889
 host 192.168.7.139 255.255.255.0
 hardware-address 30f7.0de8.26b0
 client-name cisco889
!
ip dhcp pool Mig-Natalia
 host 192.168.7.107 255.255.255.0
 client-identifier 0100.f76f.acc0.ab
 client-name Natalia
!
ip dhcp pool Mig-phAlla
 host 192.168.7.108 255.255.255.0
 client-identifier 01d0.22be.ce2a.fd
 client-name alla
!
ip dhcp pool Mig-phAndrey
 host 192.168.7.109 255.255.255.0
 hardware-address 5cb5.2408.9d70
 client-name andrey
!
ip dhcp pool Mig-w
 host 192.168.7.110 255.255.255.0
 client-identifier 01f4.09d8.aaf8.81
 client-name w
!
ip dhcp pool ecolux14
 host 192.168.7.84 255.255.255.0
 client-identifier 011c.6f65.361e.d1
 client-name ecolux14
!
ip dhcp pool ecolux7
 host 192.168.7.86 255.255.255.0
 client-identifier 01bc.5ff4.d3c9.07
 client-name ecolux7
!
ip dhcp pool ecolux9
 host 192.168.7.88 255.255.255.0
 client-identifier 011c.6f65.3724.45
 client-name ecolux9
!
ip dhcp pool 1
!
ip dhcp pool mig111
 host 192.168.7.111 255.255.255.0
 client-identifier 0148.437c.5048.38
 client-name mig111
!
!
!
ip name-server 95.161.0.77
ip name-server 95.161.127.77
ip name-server 77.88.8.8
!
ip urlfilter exclusive-domain deny youtube
no ipv6 cef
!

parameter-map type urlfpolicy local URLFilter
 alert off
 block-page message "The Site Is Blocked. Contact the Administrator"
parameter-map type urlf-glob OnlyOneSite
 pattern yandex.ru
 pattern *.yandex.ru
 pattern ya.ru
 pattern citycompany.ru
 pattern admin.siteheart.com
 pattern siteheart.com
 pattern rashodnika.net
 pattern docs.google.com
 pattern google.ru
 pattern asana.com
 pattern citilink.ru
 pattern inktechnologies.com
 pattern pecom.ru
 pattern spb.dellin.ru
 pattern emspost.ru
 pattern baltcourier.ru
 pattern mail.ru
 pattern lastfm.ru
 pattern zapravka.in
 pattern econ-lite.ru
 pattern visa.qiwi.com
 pattern key.ru
 pattern ulmart.ru
 pattern *ulmart.ru
 pattern *citycompany.ru
 pattern *siteheart.com
 pattern *rashodnika.net
 pattern *citilink.ru
 pattern *inktechnologies.com
 pattern *emspost.ru
 pattern *baltcourier.ru
 pattern *lastfm.ru
 pattern *zapravka.in
 pattern *econ-lite.ru
 pattern *boomerang-spb.ru

parameter-map type urlf-glob PermitedSites
 pattern *

multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group VPDN-PPTP
 ! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 pptp tunnel echo 10
 ip pmtu
 ip mtu adjust
!
!
!
crypto pki trustpoint TP-self-signed-1843984616
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1843984616
 revocation-check none
 rsakeypair TP-self-signed-1843984616
!
!
crypto pki certificate chain TP-self-signed-1843984616
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31383433 39383436 3136301E 170D3135 30333136 30393135
  35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38343339
  38343631 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009B6D 51DF75D8 A121B816 97D7BC48 D67EC445 66DE3C63 A81D83F5 7D397C0D
  F8F80990 B894DD69 E0308692 0ABAB1C8 CEA70834 32313A9C 4381C8E8 08A5C070
  8C435A45 D6FB001E 54B3CDA2 B68DDDD8 C35C988E 06C50ED9 DE683BF2 FAA4F270
  2754B55C 28AC5821 4E9579DC C27D4679 9490E45D EB059C8C E6E6AB32 53442CA7
  ABBF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14DBFBA5 F8810BE6 EF89C9E8 18F52A6D 0D29E49F 16301D06
  03551D0E 04160414 DBFBA5F8 810BE6EF 89C9E818 F52A6D0D 29E49F16 300D0609
  2A864886 F70D0101 05050003 81810006 13F00974 8BC863B9 9ADCD7DC CD62FAEB
  C4DFE5FC 9BB77D68 145BCDE6 EA883702 1A99467A 931A504A 334BAE6F 419CE58F
  7B41B371 CE8E88B1 84BBE863 380326D0 1A93720A 5BAC2811 EA3016AA A74D146F
  9976D301 92B6E6AF EE6F7B86 FB15A628 E72D544B C69E9BC2 31C96EEE 633A7EFF
  3A96653B 675ABD1A 69BBC0F5 DEBCDF
     quit
license udi pid CISCO2921/K9 sn ***
!
!
username admin privilege 15 password 0 ****
username service privilege 0 password 0 ****
username service aaa attribute list service
username cam privilege 0 password 0 ****
username cam aaa attribute list cam
username reg1 privilege 0 password 0 ****
username reg1 aaa attribute list reg1
username eco privilege 0 password 0 ****
username eco aaa attribute list eco
username administrator privilege 2 secret 4 ****
username color10 privilege 0 password 0 ****
username color10 aaa attribute list color10
!
redundancy
!
!
!
!
!
!
class-map type inspect match-all VOIP
 match access-group name VOIP
class-map type inspect match-any WAN_IN
 match access-group name WAN_IN
class-map type inspect match-all MAIL
 match access-group name MAIL
class-map type inspect match-all IC
 match access-group name IC
class-map type inspect match-all WebLim
 match protocol http
 match access-group name ACL_Limit
class-map type inspect match-all Web_Only_One
 match protocol http
 match access-group name ACL_Only_One
class-map type inspect match-any Control
 match protocol icmp
 match protocol pptp
 match protocol dns
 match protocol ftp
 match protocol snmp
 match protocol pop3
 match protocol imap
 match protocol icq
 match protocol smtp
 match protocol imaps
 match protocol imap3
 match protocol sip
 match protocol sip-tls
class-map type inspect match-any Web
 match protocol http
 match protocol https
class-map type urlfilter match-any OnlyOneSite
 match server-domain urlf-glob OnlyOneSite
class-map type urlfilter match-any PermitedSites
 match server-domain urlf-glob PermitedSites
!
policy-map type inspect urlfilter URLFL_MAP
 parameter type urlfpolicy local URLFilter
 class type urlfilter OnlyOneSite
  allow
 class type urlfilter PermitedSites
  reset
policy-map type inspect Inspect_Outside_To_Inside
 class type inspect WAN_IN
  inspect
 class class-default
  drop
policy-map type inspect Inspect_Inside_To_Outside
 class type inspect Control
  inspect
 class type inspect IC
  inspect
 class type inspect MAIL
  inspect
 class type inspect VOIP
  inspect
 class type inspect Web_Only_One
  inspect
  service-policy urlfilter URLFL_MAP
 class type inspect Web
  inspect
 class class-default
  drop
!
zone security inside
 description inside zone
zone security outside
 description outside
zone-pair security inside_to_outside source inside destination outside
 service-policy type inspect Inspect_Inside_To_Outside
zone-pair security outside_to_inside source outside destination inside
 service-policy type inspect Inspect_Outside_To_Inside
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
 lifetime 3600
crypto isakmp key *** address ***   
crypto isakmp key *** address ***
crypto isakmp key *** address ***   
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address *** 
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address *** 
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
crypto isakmp key *** address ***
!
!
crypto ipsec transform-set IPSEC esp-des esp-md5-hmac
 mode tunnel
!
!
!
crypto map MAP_TUNNEL 1 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 101
crypto map MAP_TUNNEL 2 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 102
crypto map MAP_TUNNEL 3 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 103
crypto map MAP_TUNNEL 4 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 104
crypto map MAP_TUNNEL 5 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 105
crypto map MAP_TUNNEL 6 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 106
crypto map MAP_TUNNEL 7 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 107
crypto map MAP_TUNNEL 8 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 108
crypto map MAP_TUNNEL 9 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 109
crypto map MAP_TUNNEL 10 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 110
crypto map MAP_TUNNEL 11 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 111
crypto map MAP_TUNNEL 12 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 112
crypto map MAP_TUNNEL 13 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 113
crypto map MAP_TUNNEL 14 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 114
crypto map MAP_TUNNEL 15 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 115
crypto map MAP_TUNNEL 16 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 116
crypto map MAP_TUNNEL 17 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 117
crypto map MAP_TUNNEL 18 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 118
crypto map MAP_TUNNEL 19 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 119
crypto map MAP_TUNNEL 20 ipsec-isakmp
 set peer ***
 set transform-set IPSEC
 match address 120
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LOCAL_LAN
 ip address 192.168.7.249 255.255.255.0
 ip access-group LAN_OUT in
 ip nat inside
 ip virtual-reassembly in
 zone-member security inside
 duplex auto
 speed auto
 arp timeout 10
!
interface GigabitEthernet0/1
 description INTERNET_TIERA
 ip address *** 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 zone-member security outside
 duplex auto
 speed auto
 crypto map MAP_TUNNEL
!
interface GigabitEthernet0/2
 ip address 192.168.50.249 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Virtual-Template1
 ip unnumbered GigabitEthernet0/0
 ip nat inside
 ip virtual-reassembly in
 zone-member security inside
 autodetect encapsulation ppp
 ppp encrypt mppe auto
 ppp authentication ms-chap-v2
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source static tcp 192.168.7.5 21 interface GigabitEthernet0/1 21
ip nat inside source static tcp 192.168.7.10 8080 interface GigabitEthernet0/1 8080
ip nat inside source static tcp 192.168.7.10 3089 interface GigabitEthernet0/1 3089
ip nat inside source route-map WAN_REZERV interface GigabitEthernet0/2 overload
ip nat inside source route-map WAN_TIERA interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.50.1 track 1
ip route 0.0.0.0 0.0.0.0 95.161.8.1 250
!
ip access-list extended ACL_Limit
 permit tcp any any eq www
ip access-list extended ACL_Only_One
 permit tcp host 192.168.7.36 any eq www
 permit tcp host 192.168.7.30 any eq www
 permit tcp host 192.168.7.27 any eq www
 permit tcp host 192.168.7.24 any eq www
 permit tcp host 192.168.7.53 any eq www
 permit tcp host 192.168.7.61 any eq www
 permit tcp host 192.168.7.64 any eq www
 permit tcp host 192.168.7.69 any eq www
 permit tcp host 192.168.7.68 any eq www
 permit tcp host 192.168.7.34 any eq www
 permit tcp host 192.168.7.54 any eq www
 permit tcp host 192.168.7.31 any eq www
 permit tcp host 192.168.7.49 any eq www
 permit tcp host 192.168.7.13 any eq www
 permit tcp host 192.168.7.47 any eq www
 permit tcp host 192.168.7.62 any eq www
 permit tcp host 192.168.7.33 any eq www
 permit tcp host 192.168.7.96 any eq www
 permit tcp host 192.168.7.97 any eq www
 permit tcp host 192.168.7.67 any eq www
 permit tcp host 192.168.7.78 any eq www
 permit tcp host 192.168.7.48 any eq www
 permit tcp host 192.168.7.94 any eq www
ip access-list extended IC
 permit tcp any any eq 3389
 permit tcp any any eq 4899
 permit tcp any any eq nntp
ip access-list extended LAN
 deny   ip 192.168.7.0 0.0.0.255 192.168.3.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.10.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.2.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.8.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.13.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.20.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.17.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.16.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.14.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.21.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.22.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.23.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.24.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.40.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.12.0 0.0.0.255
 deny   ip 192.168.7.0 0.0.0.255 192.168.50.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 any
ip access-list extended LAN_OUT
 remark CCP_ACL Category=17
 permit tcp host 192.168.7.44 87.240.0.0 0.0.255.255 eq www
 permit tcp host 192.168.7.45 87.240.0.0 0.0.255.255 eq www
 permit tcp host 192.168.7.46 87.240.0.0 0.0.255.255 eq www
 permit tcp host 192.168.7.47 87.240.0.0 0.0.255.255 eq www
 deny   tcp host 192.168.7.48 87.240.0.0 0.0.255.255 eq www
 permit tcp host 192.168.7.44 93.186.0.0 0.0.255.255 eq www
 permit tcp host 192.168.7.45 93.186.0.0 0.0.255.255 eq www
 permit tcp host 192.168.7.46 93.186.0.0 0.0.255.255 eq www
 permit tcp host 192.168.7.47 93.186.0.0 0.0.255.255 eq www
 deny   tcp host 192.168.7.48 93.186.0.0 0.0.255.255 eq www
 deny   tcp any 87.240.0.0 0.0.255.255 eq www
 deny   tcp any 93.186.0.0 0.0.255.255 eq www
 deny   ip host 192.168.7.36 any
 permit ip any any
ip access-list extended MAIL
 permit tcp any any eq 995
 permit tcp any any eq 465
 permit tcp any any eq smtp
 permit tcp any any eq 993
ip access-list extended REZERV
 permit ip 192.168.7.0 0.0.0.255 any
ip access-list extended VOIP
 permit ip 192.168.7.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.21.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.2.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.3.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.8.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.10.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.12.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.13.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.14.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.16.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.17.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.20.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.22.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.23.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.40.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.50.0 0.0.0.255
 permit tcp any any eq 8291
ip access-list extended WAN
 permit esp any any
 permit udp any any eq isakmp
 permit udp any any eq non500-isakmp
 permit gre any any
 permit icmp any any
 permit tcp any any eq domain
 permit udp any any eq domain
 permit tcp any any eq www
 permit ip host 31.193.122.22 any
 permit ip host 31.193.123.22 any
 permit ip host 95.161.0.77 any
 permit ip host 95.161.127.77 any
 permit udp host 192.168.7.230 any eq 5060
 permit udp host 192.168.7.230 any eq 6060
 permit tcp host 192.168.7.5 any eq ftp
 permit tcp host 192.168.7.10 any eq 8080
 permit tcp host 192.168.7.10 any eq 3389
 permit tcp any any eq 47
 permit udp any any eq 47
 permit udp any any eq 1723
 permit tcp any any eq 1723
 permit udp any any eq 80
 permit tcp any any eq smtp
 permit ip 192.168.0.0 0.0.255.255 any
 permit ip host 80.75.132.66 any
ip access-list extended WAN_IN
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit ip host *** any
 permit icmp any any
 permit gre any any
 permit ipinip any any
 permit tcp any any eq 1723
 permit tcp any any eq 500
 permit tcp any any eq pop3
 permit tcp any any eq 465
 permit tcp any any eq 995
 permit ip 81.88.86.0 0.0.0.255 any
 permit udp host 81.88.86.11 any
 permit tcp 81.88.86.0 0.0.0.255 any
 permit udp 81.88.86.0 0.0.0.255 any
 permit tcp host 81.88.86.11 any
 permit tcp any any eq 3478
 permit tcp any any eq 3479
 permit udp any any eq 3479
 permit udp any any eq 3478
 permit udp any any eq 5060
 permit tcp any any eq 5060
 permit tcp any any eq 8000
 permit udp any any eq 8000
 permit ip host 80.75.132.66 any
 permit tcp any any eq 993
 permit udp any any eq 993
 permit ip 192.168.2.0 0.0.0.255 any
 permit ip 192.168.3.0 0.0.0.255 any
 permit ip 192.168.4.0 0.0.0.255 any
 permit ip 192.168.5.0 0.0.0.255 any
 permit ip 192.168.8.0 0.0.0.255 any
 permit ip 192.168.9.0 0.0.0.255 any
 permit ip 192.168.10.0 0.0.0.255 any
 permit ip 192.168.12.0 0.0.0.255 any
 permit ip 192.168.13.0 0.0.0.255 any
 permit ip 192.168.14.0 0.0.0.255 any
 permit ip 192.168.16.0 0.0.0.255 any
 permit ip 192.168.17.0 0.0.0.255 any
 permit ip 192.168.20.0 0.0.0.255 any
 permit ip 192.168.21.0 0.0.0.255 any
 permit ip 192.168.22.0 0.0.0.255 any
 permit ip 192.168.23.0 0.0.0.255 any
 permit ip 192.168.24.0 0.0.0.255 any
 permit ip 192.168.40.0 0.0.0.255 any
 permit ip 192.168.50.0 0.0.0.255 any
 permit tcp any any eq nntp
 permit tcp any any eq 445
 permit tcp any any eq 139
!
ip sla auto discovery
ip sla 1
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1
 frequency 20
ip sla schedule 1 life forever start-time now
logging trap debugging
logging facility local6
logging host 192.168.7.5
access-list 101 permit ip 192.168.7.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip 192.168.7.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit ip 192.168.7.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 192.168.7.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 105 permit ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 106 permit ip 192.168.7.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 108 permit ip 192.168.7.0 0.0.0.255 192.168.12.0 0.0.0.255
access-list 109 permit ip 192.168.7.0 0.0.0.255 192.168.13.0 0.0.0.255
access-list 110 permit ip 192.168.7.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 111 permit ip 192.168.7.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 112 permit ip 192.168.7.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 113 permit ip 192.168.7.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 114 permit ip 192.168.7.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 115 permit ip 192.168.7.0 0.0.0.255 192.168.50.0 0.0.0.255
access-list 116 permit ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 117 permit ip 192.168.7.0 0.0.0.255 192.168.21.0 0.0.0.255
access-list 118 permit ip 192.168.7.0 0.0.0.255 192.168.22.0 0.0.0.255
access-list 119 permit ip 192.168.7.0 0.0.0.255 192.168.23.0 0.0.0.255
access-list 120 permit ip 192.168.7.0 0.0.0.255 192.168.24.0 0.0.0.255
arp 192.168.7.3 000e.a634.9c30 ARPA
arp 192.168.7.4 0011.092b.05da ARPA
arp 192.168.7.5 0019.dbaa.12c2 ARPA
arp 192.168.7.7 0011.0966.1abe ARPA
arp 192.168.7.8 0030.48c5.7402 ARPA
arp 192.168.7.9 0022.3fa9.e453 ARPA
arp 192.168.7.10 8c89.a5dd.e1a1 ARPA
arp 192.168.7.11 d43d.7e30.eb61 ARPA
arp 192.168.7.12 0019.dbad.884f ARPA
arp 192.168.7.13 0016.1798.cd4f ARPA
arp 192.168.7.14 0013.d3a9.39ca ARPA
arp 192.168.7.15 0016.1798.cd2d ARPA
arp 192.168.7.16 0021.9791.d550 ARPA
arp 192.168.7.18 0021.8559.63a9 ARPA
arp 192.168.7.19 448a.5b6b.9db4 ARPA
arp 192.168.7.20 6c62.6dd3.a75a ARPA
arp 192.168.7.21 0019.dbac.875f ARPA
arp 192.168.7.22 bc5f.f4ef.2fbe ARPA
arp 192.168.7.23 0025.22c8.c7b0 ARPA
arp 192.168.7.24 000c.762a.c1cf ARPA
arp 192.168.7.26 0025.22d8.c37e ARPA
arp 192.168.7.27 0010.dc97.ca12 ARPA
arp 192.168.7.28 0019.6658.9f33 ARPA
arp 192.168.7.29 0025.225d.4f37 ARPA
arp 192.168.7.30 94de.8010.c3be ARPA
arp 192.168.7.32 0019.6694.5f2a ARPA
arp 192.168.7.33 0013.8fe3.fc34 ARPA
arp 192.168.7.34 6c62.6dd3.a8d6 ARPA
arp 192.168.7.35 0019.6659.278b ARPA
arp 192.168.7.36 bc5f.f4aa.0bdf ARPA
arp 192.168.7.37 0019.dbaa.12c5 ARPA
arp 192.168.7.38 0025.2268.6fd3 ARPA
arp 192.168.7.39 bc5f.f40f.d84d ARPA
arp 192.168.7.40 0019.dbd0.15a2 ARPA
arp 192.168.7.41 001d.600c.2185 ARPA
arp 192.168.7.42 6c62.6dd3.a85f ARPA
arp 192.168.7.43 6c62.6dd3.a799 ARPA
arp 192.168.7.44 f81a.671b.3cfc ARPA
arp 192.168.7.45 1c6f.6524.f0d9 ARPA
arp 192.168.7.46 5046.5d76.50d2 ARPA
arp 192.168.7.47 10bf.4871.baf7 ARPA
arp 192.168.7.48 001e.c930.792a ARPA
arp 192.168.7.49 001e.c930.b540 ARPA
arp 192.168.7.50 0019.66ee.8890 ARPA
arp 192.168.7.51 448a.5b6b.9f6c ARPA
arp 192.168.7.52 6c62.6dd3.a933 ARPA
arp 192.168.7.53 0019.dbc8.de23 ARPA
arp 192.168.7.54 0025.220a.1877 ARPA
arp 192.168.7.55 bc5f.f4ee.a57f ARPA
arp 192.168.7.57 4061.86c9.f4be ARPA
arp 192.168.7.58 50e5.4921.8ed8 ARPA
arp 192.168.7.59 0011.0965.7e89 ARPA
arp 192.168.7.60 0019.dbae.576d ARPA
arp 192.168.7.61 001d.9209.329f ARPA
arp 192.168.7.62 0021.8562.df77 ARPA
arp 192.168.7.63 9048.9ab3.b80b ARPA
arp 192.168.7.64 10bf.480e.2f10 ARPA
arp 192.168.7.65 0025.22e4.57ae ARPA
arp 192.168.7.66 6c62.6dcc.59cc ARPA
arp 192.168.7.67 bc5f.f40f.d850 ARPA
arp 192.168.7.68 0015.f29d.14f5 ARPA
arp 192.168.7.69 0011.25bc.5d4e ARPA
arp 192.168.7.70 6466.b305.7379 ARPA
arp 192.168.7.71 9048.9ab3.a869 ARPA
arp 192.168.7.72 001e.c930.8952 ARPA
arp 192.168.7.73 1c6f.6537.2b9c ARPA
arp 192.168.7.74 d43d.7e30.ec68 ARPA
arp 192.168.7.75 0019.6658.7c1e ARPA
arp 192.168.7.76 0019.dbe8.e2b6 ARPA
arp 192.168.7.77 0008.5413.cebf ARPA
arp 192.168.7.78 448a.5b6b.97ad ARPA
arp 192.168.7.79 50e5.49af.c111 ARPA
arp 192.168.7.80 1c6f.6536.9b3c ARPA
arp 192.168.7.82 001c.f011.7cc3 ARPA
arp 192.168.7.83 0080.4820.764d ARPA
arp 192.168.7.85 1c6f.6537.18de ARPA
arp 192.168.7.90 4c72.b98d.0d09 ARPA
arp 192.168.7.91 0015.9971.4bbd ARPA
arp 192.168.7.92 4c72.b9c4.3439 ARPA
arp 192.168.7.93 60eb.6968.183f ARPA
arp 192.168.7.95 bc5f.f4ee.a59d ARPA
arp 192.168.7.96 bc5f.f4ee.a456 ARPA
arp 192.168.7.97 bc5f.f4ee.a5a1 ARPA
arp 192.168.7.100 94de.806a.37eb ARPA
arp 192.168.7.101 94de.8068.e211 ARPA
arp 192.168.7.102 10c3.7b50.5981 ARPA
arp 192.168.7.103 bcee.7b8c.5863 ARPA
arp 192.168.7.104 14d6.4dea.77d0 ARPA
arp 192.168.7.105 2c59.e5d1.18d6 ARPA
arp 192.168.7.106 0010.7539.3d0b ARPA
arp 192.168.7.150 d050.991d.7b6b ARPA
arp 192.168.7.151 f07d.680f.8364 ARPA
arp 192.168.7.152 f07d.680f.913d ARPA
arp 192.168.7.153 f07d.680f.90b4 ARPA
arp 192.168.7.166 687f.745a.f6b6 ARPA
arp 192.168.7.167 687f.745a.f55a ARPA
arp 192.168.7.168 0023.697e.4e20 ARPA
arp 192.168.7.171 687f.745a.f730 ARPA
arp 192.168.7.174 a0f3.c1df.a53f ARPA
arp 192.168.7.175 6466.b38c.01b5 ARPA
arp 192.168.7.178 6477.91da.5642 ARPA
arp 192.168.7.179 8853.2eb4.b635 ARPA
arp 192.168.7.180 b0df.3a09.7a0b ARPA
arp 192.168.7.181 bc85.562d.6e0b ARPA
arp 192.168.7.182 0050.56c0.0001 ARPA
arp 192.168.7.183 28e1.4ce3.864a ARPA
arp 192.168.7.184 d022.be26.b1ab ARPA
arp 192.168.7.186 6476.baa1.28d4 ARPA
arp 192.168.7.194 0015.9983.67a7 ARPA
arp 192.168.7.195 0000.aaf0.17a7 ARPA
arp 192.168.7.197 0011.950f.dacf ARPA
arp 192.168.7.202 0022.6b3a.34e0 ARPA
arp 192.168.7.211 0c27.2431.4817 ARPA
arp 192.168.7.213 b4e9.b08c.1452 ARPA
arp 192.168.7.214 0c68.03c1.36be ARPA
arp 192.168.7.215 0c27.2431.668c ARPA
arp 192.168.7.216 6886.a7c5.9922 ARPA
arp 192.168.7.217 b4e9.b000.0d23 ARPA
arp 192.168.7.218 b4e9.b08c.1ced ARPA
arp 192.168.7.219 2834.a2f6.dd4d ARPA
arp 192.168.7.220 0005.5d59.ad6e ARPA
arp 192.168.7.221 0000.aaa8.c1bb ARPA
arp 192.168.7.222 9c93.4e18.533d ARPA
arp 192.168.7.223 80c1.6e90.054c ARPA
arp 192.168.7.224 0000.aacd.ad60 ARPA
arp 192.168.7.226 30f7.0d02.f36b ARPA
arp 192.168.7.227 30f7.0d02.f366 ARPA
arp 192.168.7.228 d494.a131.4610 ARPA
arp 192.168.7.229 f029.29e2.c60d ARPA
arp 192.168.7.231 c8be.1926.4ad0 ARPA
arp 192.168.7.232 14d6.4d89.3080 ARPA
arp 192.168.7.235 b862.1f88.5dac ARPA
arp 192.168.7.236 b862.1f88.6fb0 ARPA
arp 192.168.7.237 b862.1f88.70e4 ARPA
arp 192.168.7.238 b862.1f88.65c0 ARPA
arp 192.168.7.240 bc5f.f4f2.534e ARPA
arp 192.168.7.245 0017.6110.8447 ARPA
arp 192.168.7.246 0017.6110.81d3 ARPA
arp 192.168.7.248 6c9c.edfe.2c2f ARPA
arp 192.168.7.250 0040.eff0.99f6 ARPA
arp 192.168.7.253 34db.fd7f.f53d ARPA
arp 192.168.7.254 34bd.c839.ec67 ARPA
arp 192.168.7.1 0004.23af.041d ARPA
arp 192.168.7.2 902b.3431.ff33 ARPA
arp 192.168.7.139 30f7.0de8.26b0 ARPA
arp 192.168.7.177 d4f4.6f7b.7967 ARPA
arp 192.168.7.107 00f7.6fac.c0ab ARPA
arp 192.168.7.108 d022.bece.2afd ARPA
arp 192.168.7.109 5cb5.2408.9d70 ARPA
arp 192.168.7.110 f409.d8aa.f881 ARPA
arp 192.168.7.84 1c6f.6536.1ed1 ARPA
arp 192.168.7.86 bc5f.f4d3.c907 ARPA
arp 192.168.7.88 1c6f.6537.2445 ARPA
arp 192.168.7.56 d43d.7eb1.c185 ARPA
arp 192.168.7.111 4843.7c50.4838 ARPA
!
route-map WAN_REZERV permit 10
 match ip address REZERV
 match interface GigabitEthernet0/2
!
route-map WAN_TIERA permit 10
 match ip address LAN
 match interface GigabitEthernet0/1
!
!
!
!
!
control-plane
!
!
privilege dhcp level 2 host
privilege dhcp level 2 client-name
privilege dhcp level 2 client-identifier
privilege dhcp level 2 no host
privilege dhcp level 2 no client-name
privilege dhcp level 2 no client-identifier
privilege dhcp level 2 no
privilege configure all level 2 arp
privilege configure level 2 interface
privilege configure level 2 ip dhcp pool
privilege configure level 2 ip dhcp
privilege configure level 2 ip
privilege configure all level 2 no arp
privilege configure level 2 no interface
privilege configure level 2 no ip dhcp pool
privilege configure level 2 no ip dhcp
privilege configure level 2 no ip
privilege configure level 2 no
privilege exec level 2 configure terminal
privilege exec level 2 configure
privilege exec level 2 show running-config
privilege exec level 2 show
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0
 privilege level 15
 transport input telnet ssh
line vty 1 4
 privilege level 15
 password ******
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end



Если есть идеи буду благодарен!

4 ОТВЕТ.

Идея проста, не проверял -

Идея проста, не проверял - отказаться от crypto-map и перейти на SVTI. А уже SVTI назначить в определенную зону.

New Member

Здравствуйте.Спасибо за ответ

Здравствуйте.

Спасибо за ответ.

Дело в том, что в центральном узле циска то стоит... Но в удаленый точкай стоят роутеры такие, как tplink, linksys,netgear и тому подобное.

Возможно с ними настроить SVTI. Если да, то можно образец настройки с теми роутерами.

А то что-то у мну не получается.

New Member

В общем пере ковырял конфиг

В общем пере ковырял конфиг нечего не помогает.
Заметил такую закономерность.
Если подключаться к pptp из локалки - видна только локалка.
Если подключаться к pptp из Инета - виден инет и туннели , а локалки нет.

 

Я извиняюсь, с SVTI не

Я извиняюсь, с SVTI не получится, там у вас фактически в crypto-acl будет permit ip any any, однако можно сделать то же самое с DVTI, т.о. у вас будет топология hub-and-spoke,

пример конфигурации хаба:

crypto isakmp key cisco address 0.0.0.0

!хотя можете добавить сюда разные ключи для разных пиров

!crypto isakmp key *** address ***   
!crypto isakmp key *** address ***
!crypto isakmp key *** address ***   

crypto isakmp profile profLAN
   vrf global

!или вообще сделать keyring для каждого пира в отдельности
   keyring default

! а тут можете прописывать только те пиры, которые у вас есть
   match identity address 0.0.0.0
   virtual-template 1
crypto ipsec transform-set TS esp-des esp-md5-hmac
 mode tunnel
crypto ipsec profile prof
 set transform-set TS
 set reverse-route tag 5
 set isakmp-profile profLAN
!
interface Virtual-Template100 type tunnel
 ip unnumbered Loopback100
 tunnel source FastEthernet0/0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile prof

!собс-но помещаете в зону inside
 zone-member security inside

При этом вы конфигурируете ваши spoke как и раньше, на них ничего менять не требуется.

И да, использование reverse-route спасет отца русской демократии от прописывания статических маршрутов на hub :)

 

 

182
Просмотры
0
Полезный материал
4
Ответы