abclinuxu.cz AbcLinuxu.cz itbiz.cz ITBiz.cz HDmag.cz HDmag.cz abcprace.cz AbcPráce.cz
Inzerujte na AbcPráce.cz od 950 Kč
Rozšířené hledání
×
    dnes 12:00 | Nová verze

    Byl představen CentOS Stream 10 s kódovým názvem Coughlan. Detaily v poznámkách k vydání. CentOS Stream 10 už neobsahuje balíček s Xorg serverem (xorg-x11-server-Xorg). O zobrazování se stará Wayland s Xwaylandem (xorg-x11-server-Xwayland). Odstraněny byly aplikace Firefox, GIMP, LibreOffice, Inkscape a Thunderbird. Ty jsou k dispozici ve Flatpaku z Flathubu.

    Ladislav Hagara | Komentářů: 1
    včera 15:33 | IT novinky

    Byly vyhlášeny výsledky The Game Awards 2024 (YouTube). Hrou roku se stal Astro Bot (YouTube) běžící pouze na PlayStation 5.

    Ladislav Hagara | Komentářů: 0
    včera 12:22 | IT novinky

    Na GOG.COM probíhá Winter Sale 2024. Při té příležitosti lze každý den do konce roku získat zdarma jinou počítačovou hru, viz kalendář uprostřed stránky Winter Sale 2024. Otevření balíčku se hrou vždy ve tři odpoledne. První hrou je The Whispered World: Special Edition.

    Ladislav Hagara | Komentářů: 3
    včera 02:22 | IT novinky

    Nezisková organizace Internet Security Research Group (ISRG) vydala Výroční zprávu za rok 2024 (pdf). Organizace stojí za certifikační autoritou Let's Encrypt, projektem Prossimo, jehož cílem je používání paměťově bezpečného kódu v kritické internetové infrastruktuře a službou Divvi Up řešící telemetrii respektující soukromí uživatelů.

    Ladislav Hagara | Komentářů: 2
    12.12. 15:55 | Zajímavý software

    Vývojáři PeerTube, tj. svobodné alternativy k videoplatformám velkých technologických společností, představili mobilní aplikaci PeerTube (Google Play, App Store). Zdrojové kódy jsou k dispozici na Framagitu.

    Ladislav Hagara | Komentářů: 3
    12.12. 13:55 | IT novinky

    Google představil Gemini 2.0, tj. novou verzi svého modelu umělé inteligence (YouTube).

    Ladislav Hagara | Komentářů: 0
    12.12. 13:44 | Nová verze

    Vývojáři KDE oznámili vydání balíku aplikací KDE Gear 24.12. Přehled novinek i s náhledy a videi v oficiálním oznámení.

    Ladislav Hagara | Komentářů: 0
    12.12. 03:44 | Zajímavý článek

    Prosincové číslo časopisu MagPi od nakladatelství Raspberry Pi zdarma ke čtení: MagPi 148 (pdf).

    Ladislav Hagara | Komentářů: 1
    12.12. 01:55 | Nová verze

    Byla vydána nová verze 3.27 frameworku Flutter (Wikipedie) pro vývoj mobilních, webových i desktopových aplikací a nová verze 3.6 souvisejícího programovacího jazyka Dart (Wikipedie).

    Ladislav Hagara | Komentářů: 0
    11.12. 21:22 | Nová verze

    Byla vydána (𝕏) listopadová aktualizace aneb nová verze 1.96 editoru zdrojových kódů Visual Studio Code (Wikipedie). Přehled novinek i s náhledy a animovanými gify v poznámkách k vydání. Ve verzi 1.96 vyjde také VSCodium, tj. komunitní sestavení Visual Studia Code bez telemetrie a licenčních podmínek Microsoftu.

    Ladislav Hagara | Komentářů: 0
    Rozcestník

    Dotaz: Cisco router 1841 VPN

    11.6.2014 12:39 dastin517 | skóre: 3
    Cisco router 1841 VPN
    Přečteno: 610×

    Zdravím, mám jeden starší cisco router 1841. Potreboval by som radu. Nedarí sa mi cez VPN Klienta ping-ať všeký zariadenia v sieti.Dostanem sa iba na niektoré. Konfigurák je robený na rýchlo tak je v nom veľa chýb. Určite tam chýba niekde default route alebo niečo podobné.

    FastEthernet0/0.1   - Hlavné pripojenie na net. Tadial ide aj VPN-ka/NAT/
    FastEthernet0/0.2  - Záloha iba pre internet
    FastEthernet0/1    - LAN (priamo do hlavného switcha)
    
    !This is the running config of the router: 192.168.1.1
    !----------------------------------------------------------------------------
    !version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Edge-01
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5 $1$b/2d$tGeCBy.kXaGx7v90b1DJf.
    !
    aaa new-model
    !
    !
    aaa authentication login sdm_vpn_xauth_ml_1 local
    aaa authorization network sdm_vpn_group_ml_1 local 
    !
    !
    !
    !
    !
    aaa session-id common
    !
    crypto pki token default removal timeout 0
    !
    crypto pki trustpoint TP-self-signed-3394940162
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-3394940162
     revocation-check none
     rsakeypair TP-self-signed-3394940162
    !
    crypto pki trustpoint test_trustpoint_config_created_for_sdm
     subject-name e=sdmtest@sdmtest.com
     revocation-check crl
    !
    !
    crypto pki certificate chain TP-self-signed-3394940162
     certificate self-signed 01
      3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
      69666963 6174652D 33333934 39343031 3632301E 170D3134 30363031 31303239 
      35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393439 
      34303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
      81009E0F 28659FB0 52E542EB 8D9D4AD6 5A449BF1 2FA7F681 BE967C74 EF00464F 
      8E0E7B23 D10447A7 D06C71D2 1341CF98 1628AB66 911FE6B4 93FA3195 83DFE237 
      1E7E3749 1FCC2671 8AD8BDF3 59019C6D DD47D02E 0B59C196 65BC0CEF B3D63D7E 
      0A3DCD18 82A0F445 9C1F42AE C45B74CA 80801BAC D3DF5647 AE8D9279 F11DDB20 
      45530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
      551D2304 18301680 14F71933 9102D376 07CD3878 4AA3C1C3 595D8DD3 0E301D06 
      03551D0E 04160414 F7193391 02D37607 CD38784A A3C1C359 5D8DD30E 300D0609 
      2A864886 F70D0101 05050003 81810001 226DABCA BD7C85D7 ACF09A9B 483018DD 
      A6C7A4F7 05D892BF 224C1DE1 530EB25D 580AA0D5 B35C4748 1C1EFF71 DF4628DA 
      D5068E9B 038AABEE 8DA35E57 84D02CED EF7A181F 3CE80C4D 1BC21AF9 51151E1A 
      BC573EB9 ADF90AB4 4BFD1492 46F6DB16 93D0220A FEFFBB63 3F4A1A2D 98A6F68F 
      FACC71BE 31BEF4CA E4C5F79A 4D877A
      	quit
    crypto pki certificate chain test_trustpoint_config_created_for_sdm
    dot11 syslog
    ip source-route
    !
    !
    !
    !
    !
    ip cef
    ip domain name redwarf
    ip name-server 8.8.8.8
    ip name-server 192.168.1.31
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    !
    !
    license udi pid CISCO1841 sn FCZ1033115W
    username admin privilege 15 password 7 0214015707091D735F5E
    !
    redundancy
    !
    !
    !
    track 100 ip sla 100 reachability
     delay down 10 up 20
    ! 
    crypto keyring spokes  
      pre-shared-key address 0.0.0.0 0.0.0.0 key pheonix
    !
    crypto isakmp policy 1
     encr 3des
     authentication pre-share
     group 2
    crypto isakmp nat keepalive 20
    !
    crypto isakmp client configuration group vpngroup
     key pheonix
     dns 192.168.1.31
     domain redwarf
     pool SDM_POOL_1
     acl 104
     include-local-lan
     netmask 255.255.255.0
    crypto isakmp profile L2L
       description LAN-to-LAN for spoke router(s) connection 
       keyring spokes
       match identity address 0.0.0.0 
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
    crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac 
    !
    crypto dynamic-map SDM_DYNMAP_1 1
     set transform-set ESP-3DES-SHA 
     match address 101
    !
    crypto dynamic-map SDM_DYNMAP_2 1
     set security-association idle-time 86400
     set transform-set ESP-3DES-SHA1 
     reverse-route
    !
    !
    crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
    crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
    crypto map SDM_CMAP_1 client configuration address respond
    crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_2 
    !
    !
    !
    !
    !
    interface FastEthernet0/0
     description Trunk
     no ip address
     duplex auto
     speed auto
    !
    interface FastEthernet0/0.1
     description VDSL
     encapsulation dot1Q 2 native
     ip address 10.0.0.2 255.255.255.0
     ip nat outside
     ip virtual-reassembly in
     crypto map SDM_CMAP_1
    !
    interface FastEthernet0/0.2
     description ADSL
     encapsulation dot1Q 3
     ip address 10.0.1.2 255.255.255.0
     ip nat outside
     ip virtual-reassembly in
    !
    interface FastEthernet0/1
     description LAN
     ip address 192.168.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
     duplex auto
     speed auto
    !
    ip local pool SDM_POOL_1 10.10.10.10 10.10.10.22
    ip forward-protocol nd
    ip http server
    ip http authentication local
    ip http secure-server
    !
    !
    ip dns server
    ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet0/0.1 80
    ip nat inside source static tcp 192.168.1.31 587 interface FastEthernet0/0.1 587
    ip nat inside source static tcp 192.168.1.31 143 interface FastEthernet0/0.1 143
    ip nat inside source static tcp 192.168.1.31 10000 interface FastEthernet0/0.1 10000
    ip nat inside source static tcp 192.168.1.31 953 interface FastEthernet0/0.1 953
    ip nat inside source static tcp 192.168.1.31 993 interface FastEthernet0/0.1 993
    ip nat inside source static tcp 192.168.1.31 995 interface FastEthernet0/0.1 995
    ip nat inside source static tcp 192.168.1.31 25 interface FastEthernet0/0.1 25
    ip nat inside source static tcp 192.168.1.31 22 interface FastEthernet0/0.1 222
    ip nat inside source static tcp 192.168.1.30 3389 interface FastEthernet0/0.1 3333
    ip nat inside source route-map adsl interface FastEthernet0/0.2 overload
    ip nat inside source route-map vdsl interface FastEthernet0/0.1 overload
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10
    !
    ip sla 100
     icmp-echo 8.8.8.8 source-interface FastEthernet0/0.1
     threshold 250
     timeout 250
     frequency 3
    ip sla schedule 100 life forever start-time now
    access-list 1 permit 0.0.0.0 255.255.255.0
    access-list 10 permit 0.0.0.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=18
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.10
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.11
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.12
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.13
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.14
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.15
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.16
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.17
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.18
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.19
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.20
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.21
    access-list 100 deny   ip 10.10.10.0 0.0.0.255 host 10.10.10.22
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.10
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.11
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.12
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.13
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.14
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.15
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.16
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.17
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.18
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.19
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.20
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.21
    access-list 100 deny   ip 192.168.1.0 0.0.0.255 host 10.10.10.22
    access-list 100 deny   ip any host 10.10.10.10
    access-list 100 deny   ip any host 10.10.10.11
    access-list 100 deny   ip any host 10.10.10.12
    access-list 100 deny   ip any host 10.10.10.13
    access-list 100 deny   ip any host 10.10.10.14
    access-list 100 deny   ip any host 10.10.10.15
    access-list 100 deny   ip any host 10.10.10.16
    access-list 100 deny   ip any host 10.10.10.17
    access-list 100 deny   ip any host 10.10.10.18
    access-list 100 deny   ip any host 10.10.10.19
    access-list 100 deny   ip any host 10.10.10.20
    access-list 100 deny   ip any host 10.10.10.21
    access-list 100 deny   ip any host 10.10.10.22
    access-list 100 permit ip any any
    
    access-list 101 remark SDM_ACL Category=4
    access-list 101 remark IPSec Rule
    access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
    
    access-list 104 remark SDM_ACL Category=4
    access-list 104 permit ip 192.168.1.0 0.0.0.255 any
    !
    !
    !
    !
    route-map vdsl permit 10
     match ip address 100
     match interface FastEthernet0/0.1
    !
    route-map adsl permit 10
     match ip address 100
     match interface FastEthernet0/0.2
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
     transport input ssh
    !
    scheduler allocate 20000 1000
    end
    
    
    
    

    Odpovědi

    11.6.2014 18:13 NN
    Rozbalit Rozbalit vše Re: Cisco router 1841 VPN
    Default route nechybi:
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10
    
    Porovnal bych vypis routovacich tabulek po sestaveni VPN na obou stranach.
    11.6.2014 19:29 dastin517 | skóre: 3
    Rozbalit Rozbalit vše Re: Cisco router 1841 VPN
    Pozeral som to a nieco mi tam chyba....Router Edge-01 nastavi route 10.10.10.16/32 [1/0] via 195.91.14.88 ale urcite to treba este niekde nasmerovat. Bud 192.168.1.0 alebo fastethernet0/1.... :/
    Pred spustenim VPN klienta na stanici
    
    Edge-01#show ip route
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
           + - replicated route, % - next hop override
    
    Gateway of last resort is 10.0.0.1 to network 0.0.0.0
    
    S*    0.0.0.0/0 [1/0] via 10.0.0.1, FastEthernet0/0.1
          10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
    C        10.0.0.0/24 is directly connected, FastEthernet0/0.1
    L        10.0.0.2/32 is directly connected, FastEthernet0/0.1
    C        10.0.1.0/24 is directly connected, FastEthernet0/0.2
    L        10.0.1.2/32 is directly connected, FastEthernet0/0.2
          192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
    C        192.168.1.0/24 is directly connected, FastEthernet0/1
    L        192.168.1.1/32 is directly connected, FastEthernet0/1
    Edge-01#
    
    Po sputeni VPN clienta na stanici
    
    Edge-01#show ip route
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
           + - replicated route, % - next hop override
    
    Gateway of last resort is 10.0.0.1 to network 0.0.0.0
    
    S*    0.0.0.0/0 [1/0] via 10.0.0.1, FastEthernet0/0.1
          10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
    C        10.0.0.0/24 is directly connected, FastEthernet0/0.1
    L        10.0.0.2/32 is directly connected, FastEthernet0/0.1
    C        10.0.1.0/24 is directly connected, FastEthernet0/0.2
    L        10.0.1.2/32 is directly connected, FastEthernet0/0.2
    S        10.10.10.16/32 [1/0] via 195.91.14.88
          192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
    C        192.168.1.0/24 is directly connected, FastEthernet0/1
    L        192.168.1.1/32 is directly connected, FastEthernet0/1
    Edge-01#
    
    
    
    
    
    Stanica Win7 Cisco VPN Client :
    Pred spustenim VPN Clienta
    
    C:\Users\Dell>ipconfig /all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : Dell
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
    
    
    Wireless LAN adapter Wireless Network Connection:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
       Physical Address. . . . . . . . . : A0-88-B4-20-C3-D4
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8c9a:90b0:25d4:80cf%14(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.43.6(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : 11. júna 2014 19:11:54
       Lease Expires . . . . . . . . . . : 11. júna 2014 20:11:54
       Default Gateway . . . . . . . . . : 192.168.43.1
       DHCP Server . . . . . . . . . . . : 192.168.43.1
       DHCPv6 IAID . . . . . . . . . . . : 362842292
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-85-A3-8D-5C-26-0A-52-57-0E
    
       DNS Servers . . . . . . . . . . . : 192.168.43.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    
    C:\Users\Dell>route print
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.43.1     192.168.43.6     25
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
         192.168.43.0    255.255.255.0         On-link      192.168.43.6    281
         192.168.43.6  255.255.255.255         On-link      192.168.43.6    281
       192.168.43.255  255.255.255.255         On-link      192.168.43.6    281
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      192.168.43.6    281
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      192.168.43.6    281
    ===========================================================================
    Persistent Routes:
      None
    
    
    
    
    Po spusteni VPN Clienta
    
    
    
    
    C:\Users\Dell>ipconfig /all
    
    
    Ethernet adapter Local Area Connection 3:
    
       Connection-specific DNS Suffix  . : redwarf
       Description . . . . . . . . . . . : Cisco Systems VPN Adapter for 64-bit Windows
       Physical Address. . . . . . . . . : 00-05-9A-3C-78-00
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::3197:faec:8205:c198%29(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.10.10.15(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 192.168.1.31
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    
    C:\Users\Dell>route print
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.43.1     192.168.43.6     25
           10.10.10.0    255.255.255.0         On-link       10.10.10.15    281
          10.10.10.15  255.255.255.255         On-link       10.10.10.15    281
         10.10.10.255  255.255.255.255         On-link       10.10.10.15    281
       87.197.115.166  255.255.255.255     192.168.43.1     192.168.43.6    100
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          192.168.1.0    255.255.255.0       10.10.10.1      10.10.10.15    100
         192.168.43.0    255.255.255.0         On-link      192.168.43.6    281
         192.168.43.1  255.255.255.255         On-link      192.168.43.6    100
         192.168.43.6  255.255.255.255         On-link      192.168.43.6    281
       192.168.43.255  255.255.255.255         On-link      192.168.43.6    281
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      192.168.43.6    281
            224.0.0.0        240.0.0.0         On-link       10.10.10.15    281
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      192.168.43.6    281
      255.255.255.255  255.255.255.255         On-link       10.10.10.15    281
    ===========================================================================
    Persistent Routes:
      None
    
    
    
    
    
    
    
    
    11.6.2014 22:13 NN
    Rozbalit Rozbalit vše Re: Cisco router 1841 VPN
    S        10.10.10.16/32 [1/0] via 195.91.14.88
    Toto, pokud se nepletu, zaridi direktiva reverse-route, ale mozna je problem v tom, ze router se snazi smerovat provoz na 195.91.14.88 pres interface s nizsi metrikou f0/0.1 a tudiz mimo VPN. Zkusil bych tuto direktivu odstranit a nakonfigurovat stratickou routu pro sit 10.10.10.0 pres rozhrani VPN.
    12.6.2014 09:01 dastin517 | skóre: 3
    Rozbalit Rozbalit vše Re: Cisco router 1841 VPN
    Skusal som to cez ip route 10.10.10.0 255.255.255.0 192.168.1.1 aj ip route 10.10.10.0 255.255.255.0 10.10.10.1

    Ale nepodarilo sa mi to. Az do obeda som skoncil lebo som zmazal default route (neviem naco som myslel) a musim to ist ozivit. Shit.

    12.6.2014 09:45 NN
    Rozbalit Rozbalit vše Re: Cisco router 1841 VPN
    Tak jinak, ten routing vypada dobre. Muzes overit jestli ICMP dorazi na koncovy box a odejde spatky?
    12.6.2014 20:55 dastin517 | skóre: 3
    Rozbalit Rozbalit vše Re: Cisco router 1841 VPN
    Hm, zaujimave. Stroj poziadavku spracuje ale neodpovie...
    root@pete:~# tcpdump -i eth2 -qtln icmp
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
    -------------------------------PING z LAN------------------------------
    IP 192.168.1.50 > 192.168.1.20: ICMP echo request, id 1, seq 3, length 40
    IP 192.168.1.20 > 192.168.1.50: ICMP echo reply, id 1, seq 3, length 40
    -------------------------------PING z VPN------------------------------
    IP 10.10.10.21 > 192.168.1.20: ICMP echo request, id 1, seq 1, length 40
    IP 10.10.10.21 > 192.168.1.20: ICMP echo request, id 1, seq 2, length 40
    
    
    12.6.2014 23:27 NN
    Rozbalit Rozbalit vše Re: Cisco router 1841 VPN
    Tak to si to pravdepodobne sam blokuje firewallem..
    14.6.2014 15:18 dastin517 | skóre: 3
    Rozbalit Rozbalit vše Re: Cisco router 1841 VPN
    Už som to vyriešil, ak by niekto potreboval tak tu je moj "spastačený" konfig.
    
    Edge-01#show running-config
    Building configuration...
    
    Current configuration : 6252 bytes
    !
    ! Last configuration change at 15:16:21 UTC Sat Jun 14 2014 by admin
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Edge-01
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5 $1$b/2d$tGeCBy.kXaGx7v90b1DJf.
    !
    aaa new-model
    !
    !
    aaa authentication login sdm_vpn_xauth_ml_1 local
    aaa authorization network sdm_vpn_group_ml_1 local
    !
    !
    !
    !
    !
    aaa session-id common
    !
    crypto pki token default removal timeout 0
    !
    crypto pki trustpoint TP-self-signed-3394940162
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-3394940162
     revocation-check none
     rsakeypair TP-self-signed-3394940162
    !
    crypto pki trustpoint test_trustpoint_config_created_for_sdm
     subject-name e=sdmtest@sdmtest.com
     revocation-check crl
    !
    !
    crypto pki certificate chain TP-self-signed-3394940162
     certificate self-signed 01
      3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 33333934 39343031 3632301E 170D3134 30363031 31303239
      35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393439
      34303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      81009E0F 28659FB0 52E542EB 8D9D4AD6 5A449BF1 2FA7F681 BE967C74 EF00464F
      8E0E7B23 D10447A7 D06C71D2 1341CF98 1628AB66 911FE6B4 93FA3195 83DFE237
      1E7E3749 1FCC2671 8AD8BDF3 59019C6D DD47D02E 0B59C196 65BC0CEF B3D63D7E
      0A3DCD18 82A0F445 9C1F42AE C45B74CA 80801BAC D3DF5647 AE8D9279 F11DDB20
      45530203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
      551D2304 18301680 14F71933 9102D376 07CD3878 4AA3C1C3 595D8DD3 0E301D06
      03551D0E 04160414 F7193391 02D37607 CD38784A A3C1C359 5D8DD30E 300D0609
      2A864886 F70D0101 05050003 81810001 226DABCA BD7C85D7 ACF09A9B 483018DD
      A6C7A4F7 05D892BF 224C1DE1 530EB25D 580AA0D5 B35C4748 1C1EFF71 DF4628DA
      D5068E9B 038AABEE 8DA35E57 84D02CED EF7A181F 3CE80C4D 1BC21AF9 51151E1A
      BC573EB9 ADF90AB4 4BFD1492 46F6DB16 93D0220A FEFFBB63 3F4A1A2D 98A6F68F
      FACC71BE 31BEF4CA E4C5F79A 4D877A
            quit
    crypto pki certificate chain test_trustpoint_config_created_for_sdm
    dot11 syslog
    ip source-route
    !
    !
    !
    !
    !
    ip cef
    ip domain name redwarf
    ip name-server 8.8.8.8
    ip name-server 192.168.1.31
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    !
    !
    license udi pid CISCO1841 sn FCZ1033115W
    username admin privilege 15 password 7 0214015707091D735F5E
    !
    redundancy
    !
    !
    !
    track 100 ip sla 100 reachability
     delay down 10 up 20
    !
    crypto keyring spokes
      pre-shared-key address 0.0.0.0 0.0.0.0 key pheonix
    !
    crypto isakmp policy 1
     encr 3des
     authentication pre-share
     group 2
    crypto isakmp nat keepalive 20
    !
    crypto isakmp client configuration group vpngroup
     key pheonix
     dns 192.168.1.31
     domain redwarf
     pool SDM_POOL_1
     acl 104
     save-password
     include-local-lan
     netmask 255.255.255.0
     banner ^CWelcome to private VPN on mgula.eu ^C
    crypto isakmp profile L2L
       description LAN-to-LAN for spoke router(s) connection
       keyring spokes
       match identity address 0.0.0.0
    !
    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
    !
    crypto dynamic-map SDM_DYNMAP_1 1
     ! Incomplete
     set transform-set ESP-3DES-SHA
     match address 101
    !
    crypto dynamic-map SDM_DYNMAP_2 1
     set security-association idle-time 86400
     set transform-set ESP-3DES-SHA1
    !
    !
    crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
    crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
    crypto map SDM_CMAP_1 client configuration address respond
    crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_2
    !
    !
    !
    !
    !
    interface FastEthernet0/0
     description Trunk
     no ip address
     duplex auto
     speed auto
    !
    interface FastEthernet0/0.1
     description VDSL
     encapsulation dot1Q 2 native
     ip address 10.0.0.2 255.255.255.0
     ip nat outside
     ip virtual-reassembly in
     crypto map SDM_CMAP_1
    !
    interface FastEthernet0/0.2
     description ADSL
     encapsulation dot1Q 3
     ip address 10.0.1.2 255.255.255.0
     ip nat outside
     ip virtual-reassembly in
    !
    interface FastEthernet0/1
     description LAN
     ip address 192.168.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
     duplex auto
     speed auto
    !
    ip local pool SDM_POOL_1 192.168.10.10 192.168.10.20
    ip forward-protocol nd
    ip http server
    ip http authentication local
    ip http secure-server
    !
    !
    ip dns server
    ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet0/0.1 80
    ip nat inside source static tcp 192.168.1.31 587 interface FastEthernet0/0.1 587
    ip nat inside source static tcp 192.168.1.31 143 interface FastEthernet0/0.1 143
    ip nat inside source static tcp 192.168.1.31 10000 interface FastEthernet0/0.1 10000
    ip nat inside source static tcp 192.168.1.31 953 interface FastEthernet0/0.1 953
    ip nat inside source static tcp 192.168.1.31 993 interface FastEthernet0/0.1 993
    ip nat inside source static tcp 192.168.1.31 995 interface FastEthernet0/0.1 995
    ip nat inside source static tcp 192.168.1.31 25 interface FastEthernet0/0.1 25
    ip nat inside source static tcp 192.168.1.31 22 interface FastEthernet0/0.1 222
    ip nat inside source static tcp 192.168.1.30 3389 interface FastEthernet0/0.1 3333
    ip nat inside source route-map adsl interface FastEthernet0/0.2 overload
    ip nat inside source route-map vdsl interface FastEthernet0/0.1 overload
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.1 10.0.0.1 track 100
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0.2 10.0.1.1 10
    !
    ip sla 100
     icmp-echo 8.8.8.8 source-interface FastEthernet0/0.1
     threshold 250
     timeout 250
     frequency 3
    ip sla schedule 100 life forever start-time now
    access-list 1 permit 0.0.0.0 255.255.255.0
    access-list 10 permit 0.0.0.0 0.0.0.255
    access-list 100 permit ip any any
    access-list 104 remark SDM_ACL Category=4
    access-list 104 permit ip 192.168.1.0 0.0.0.255 any
    !
    !
    !
    !
    route-map vdsl permit 10
     match ip address 100
     match interface FastEthernet0/0.1
    !
    route-map adsl permit 10
     match ip address 100
     match interface FastEthernet0/0.2
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
     transport input ssh
    !
    scheduler allocate 20000 1000
    end
    
    Edge-01#
    
    

    Založit nové vláknoNahoru

    Tiskni Sdílej: Linkuj Jaggni to Vybrali.sme.sk Google Del.icio.us Facebook

    ISSN 1214-1267   www.czech-server.cz
    © 1999-2015 Nitemedia s. r. o. Všechna práva vyhrazena.