Να προτείνω να μην πειράξετε το MTU με τέτοιες χαμηλές τιμές χωρίς να υπάρχει λόγος; Δοκιμάστε από κάποιο linux traceroute με --mtu option που δεν κάνει fragment τα πακέτα για σου λέει τι fragmentation φάγανε στην διαδρομή.
Εμφάνιση 16-22 από 22
-
26-03-09, 10:50 Απάντηση: Site to Site VPN με Cisco 876 και SDM (?) #16
-
02-04-09, 23:30 Απάντηση: Site to Site VPN με Cisco 876 και SDM (?) #17
-
03-04-09, 11:08 Απάντηση: Site to Site VPN με Cisco 876 και SDM (?) #18
Τελικά τι MTU χρησιμοποίησες;
Σχετικά με το SDM τσέκαρε τα ACLs σου ή κάποια policies αν υπάρχουν...
P.S. Πόσταρε τα configs...........
-
21-04-09, 14:34 Απάντηση: Site to Site VPN με Cisco 876 και SDM (?) #19
......!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Επιτέλους...
το πρώτο config στο remote:
Κώδικας:Building configuration... Current configuration : 6652 bytes ! ! Last configuration change at 14:27:28 PCTime Tue Apr 21 2009 by manager ! NVRAM config last updated at 14:11:10 PCTime Tue Apr 21 2009 by cisco ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname HOL_tr ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 logging console critical enable secret 5 $1$s1v5$46UnDNbU1Bjnw4NvWJynB/ ! no aaa new-model clock timezone PCTime 2 clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 ! crypto pki trustpoint TP-self-signed-1506354949 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1506354949 revocation-check none rsakeypair TP-self-signed-1506354949 ! ! crypto pki certificate chain TP-self-signed-1506354949 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31353036 33353439 3439301E 170D3032 30343036 30343530 34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35303633 35343934 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 810091CE 7D9BB91D DEC7E321 D3548EA4 F3F87C52 05B8F1CA 66E3D761 F326EE69 4B7122E6 A6447866 0F2C134A 52272F30 D5EF7360 B1AB17D8 A3E7E703 3AC23986 BFA11CA9 1BAC680F 3EF27934 C924A395 26B1F6B6 91F78C4D B05FBFFE 3CA8CC98 0A0D1FCD 377A8610 16A09679 1544C73F 16E1ED58 C02CBC7B CA4DF33B A6FF6CC9 8A8D0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 14419513 EB935AD1 1C901E98 AF03198D 945201DE 96301D06 03551D0E 04160414 419513EB 935AD11C 901E98AF 03198D94 5201DE96 300D0609 2A864886 F70D0101 04050003 81810002 830A478D 2D876D78 5242C5B9 158AAE7D 0BD3EAFE 295056F5 775D36F7 1C1265C5 BD87C9E2 2BBF953E CAE00937 54E71F8D 667B499A 054E50F3 1D991BBB D44417D3 BFEF0212 2196F824 CF607C86 190622BA 287F1EA2 64F4BD52 EEC5EB6D 74A74544 92FAB984 9387DE91 8CBBF5FE 87904555 C728824D 5E54776C A71B7DB1 850D2B quit dot11 syslog no ip source-route ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.3.1 ! ip dhcp pool sdm-pool1 import all network 192.168.3.0 255.255.255.0 dns-server 194.30.220.114 194.30.220.117 default-router 192.168.3.1 ! ! no ip bootp server ip domain name yourdomain.com ip name-server 194.30.220.114 ip name-server 194.30.220.117 ! multilink bundle-name authenticated ! ! username manager privilege 15 secret 5 $1$ef2h$801948ntmUub.vQHQ2bw11 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 5 encr aes authentication pre-share group 2 crypto isakmp key 123abc! address xxx.xxx.xxx.xxx ! ! crypto ipsec transform-set Custom_transform esp-aes esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to xxx.xxx.xxx.xxx set peer xxx.xxx.xxx.xxx set transform-set Custom_transform match address 100 ! archive log config hidekeys ! ! ! ! ! interface BRI0 no ip address no ip redirects no ip unreachables no ip proxy-arp encapsulation hdlc ip route-cache flow shutdown ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description $ES_WAN$$FW_OUTSIDE$ pvc 8/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.3.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ! interface Dialer0 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname 11111111@adsl.gr ppp chap password 7 014253575A09054E ppp pap sent-username 111111111@adsl.gr password 7 091D1C7A18771453 crypto map SDM_CMAP_1 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.3.0 0.0.0.255 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 101 remark SDM_ACL Category=2 access-list 101 remark IPSec Rule access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 any dialer-list 1 protocol ip permit no cdp run ! ! ! route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! control-plane ! banner exec ^C % Password expiration warning. ----------------------------------------------------------------------- Cisco Router and Security Device Manager (SDM) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username <myuser> privilege 15 secret 0 <mypassword> Replace <myuser> and <mypassword> with the username and password you want to use. ----------------------------------------------------------------------- ^C banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end
Αναμένω τα νέα σας....!!!!!!!
-
21-04-09, 16:39 Απάντηση: Site to Site VPN με Cisco 876 και SDM (?) #20
Ευχαριστούμε για τα passwords.ΠΟΤΕ post τα passwords!!!!!!
-
21-04-09, 19:27 Απάντηση: Site to Site VPN με Cisco 876 και SDM (?) #21
-
27-04-09, 15:20 Απάντηση: Site to Site VPN με Cisco 876 και SDM (?) #22
Δεν βλέπω επάνω στο vlan1 " ip tcp adjust-mss 1412"
Για δοκίμασε.....
Παρόμοια Θέματα
-
cisco 876 - προβληματα με telnet & sdm
Από anacondium στο φόρουμ Cisco ADSL modems και routersΜηνύματα: 20Τελευταίο Μήνυμα: 14-08-08, 02:31 -
ISA μετά από Cisco site-to-site VPN
Από vasal στο φόρουμ Cisco ADSL modems και routersΜηνύματα: 3Τελευταίο Μήνυμα: 13-07-08, 22:47 -
Cisco 876 - Zyxel 661H-D3 VPN
Από AnGeLoss στο φόρουμ Cisco ADSL modems και routersΜηνύματα: 9Τελευταίο Μήνυμα: 06-12-07, 20:35 -
Cisco 876 port forward μέσω SDM
Από SPChief στο φόρουμ Cisco ADSL modems και routersΜηνύματα: 6Τελευταίο Μήνυμα: 23-06-06, 13:57 -
How To VPN with cisco 876 k9....
Από sotiris_l στο φόρουμ Cisco ADSL modems και routersΜηνύματα: 7Τελευταίο Μήνυμα: 28-02-06, 18:12
Bookmarks