[GTER] VPN entre cisco e checkpoint
Everton Diniz
notrevebr at gmail.com
Thu Aug 24 19:59:48 -03 2006
E ae pessoal,
Tem alguem que faça ideia do que pode ser??
Configurei no cisco pra fechar a vpn com um checkpoint.
o tunnel tá up, porem o trafego naum tem retorno. Eu vejo o pacote pelo ip
accountig, mas parece que ele não cosnegue fazer o retorno. Tem alguma
config que deixei de fazer, algum NAT sei lá...
vejam a config.
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key vpn address 198.87.xx.xx
crypto isakmp key vpn address 157.238.xx.xx
crypto ipsec transform-set vpn esp-3des esp-sha-hmac
!
crypto map vpn 2 ipsec-isakmp
set peer 198.87.49.254
set peer 157.238.185.130
set transform-set veraz
match address 117
sh ip access-lists
Extended IP access list 117
permit ip host 208.48.xx.xx 198.87.xx.xx 0.0.0.31 (22 matches)
permit ip host 208.48.xx.xx 157.238.xx.xx 0.0.0.31
permit gre host 208.48.xx.xx host 198.87.xx.xx
permit gre host 208.48.xx.xx host 157.238.xx.xx
permit gre host 208.48.xx.xx host 157.238.xx.xx
permit gre host 208.48.xx.xx host 198.87.xx.xx
permit udp host 208.48.xx.xx host 198.87.xx.xx eq isakmp (13 matches)
permit udp host 208.48.xx.xx host 157.238.xx.xx. eq isakmp (13 matches)
permit udp host 208.48.xx.xx host 157.238.xx.xx eq isakmp (196 matches)
permit udp host 208.48.xx.xx host 198.87.xx.xx eq isakmp (208 matches)
permit tcp host 208.48.xx.xx host 198.87.xx.xx eq 500
permit tcp host 208.48.xx.xx host 157.238.xx.xx eq 500
permit tcp host 208.48.xx.xx host 157.238.xx.xx eq 500
permit tcp host 208.48.xx.xx host 198.87.xx.xx eq 500
permit ip 10.90.0.0 0.0.0.255 host 198.87.xx.xx
permit ip 10.90.1.0 0.0.0.255 host 198.87.xx.xx
permit ip 10.90.2.0 0.0.0.31 host 198.87.xx.xx (8 matches)
permit ip 10.90.2.32 0.0.0.31 host 198.87.xx.xx
permit ip 10.90.2.64 0.0.0.31 host 198.87.xx.xx
permit ip 10.90.3.0 0.0.0.31 host 198.87.xx.xx
permit ip 10.90.3.32 0.0.0.31 host 198.87.xx.xx
permit ip 10.90.3.64 0.0.0.31 host 198.87.xx.xx
permit ip 10.90.0.0 0.0.0.255 host 157.238.xx.xx
permit ip 10.90.1.0 0.0.0.255 host 157.238.xx.xx
permit ip 10.90.2.0 0.0.0.31 host 157.238.xx.xx
permit ip 10.90.2.32 0.0.0.31 host 157.238.xx.xx
permit ip 10.90.2.64 0.0.0.31 host 157.238.xx.xx
permit ip 10.90.3.0 0.0.0.31 host 157.238.xx.xx
permit ip 10.90.3.32 0.0.0.31 host 157.238.xx.xx
permit ip 10.90.3.64 0.0.0.31 host 157.238.xx.xx
permit ip 10.90.0.0 0.0.0.255 198.87.xx.xx 0.0.0.31
permit ip 10.90.1.0 0.0.0.255 198.87.xx.xx 0.0.0.31
permit ip 10.90.2.0 0.0.0.31 198.87.xx.xx 0.0.0.31 (87 matches)
permit ip 10.90.2.32 0.0.0.31 198.87.xx.xx 0.0.0.31
permit ip 10.90.2.64 0.0.0.31 198.87.xx.xx 0.0.0.31
permit ip 10.90.3.0 0.0.0.31 198.87.4xx.xx 0.0.0.31
permit ip 10.90.3.32 0.0.0.31 198.87.xx.xx 0.0.0.31
permit ip 10.90.0.0 0.0.0.255 157.238.xx.xx 0.0.0.31
permit ip 10.90.1.0 0.0.0.255 157.238.xx.xx 0.0.0.31
permit ip 10.90.2.0 0.0.0.31 157.238.xx.xx 0.0.0.31 (27 matches)
permit ip 10.90.2.32 0.0.0.31 157.238.xx.xx 0.0.0.31
permit ip 10.90.2.64 0.0.0.31 157.238.xx.xx 0.0.0.31
permit ip 10.90.3.0 0.0.0.31 157.238.xx.xx 0.0.0.31
permit ip 10.90.3.0 0.0.0.255 157.238.xx.xx 0.0.0.31
#sh crypto isakmp sa
dst src state conn-id slot
157.238.xx.xx208.48.xx.xx MM_NO_STATE 36 0 (deleted)
208.48.xx.xx 157.238.xx.xxQM_IDLE 2 0
198.87.xx.xx 208.48.xx.xx MM_KEY_EXCH 37 0
208.48.xx.xx 198.87.xx.xx QM_IDLE 1 0
Valeu galera..
More information about the gter
mailing list