Tweet
Chào các thầy , em đang làm đề tài VPN Site to Site , em đã tham khảo theo mode của anh admin tại đây , nhưng khi code thì không thể ping được giữa 2 site...:7: Mong các thầy , các bạn có kinh nghiệm giúp mình...
Đây là topo của em :
Và đây là running-conf Site A của em :
Site B
Mong nhận được sự giúp đỡ nhiệt tình từ cộng đồng VNPro...Em xin cảm ơn mọi người
Đây là topo của em :
Và đây là running-conf Site A của em :
Code:
HN#show r *Dec 19 00:04:24.655: %SYS-5-CONFIG_I: Configured from console by consoleunning-conf Building configuration... Current configuration : 2177 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname HN ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! memory-size iomem 16 ! ! ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key mycstubes address 172.16.1.1 crypto isakmp key VPN123 address 150.1.1.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set TSA esp-3des esp-sha-hmac crypto ipsec transform-set MYSET esp-des esp-md5-hmac ! crypto map CMPS1 1 ipsec-isakmp description Tunnel to HCM set peer 172.16.1.1 set transform-set TSA match address ToHCM ! crypto map MYMAP 10 ipsec-isakmp set peer 151.1.1.1 set transform-set MYSET match address 100 ! ! ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface Serial1/0 ip address 150.1.1.1 255.255.255.0 serial restart-delay 0 no fair-queue crypto map MYMAP ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! interface Serial1/4 no ip address shutdown serial restart-delay 0 ! interface Serial1/5 no ip address shutdown serial restart-delay 0 ! interface Serial1/6 no ip address shutdown serial restart-delay 0 ! interface Serial1/7 no ip address shutdown serial restart-delay 0 ! ip route 0.0.0.0 0.0.0.0 Serial1/0 ip route 0.0.0.0 0.0.0.0 150.1.1.2 ip route 172.16.1.0 255.255.255.0 10.1.1.2 ip route 172.16.2.0 255.255.255.0 10.1.1.2 ip route 172.16.2.0 255.255.255.0 10.1.1.0 ! no ip http server no ip http secure-server ! ! ! ip access-list extended ToHCM permit ip 192.16.2.0 0.0.0.255 172.16.2.0 0.0.0.255 access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ! ! ! ! control-plane ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! ! end
Code:
HCM#show running-confBuilding configuration... Current configuration : 2129 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname HCM ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key mycstubes address 10.1.1.1 crypto isakmp key VPN123 address 151.1.1.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set TSB esp-3des esp-sha-hmac crypto ipsec transform-set MYSET esp-des esp-md5-hmac ! crypto map CMPS2 1 ipsec-isakmp description Tunnel to HN set peer 10.1.1.1 set transform-set TSB match address ToHN ! crypto map MYMAP 10 ipsec-isakmp set peer 150.1.1.1 set transform-set MYSET match address 100 ! ! ! ! interface Loopback0 ip address 192.168.2.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface Serial1/0 ip address 151.1.1.1 255.255.255.0 serial restart-delay 0 no fair-queue crypto map MYMAP ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! interface Serial1/4 no ip address shutdown serial restart-delay 0 ! interface Serial1/5 no ip address shutdown serial restart-delay 0 ! interface Serial1/6 no ip address shutdown serial restart-delay 0 ! interface Serial1/7 no ip address shutdown serial restart-delay 0 ! ip route 0.0.0.0 0.0.0.0 Serial1/0 ip route 0.0.0.0 0.0.0.0 151.1.1.2 ip route 10.1.1.0 255.255.255.0 172.16.1.2 ip route 192.168.2.0 255.255.255.0 172.16.1.2 ! no ip http server no ip http secure-server ! ! ! ip access-list extended ToHN permit ip 172.16.2.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 ! ! ! ! control-plane ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! ! end HCM# HCM#
Comment