Cisco Support Community
отмена
Отображаются результаты для 
Вместо этого искать 
Вы имели в виду: 
Объявления
Добро пожаловать в Сообщество Технической поддержки Cisco. Мы рады получить обратную связь .
New Member

PPTP cisco 2921

Добрый день, подскажите мб советом или чем то еще =))) Поднят VPDN на cisco 2921 клиент подключается к ней но выбивает с ошибкой 800 (Обычная ОС Windows XP/7) что мб быть уже не знаю куда смотреть, вот конфиг

gw2921#sh run
Building configuration...
 
Current configuration : 10772 bytes
!
! Last configuration change at 12:52:25 Ukraine Wed Sep 28 2016 by crysmas
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname gw2921
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 *************
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authentication ppp VPDN-AUTH local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
ip domain lookup source-interface GigabitEthernet0/1.1570
ip domain name *.com
ip host *.com *.*.*.41
ip name-server *.*.*.5
ip name-server *.*.*.9
ip name-server 8.8.8.8
ip inspect name Inter http timeout 3600
ip inspect name Inter https timeout 3600
ip inspect name Inter smtp timeout 3600
ip inspect name Inter udp timeout 3600
ip inspect name Inter tcp timeout 3600
ip inspect name Inter pop3 timeout 3600
ip inspect name Inter ftp timeout 3600
ip inspect name Inter dns timeout 3600
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
async-bootp dns-server 10.2.10.3 10.2.10.4
vpdn enable
!
vpdn-group PPTP
 ! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 session-limit 2
!
!
!
!
license udi pid CISCO2921/K9 sn *
!
!
username Smurfik privilege 15 secret 5 *.
username cRYSMAS privilege 15 secret 5 *
username usvpn password 7 02575608
username usvpn aaa attribute list VPDN-AUTH
!
redundancy
!
!
!
!
!
ip ssh maxstartups 2
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description Inside SW3560
 bandwidth 10000
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.9
 encapsulation dot1Q 9
 no cdp enable
!
interface GigabitEthernet0/0.10
 description Ins_SW3560_VL10
 encapsulation dot1Q 10
 ip address 10.2.10.2 255.255.255.0
 ip access-group Ins_Inter in
 ip nat inside
 ip inspect Inter in
 ip virtual-reassembly in
 no cdp enable
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 no cdp enable
!
interface GigabitEthernet0/0.40
 encapsulation dot1Q 40
 no cdp enable
!
interface GigabitEthernet0/0.50
 encapsulation dot1Q 50
 no cdp enable
!
interface GigabitEthernet0/0.60
 encapsulation dot1Q 60
 no cdp enable
!
interface GigabitEthernet0/0.61
 encapsulation dot1Q 61
 no cdp enable
!
interface GigabitEthernet0/0.70
 encapsulation dot1Q 70
 no cdp enable
!
interface GigabitEthernet0/0.80
 description Mala Viska
 encapsulation dot1Q 80
 no cdp enable
!
interface GigabitEthernet0/0.81
 encapsulation dot1Q 81
 no cdp enable
!
interface GigabitEthernet0/0.82
 encapsulation dot1Q 82
 no cdp enable
!
interface GigabitEthernet0/0.90
 encapsulation dot1Q 90
 no cdp enable
!
interface GigabitEthernet0/0.100
 no cdp enable
!
interface GigabitEthernet0/0.192
 description lan 3560
 encapsulation dot1Q 192
 ip address 192.168.1.28 255.255.248.0
 no cdp enable
!
interface GigabitEthernet0/0.1570
 encapsulation dot1Q 1570
 ip virtual-reassembly in
 no cdp enable
!
interface GigabitEthernet0/1
 bandwidth 10000
 no ip address
 ip nat outside
 ip virtual-reassembly in
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.30
 encapsulation dot1Q 30
 ip address 10.2.30.2 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.40
 encapsulation dot1Q 40
 ip address 10.2.40.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.50
 encapsulation dot1Q 50
 ip address 10.2.50.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.60
 encapsulation dot1Q 60
 ip address 10.2.60.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.61
 encapsulation dot1Q 61
 ip address 10.2.61.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.70
 encapsulation dot1Q 70
 ip address 10.2.70.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.80
 encapsulation dot1Q 80
 ip address 10.2.80.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.81
 encapsulation dot1Q 81
 ip address 10.2.81.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.82
 encapsulation dot1Q 82
 ip address 10.2.82.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.90
 encapsulation dot1Q 90
 ip address 10.2.90.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.91
 encapsulation dot1Q 91
 ip address 10.2.91.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.100
 encapsulation dot1Q 100
 ip address 10.2.100.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.110
 encapsulation dot1Q 110
 ip address 10.2.110.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.120
 encapsulation dot1Q 120
 ip address 10.2.120.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.121
 encapsulation dot1Q 121
 ip address 10.2.121.1 255.255.255.0
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.192
 description ST
 encapsulation dot1Q 192
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/1.1570
 description Outside
 encapsulation dot1Q 1570
 ip address *.*.*.162 255.255.255.252
 ip access-group Outside in
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 no ip route-cache
 no cdp enable
!
interface GigabitEthernet0/2
 no ip address
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2.10
 description UAG.10
 encapsulation dot1Q 3 native
 ip address 192.170.1.1 255.255.255.252
 ip access-group Ins_Inter in
 ip nat inside
 ip inspect Inter in
 ip virtual-reassembly in
 no cdp enable
!
interface Virtual-Template1
 ip unnumbered GigabitEthernet0/1.1570
 peer default ip address pool PPTP-POOL
 no keepalive
 ppp max-bad-auth 2
 ppp mtu adaptive
 ppp encrypt mppe 128 required
 ppp authentication ms-chap-v2 VPDN-AUTH
!
!
router eigrp 30
 network 10.2.10.0 0.0.0.255
 network 10.2.16.0 0.0.7.255
 network 10.2.20.0 0.0.0.255
 network 10.2.30.0 0.0.0.255
 network 10.2.40.0 0.0.0.255
 network 10.2.50.0 0.0.0.255
 network 10.2.60.0 0.0.0.255
 network 10.2.61.0 0.0.0.255
 network 10.2.70.0 0.0.0.255
 network 10.2.80.0 0.0.0.255
 network 10.2.81.0 0.0.0.255
 network 10.2.82.0 0.0.0.255
 network 10.2.90.0 0.0.0.255
 network 10.2.91.0 0.0.0.255
 network 10.2.100.0 0.0.0.255
 network 10.2.110.0 0.0.0.255
 network 10.2.120.0 0.0.0.255
 network 10.2.121.0 0.0.0.255
 network 10.10.1.0 0.0.0.255
 network *.*.*.0 0.0.0.3
 network 192.168.0.0 0.0.7.255
 network 192.168.9.0 0.0.0.3
 network 192.170.1.0 0.0.0.3
!
router ospf 28
 network 10.2.10.0 0.0.0.255 area 0
 network 10.2.20.0 0.0.0.255 area 0
 network 10.2.30.0 0.0.0.255 area 0
 network 10.2.40.0 0.0.0.255 area 0
 network 10.2.50.0 0.0.0.255 area 0
 network 10.2.60.0 0.0.0.255 area 0
 network 10.2.70.0 0.0.0.255 area 0
 network 10.2.80.0 0.0.0.255 area 0
 network 10.2.90.0 0.0.0.255 area 0
 network 10.2.100.0 0.0.0.255 area 0
 network 10.2.110.0 0.0.0.255 area 0
 network 10.2.120.0 0.0.0.255 area 0
 network 192.168.0.0 0.0.7.255 area 0
!
router bgp 30
 bgp log-neighbor-changes
!
ip local pool PPTP-POOL 192.170.10.10 192.170.10.100
ip default-gateway *.*.*.161
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1.1570 overload
ip nat inside source list 1570 interface GigabitEthernet0/1.1570 overload
ip nat inside source list NAT interface GigabitEthernet0/1.1570 overload
ip nat inside source static tcp 10.2.10.100 80 *.*.*.162 80 extendable
ip nat inside source static tcp 10.2.10.31 778 80 *.*.*.162  778 extendable
ip nat inside source static tcp 192.170.1.2 4090 80 *.*.*.162  4090 extendable
ip nat inside source static udp 192.170.1.2 4090 80 *.*.*.162  4090 extendable
ip default-network 10.2.10.0
ip route 0.0.0.0 0.0.0.0 *.*.*.162  
ip route 192.168.12.0 255.255.255.0 192.168.1.27
ip route 192.168.25.0 255.255.255.0 192.168.1.254
!
ip access-list extended Ins_SW3560_VL10
 permit tcp 10.2.10.0 0.0.0.255 any
 permit udp 10.2.10.0 0.0.0.255 any
 permit icmp 10.2.10.0 0.0.0.255 any
 permit tcp host *.*.*.162 host 192.168.5.37 eq www
 permit udp host *.*.*.162 host 192.168.5.37 eq 80
 permit tcp host *.*.*.162 host 192.170.1.2 eq 1723
ip access-list extended Outside
 permit icmp any host *.*.*.162 unreachable
 permit icmp any host *.*.*.162 echo
 permit icmp any host *.*.*.162 echo-reply
 permit icmp any host *.*.*.162 packet-too-big
 permit icmp any host *.*.*.162 time-exceeded
 permit icmp any host *.*.*.162 traceroute
 permit icmp any host *.*.*.162 administratively-prohibited
 permit tcp any host *.*.*.162 eq www
 permit tcp any host *.*.*.162 eq 778
 permit tcp any host *.*.*.162 eq 4090
 permit udp any host *.*.*.162 eq 4090
 permit tcp any host *.*.*.162 eq 1723
 deny   ip any any log
!
no cdp run
!
!
snmp-server community * RO
snmp-server host 192.168.5.30 *
tftp-server flash:cpconfig-2921-04122014.cfg
access-list 1 permit 10.2.16.0 0.0.0.255
access-list 1570 permit 10.2.0.0 0.0.31.255
access-list 1570 permit 192.170.1.0 0.0.0.3
access-list 1570 permit 10.2.16.0 0.0.7.255
access-list 111 remark NTP SERVER
!
!
!
control-plane
!
!
!
line con 0
 password 7 *
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password 7 *
 transport input all
line vty 5 1114
 password 7 *
 transport input all
!
scheduler allocate 20000 1000
!
end

Теги (1)
1 ОТВЕТ

ip access-list extended

ip access-list extended Outside тут откройте еще GRE

 permit gre any host *.*.*.162

138
Просмотры
0
Полезный материал
1
Ответы
СоздатьДля создания публикации, пожалуйста в систему