отмена
Отображаются результаты для 
Вместо этого искать 
Вы имели в виду: 
Объявления
Добро пожаловать в Сообщество Технической поддержки Cisco. Мы рады получить обратную связь .
New Member

pptp ospf


имеются cisco 1841

проблема в следующем клиенты которые цеплятся по pptp  не могут попасть в филиалы

Building configuration...

Current configuration : 9855 bytes

!

! Last configuration change at 10:54:01 Msk Wed Dec 25 2013 by user

! NVRAM config last updated at 10:54:06 Msk Wed Dec 25 2013 by user

!

version 15.1

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime localtime

service password-encryption

service sequence-numbers

!

hostname 1841_dm

!

boot-start-marker

boot system flash c1841-ipbase-mz.124-24.T3.bin

boot system flash c1841-spservicesk9-mz.124-23.bin

boot system flash c1841-adventerprisek9-mz.151-2.T1.bin

boot-end-marker

!

!

logging buffered 4096

!

aaa new-model

!

!

aaa authentication ppp vpn local

!

!

!

!

!

aaa session-id common

!

clock timezone Msk 3 0

clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00

dot11 syslog

ip source-route

!

!

!

!

ip dhcp pool pptp-users

    network 10.0.6.0 255.255.255.0

    dns-server 8.8.8.8

    default-router 10.0.6.254

!

!

ip cef

no ip bootp server

ip domain name cisco

ip name-server 91.123.16.120

ip name-server 91.189.240.28

no ipv6 cef

ntp max-associations 1

!

multilink bundle-name authenticated

!

vpdn enable

!

vpdn-group TEST

  ! Default PPTP VPDN group

  accept-dialin

   protocol pptp

   virtual-template 11

  l2tp tunnel timeout no-session 15

!

password encryption aes

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1479394571

  enrollment selfsigned

  subject-name cn=IOS-Self-Signed-Certificate-1479394571

  revocation-check none

!

!

crypto pki certificate chain TP-self-signed-1479394571

  certificate self-signed 01

           quit

!

!

license udi pid CISCO1841 sn FCZ1217930L

archive

  log config

   hidekeys

object-group network ssh

  range 10.0.6.1 10.0.6.50

!

!

redundancy

!

!

ip tcp synwait-time 10

no ip ftp passive

ip ssh rsa keypair-name drushba

ip ssh version 2

ip ssh pubkey-chain

   username user

    key-hash ssh-rsa EDCFD4131035332649FEE45D1D32253A

   quit

!

!

crypto isakmp policy 1

  encr 3des

  hash md5

  authentication pre-share

!

crypto isakmp policy 2

  encr 3des

  hash md5

  authentication pre-share

!

crypto isakmp policy 3

  encr aes 256

  group 2

crypto isakmp key 6 pass address 0.0.0.0 0.0.0.0

crypto isakmp profile ciscocp-ike-profile-1

! This profile is incomplete (no match identity statement)

!

crypto ipsec security-association lifetime kilobytes 50000

crypto ipsec security-association lifetime seconds 86400

!

crypto ipsec transform-set tr-3des esp-3des

crypto ipsec transform-set user esp-aes 256 esp-sha-hmac

!

crypto ipsec profile CiscoCP_Profile1

  set transform-set user

  set isakmp-profile ciscocp-ike-profile-1

!

crypto ipsec profile prof_tun

  set transform-set tr-3des

!

!

!

!

!

!

interface Tunnel1

   bandwidth 30

  ip address 10.0.77.25 255.255.255.252

  ip ospf 100 area 10

  tunnel source FastEthernet0/0/0

  tunnel destination 84.51.76.x

!

!

interface Tunnel3

  bandwidth 30

  ip address 10.0.76.25 255.255.255.252

  ip virtual-reassembly in

  ip route-cache policy

  ip tcp adjust-mss 1024

  ip ospf 100 area 10

  tunnel source FastEthernet0/0/0

  tunnel mode ipsec ipv4

  tunnel destination 85.26.153.x

  tunnel protection ipsec profile prof_tun

!

interface Tunnel4

  bandwidth 30

  ip address 10.0.75.25 255.255.255.252

  ip virtual-reassembly in

  ip route-cache policy

  ip tcp adjust-mss 1024

  ip ospf 100 area 10

  tunnel source FastEthernet0/0/0

  tunnel mode ipsec ipv4

  tunnel destination 83.167.101.x

  tunnel protection ipsec profile prof_tun

!

interface Tunnel6

  bandwidth 30

  ip address 10.0.73.25 255.255.255.252

  ip virtual-reassembly in

  ip route-cache policy

  ip tcp adjust-mss 1024

  ip ospf cost 100

  ip ospf 100 area 10

  tunnel source FastEthernet0/0/0

  tunnel mode ipsec ipv4

  tunnel destination 109.206.132.x

  tunnel protection ipsec profile prof_tun

!

interface Tunnel8

  bandwidth 30

  ip address 10.0.80.26 255.255.255.252

  ip route-cache policy

  ip tcp adjust-mss 1024

  ip ospf 100 area 10

  tunnel source FastEthernet0/0/0

  tunnel mode ipsec ipv4

  tunnel destination 178.217.96.x

  tunnel protection ipsec profile prof_tun

!

interface Tunnel9

  bandwidth 30

  ip address 10.0.81.25 255.255.255.252

  tunnel source FastEthernet0/0/0

  tunnel destination 85.21.96.x

!

interface Tunnel12

  bandwidth 30

  ip address 10.0.84.25 255.255.255.252

  ip virtual-reassembly in

  ip route-cache policy

  ip tcp adjust-mss 1024

  ip ospf cost 200

  ip ospf 100 area 10

  tunnel source FastEthernet0/0/0

  tunnel mode ipsec ipv4

  tunnel destination 95.128.247.x

  tunnel protection ipsec profile prof_tun

!

interface FastEthernet0/0

  no ip address

  no ip redirects

  no ip unreachables

  no ip proxy-arp

  ip flow ingress

  shutdown

  duplex auto

  speed auto

  no mop enabled

!

interface FastEthernet0/1

  description $ES_LAN$

  ip address 10.10.10.2 255.255.255.0 secondary

  ip address 172.16.0.20 255.255.0.0

  no ip redirects

  no ip unreachables

  no ip proxy-arp

  ip flow ingress

  ip nat inside

  ip virtual-reassembly in

  ip policy route-map clear-df

  duplex auto

  speed auto

  no mop enabled

!

interface FastEthernet0/0/0

  ip address 91.216.x.x 255.255.255.0

  ip dns view-group 8.8.8.8

  ip nat outside

  ip virtual-reassembly in

  duplex auto

  speed auto

  no mop enabled

!

interface Virtual-Template1 type tunnel

  no ip address

  tunnel mode ipsec ipv4

  tunnel protection ipsec profile CiscoCP_Profile1

!

interface Virtual-Template11

  ip unnumbered FastEthernet0/1

  peer default ip address dhcp-pool pptp-users

  ppp encrypt mppe auto required

  ppp authentication pap chap ms-chap

!

router ospf 100

  router-id 172.16.0.20

  network 10.0.6.0 0.0.0.255 area 10

  network 172.16.0.0 0.0.255.255 area 10

!

ip default-gateway 91.216.x.x

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat pool GLOBALPOOL 91.216.x.x 91.216.x.x netmask 255.255.255.0

ip nat inside source list 2 pool GLOBALPOOL overload

ip route 0.0.0.0 0.0.0.0 91.216.x.x

ip route 10.0.100.0 255.255.255.0 10.0.81.26

ip route 172.1.0.0 255.255.255.0 10.0.77.26

!

ip sla schedule 2 start-time pending

logging esm config

logging facility local0

logging source-interface FastEthernet0/1

no cdp run

!

!

!

!

route-map clear-df permit 10

  set ip df 0

!

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

  exec-timeout 60 0

  privilege level 15

  transport input ssh

!

scheduler allocate 4000 1000

ntp server 195.239.199.18 version 2

end

show  ip route

S*    0.0.0.0/0 [1/0] via 91.216.x.x

       10.0.0.0/8 is variably subnetted, 25 subnets, 3 masks

O        10.0.3.0/24 [110/3334] via 10.0.80.25, 1d07h, Tunnel8

                      [110/3334] via 10.0.76.26, 1w0d, Tunnel3

O        10.0.4.0/24 [110/201] via 10.0.73.26, 02:21:56, Tunnel6

C        10.0.6.3/32 is directly connected, Virtual-Access3

O        10.0.8.0/24 [110/101] via 10.0.73.26, 02:31:49, Tunnel6

O        10.0.9.0/24 [110/101] via 10.0.73.26, 02:31:49, Tunnel6

O        10.0.70.24/30 [110/200] via 10.0.73.26, 02:21:56, Tunnel6

C        10.0.73.24/30 is directly connected, Tunnel6

L        10.0.73.25/32 is directly connected, Tunnel6

C        10.0.75.24/30 is directly connected, Tunnel4

L        10.0.75.25/32 is directly connected, Tunnel4

C        10.0.76.24/30 is directly connected, Tunnel3

L        10.0.76.25/32 is directly connected, Tunnel3

C        10.0.77.24/30 is directly connected, Tunnel1

L        10.0.77.25/32 is directly connected, Tunnel1

C        10.0.80.24/30 is directly connected, Tunnel8

L        10.0.80.26/32 is directly connected, Tunnel8

C        10.0.81.24/30 is directly connected, Tunnel9

L        10.0.81.25/32 is directly connected, Tunnel9

O        10.0.82.24/30 [110/3433] via 10.0.73.26, 02:31:49, Tunnel6

C        10.0.84.24/30 is directly connected, Tunnel12

L        10.0.84.25/32 is directly connected, Tunnel12

O        10.0.85.24/30 [110/300] via 10.0.73.26, 02:21:45, Tunnel6

S        10.0.100.0/24 [1/0] via 10.0.81.26

C        10.10.10.0/24 is directly connected, FastEthernet0/1

L        10.10.10.2/32 is directly connected, FastEthernet0/1

       91.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        91.216.48.0/24 is directly connected, FastEthernet0/0/0

L        91.216.48.3/32 is directly connected, FastEthernet0/0/0

       172.1.0.0/24 is subnetted, 1 subnets

S        172.1.0.0 [1/0] via 10.0.77.26

       172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

C        172.16.0.0/16 is directly connected, FastEthernet0/1

L        172.16.0.20/32 is directly connected, FastEthernet0/1

O     192.168.0.0/24 [110/201] via 10.0.73.26, 02:21:56, Tunnel6

O     196.192.0.0/23 [110/3334] via 10.0.80.25, 1d07h, Tunnel8

                      [110/3334] via 10.0.76.26, 1w0d, Tunnel3

traceroute  с клиента заканчивается на хопе 172.16.0.20

8 ОТВЕТ.

pptp ospf

А до филиалов как идти? Через туннели? Устройства с той стороны каждого туннеля имеют маршруты до хостов из 10.0.6.0/24?

New Member

pptp ospf

да через тунели

я анансирую маршрут через ospf

router ospf 100

  router-id 172.16.0.20

  network 10.0.6.0 0.0.0.255 area 10

  network 172.16.0.0 0.0.255.255 area 10

вот пример конфигурации филиала

Building configuration...

Current configuration : 5172 bytes

!

! Last configuration change at 19:19:56 MSK Tue Dec 10 2013 by user

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime localtime

service password-encryption

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

clock timezone MSK 3 0

clock summer-time MSD recurring last Sun Mar 2:00 last Sun Oct 2:00

dot11 syslog

ip source-route

!

!

!

!

!

ip cef

no ip domain lookup

ip name-server 193.201.231.1

ip name-server 193.201.230.1

no ipv6 cef

ntp max-associations 1

!

multilink bundle-name authenticated

!

vpdn enable

!

crypto pki token default removal timeout 0

!

!

!

!

license udi pid CISCO1841 sn FCZ1218118N

!

!

redundancy

!

!

ip ssh rsa keypair-name tpso

!

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key pass address 0.0.0.0 0.0.0.0

!

!

crypto ipsec transform-set tr-3des esp-3des

!

crypto ipsec profile prof_tun

set security-association lifetime kilobytes 50000

set security-association lifetime seconds 86400

set transform-set tr-3des

!

!

!

!

!

!

interface Tunnel3

bandwidth 30

ip address 10.0.76.26 255.255.255.252

ip virtual-reassembly in

ip route-cache policy

ip tcp adjust-mss 1024

ip ospf 100 area 10

tunnel source 85.26.153.131

tunnel mode ipsec ipv4

tunnel destination 91.216.x.x

tunnel protection ipsec profile prof_tun

!

interface Tunnel8

  bandwidth 30

ip address 10.0.80.25 255.255.255.252

ip route-cache policy

ip tcp adjust-mss 1024

ip ospf 100 area 10

tunnel source FastEthernet0/0/0

tunnel mode ipsec ipv4

tunnel destination 91.216.x.x

tunnel protection ipsec profile prof_tun

!

interface Tunnel10

  bandwidth 30

ip address 10.0.82.25 255.255.255.252

ip virtual-reassembly in

ip route-cache policy

ip tcp adjust-mss 1024

ip ospf 100 area 10

tunnel source FastEthernet0/0

tunnel mode ipsec ipv4

tunnel destination 109.206.132.x

tunnel protection ipsec profile prof_tun

!

interface Tunnel11

description ostrovtsy to arctel

bandwidth 30

ip address 10.0.83.26 255.255.255.252

ip virtual-reassembly in

ip route-cache policy

ip tcp adjust-mss 1024

ip ospf 100 area 10

shutdown

tunnel source FastEthernet0/0/0

tunnel mode ipsec ipv4

tunnel destination 109.206.132.x

tunnel protection ipsec profile prof_tun

!

interface FastEthernet0/0

description megafon

ip address 85.26.153.x 255.255.255.240

duplex auto

speed auto

!

interface FastEthernet0/1

description local net

ip address 10.0.3.2 255.255.255.0 secondary

ip address 196.192.1.95 255.255.254.0

duplex auto

speed auto

!

interface FastEthernet0/0/0

description art telecom

ip address 178.217.96.x 255.255.255.240

duplex auto

speed auto

!

router ospf 100

network 10.0.3.0 0.0.0.255 area 10

network 196.192.0.0 0.0.0.255 area 10

network 196.192.1.0 0.0.0.255 area 10

!

ip default-gateway 85.26.153.x

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip route 0.0.0.0 0.0.0.0 85.26.153.x

!

i

ip sla schedule 2 life forever start-time now

logging esm config

logging history debugging

logging facility local0

!

!

!

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

access-class 101 in

exec-timeout 120 0

privilege level 15

login local

transport input ssh

!

scheduler allocate 20000 1000

ntp server 95.167.164.118 version 2

end

pptp ospf

Так в филиале есть маршрут до pptp клиента? Сделайте например show ip route 10.0.6.3 (если он все еще подцеплен, иначе какой-нибудь другой).

И давайте работать по конкретным адресам. До какого адреса нет доступа с клиента?

New Member

pptp ospf

странно дейсчтвительно нет маршрута на cisco которая стоит a филиале  на сеть 10.0.6.0/24 

хотя сеть 10.0.6.0 /24 анансирую  с cisco которая стоит в центральном оффисе

router ospf 100

router-id 172.16.0.20

network 10.0.6.0 0.0.0.255 area 10

network 172.16.0.0 0.0.255.255 area 10

Re: pptp ospf

"network 10.0.6.0 0.0.0.255 area 10" не анонсирует сеть 10.0.6.0/24, а ищет интерфейсы по этой маске и анонсирует их сети.

Сделайте в OSPF redistribute connected с роут-мапом на 10.0.6.0/24 ge 32, или даже без роут-мапа.

New Member

pptp ospf

сдела 

router ospf 100

router-id 172.16.0.20

redistribute connected route-map vpn

network 10.0.6.0 0.0.0.255 area 10

network 172.16.0.0 0.0.255.255 area 10

access-list 10 permit 10.0.6.0 0.0.0.255

route-map clear-df permit 10

set ip df 0

!

route-map vpn permit 10

match ip address 10

результат  без изменений

pptp ospf

Так, извиняюсь, конечно же "redistribute connected subnets route-map vpn".

New Member

pptp ospf

спасибо  большое все заработало

375
Просмотры
0
Полезный материал
8
Ответы
СоздатьДля создания публикации, пожалуйста в систему