Доброго времени суток!!!
Имеем Cisco 2801 со следующей конфой...
Using 4493 out of 196600 bytes
!
version 12.4
service nagle
service pad to-xot
service pad from-xot
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Lipetsk_router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$SA.E$aMXU4vIMK8JZfGtbMKNSI/
enable password 7 011F0F145E1F1504
!
aaa authentication login userauthen local
aaa authorization network foo local
!
!
aaa session-id common
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip domain name oblbank.ru
ip name-server 192.168.80.202
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3104593062
subject-name cn=IOS-Self-Signed-Certificate-3104593062
revocation-check none
rsakeypair TP-self-signed-3104593062
!crypto pki trustpoint TP-self-signed-2906423707
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2906423707
revocation-check none
rsakeypair TP-self-signed-2906423707
!
!
!
!
username pyrikov privilege 15 password 7 050C0C1635405A02141C1500
username cisco password 7 110A1016141D5A5E57
username client password 7 03105E18120C2D454B070D
archive
log config
hidekeys
!
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 40 5
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group cisco
key test1234
pool ippool
acl 120
!
!
crypto ipsec transform-set test esp-3des esp-md5-hmac
crypto ipsec transform-set foo esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set foo
match address 199
!
!
crypto map test client authentication list userauthen
crypto map test isakmp authorization list foo
crypto map test client configuration address respond
crypto map test 20 ipsec-isakmp dynamic dynmap
interface Loopback0
no ip address
ip virtual-reassembly
shutdown
!
interface Tunnel0
no ip address
shutdown
!
interface FastEthernet0/0
description -=Glodal_Network=-
ip address 195.34.235.126 255.255.255.252
ip access-group Internet in
ip nat outside
ip virtual-reassembly
duplex auto
speed 100
crypto map test
!
interface FastEthernet0/1
description -=Local_Network=-
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed 100
ip local pool ippool 10.100.100.1 10.100.100.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 195.34.235.125
ip route 192.168.80.0 255.255.255.0 192.168.1.1
ip http server
ip http secure-server
!
!
ip nat inside source list 122 interface FastEthernet0/0 overload
!
ip access-list extended Internet
permit tcp any any gt 1023 established
permit tcp any any eq www
permit tcp any any eq ftp-data
permit tcp any eq domain any
permit udp any eq domain any
permit udp any any eq domain
permit tcp any any eq domain
permit tcp any any eq ftp
permit tcp any any eq pop3
permit tcp any any eq smtp
permit tcp any any eq 143
permit tcp any any eq 443
permit udp any any eq 443
permit tcp any any eq 465
permit tcp any any eq 995
permit tcp any any eq 993
permit icmp any any
permit tcp any any eq 22
permit udp any any eq isakmp
permit udp any any eq 10000
permit tcp any any eq 10000
permit tcp any any eq 500
permit udp any any eq 62515
permit tcp any any eq 62515
permit tcp any any eq 4500
permit udp any any eq non500-isakmp
permit esp any any
deny ip any any log
!
access-list 120 permit ip 10.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 122 deny ip 192.168.1.0 0.0.0.255 10.100.100.0 0.0.0.255
access-list 122 permit ip 192.168.1.0 0.0.0.255 any
access-list 150 deny ip host 192.168.1.1 10.100.100.0 0.0.0.255
access-list 150 permit ip host 192.168.1.1 any
access-list 199 permit ip 10.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 199 permit ip host 195.34.235.126 10.100.100.0 0.0.0.255
route-map nonat permit 10
match ip address 150
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Проблема такого рода... Не проходит аутентификация при конекте впн-клиентом... Делаю установку соединения, справшивает имя пользователя и пароль, ввожу, после чего соединение разрывается... Причём, если ввести неправильный пароль, пишет, что пароль неправильный...
Вариант для распечатки
Маршрутизаторы CISCO и др. оборудование. (Public)
(ok) on 05-Янв-09, 12:42 
