Frozen Fido : RU.CISCO : Win2k сквозь кискин gre-тунель

ru.cisco

 
 - RU.CISCO ---------------------------------------------------------------------
 From : Andrew Lutov                         2:5000/26      18 Aug 2005  18:49:57
 To : All
 Subject : Win2k сквозь кискин gre-тунель
 --------------------------------------------------------------------------------

 Hello, All!
 
 Чего я не учитываю, если ping через тунель работает, а ни терминальной
 сессией, ни прямым указанием ресурса попасть на сервер на дальнем
 конце не могу ?
 
 111.22.20.133, 111.22.0.188 - внешние концы тунеля
 10.1.1.2 и 10.1.1.1 - внутренние
 С одной стороны сетка 192.168.101.0/24, а с другой 192.168.102.0/24
 
 Тунели описаны вот так:
 
 crypto map VPN-DO 30 ipsec-isakmp
  set peer 111.22.0.188
  set transform-set Strong
  match address vpnDO
 !
 interface Tunnel0
  ip address 10.1.1.1 255.255.255.252
  tunnel source 111.22.20.133
  tunnel destination 111.22.0.188
  crypto map VPN-DO
 !
 ip access-list extended vpnDO
  permit ipinip host 111.22.20.133 host 111.22.0.188
  permit gre host 111.22.20.133 host 111.22.0.188
 
 с другой стороны аналогично.
 tcpdump показывает вот такое:
 
 18:36:30.629705 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.4133 >
 192.168.102.1.445: S 3426406435:3426406435(0) win 64512 <mss
 1460,nop,nop,sackOK> (DF)
 18:36:30.629814 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.4134 >
 192.168.102.1.139: S 1745146271:1745146271(0) win 64512 <mss
 1460,nop,nop,sackOK> (DF)
 18:36:30.632717 111.22.0.188 > 111.22.20.133: gre 192.168.102.1.445 >
 192.168.101.45.4133: R 0:0(0) ack 3426406436 win 0
 18:36:30.633508 111.22.0.188 > 111.22.20.133: gre 192.168.102.1.139 >
 192.168.101.45.4134: R 0:0(0) ack 1745146272 win 0
 18:36:31.098548 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.4134 >
 192.168.102.1.139: S 1745146271:1745146271(0) win 64512 <mss
 1460,nop,nop,sackOK> (DF)
 18:36:31.098656 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.4133 >
 192.168.102.1.445: S 3426406435:3426406435(0) win 64512 <mss
 1460,nop,nop,sackOK> (DF)
 18:36:31.101458 111.22.0.188 > 111.22.20.133: gre 192.168.102.1.139 >
 192.168.101.45.4134: R 0:0(0) ack 1 win 0
 18:36:31.102556 111.22.0.188 > 111.22.20.133: gre 192.168.102.1.445 >
 192.168.101.45.4133: R 0:0(0) ack 1 win 0
 18:36:31.645463 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.4134 >
 192.168.102.1.139: S 1745146271:1745146271(0) win 64512 <mss
 1460,nop,nop,sackOK> (DF)
 18:36:31.645577 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.4133 >
 192.168.102.1.445: S 3426406435:3426406435(0) win 64512 <mss
 1460,nop,nop,sackOK> (DF)
 18:36:31.648429 111.22.0.188 > 111.22.20.133: gre 192.168.102.1.139 >
 192.168.101.45.4134: R 0:0(0) ack 1 win 0
 18:36:31.649287 111.22.0.188 > 111.22.20.133: gre 192.168.102.1.445 >
 192.168.101.45.4133: R 0:0(0) ack 1 win 0
 18:36:31.649451 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.137 >
 192.168.102.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
 18:36:31.652037 111.22.0.188 > 111.22.20.133: gre 10.1.1.2 > 192.168.101.45:
 icmp: 192.168.102.1 udp port 137 unreachable [tos 0xc0]  [tos 0xc0]
 18:36:33.145561 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.137 >
 192.168.102.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
 18:36:33.148073 111.22.0.188 > 111.22.20.133: gre 10.1.1.2 > 192.168.101.45:
 icmp: 192.168.102.1 udp port 137 unreachable [tos 0xc0]  [tos 0xc0]
 18:36:34.645545 111.22.20.133 > 111.22.0.188: gre 192.168.101.45.137 >
 192.168.102.1.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
 18:36:34.648128 111.22.0.188 > 111.22.20.133: gre 10.1.1.2 > 192.168.101.45:
 icmp: 192.168.102.1 udp port 137 unreachable [tos 0xc0]  [tos 0xc0]
 sh ver
 
 Cisco Internetwork Operating System Software
 IOS (tm) C1700 Software (C1700-K9O3SY7-M), Version 12.2(15)T9,  RELEASE
 SOFTWARE (fc2)
 ...
 cisco 1721 (MPC860P) processor (revision 0x400) with 57084K/8452K bytes of
 memory.
 Processor board ID FOC08211N2C (1108278049), with hardware revision 0000
 MPC860P processor: part number 5, mask 2
 Bridging software.
 X.25 software, Version 3.0.0.
 1 Ethernet/IEEE 802.3 interface(s)
 1 FastEthernet/IEEE 802.3 interface(s)
 32K bytes of non-volatile configuration memory.
 32768K bytes of processor board System flash (Read/Write)
 
 Configuration register is 0x2102
 -- 
 А5 увидимся е2 ли
 --- ifmail v.2.14.os-p7
  * Origin: Garant-Siberia fidonet station (2:5000/26@fidonet)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
Win2k сквозь кискин gre-тунель	Andrew Lutov	18 Aug 2005 18:49:57

Архивное /ru.cisco/12109b0916502.html, оценка 3 из 5, голосов 10