[GTER] RES: VPN entre cisco e checkpoint
Fabio
fabio.corp2 at gmail.com
Fri Aug 25 11:10:09 -03 2006
Tem rota dos DOIS lados?
Abs,
Fabio
-----Mensagem original-----
De: gter-bounces at eng.registro.br
[mailto:gter-bounces at eng.registro.br] Em nome de
Everton Diniz
Enviada em: sexta-feira, 25 de agosto de 2006
11:03
Para: Grupo de Trabalho de Engenharia e Operacao
de Redes
Assunto: Re: [GTER] VPN entre cisco e checkpoint
Alguem ja trabalhou com isso...teve o mesmo
problema???
On 8/24/06, Everton Diniz <notrevebr at gmail.com>
wrote:
>
> E ae pessoal,
> Tem alguem que faça ideia do que pode ser??
>
> Configurei no cisco pra fechar a vpn com um
checkpoint.
> o tunnel tá up, porem o trafego naum tem
retorno. Eu vejo o pacote
> pelo ip accountig, mas parece que ele não
cosnegue fazer o retorno.
> Tem alguma config que deixei de fazer, algum NAT
sei lá...
>
> vejam a config.
>
> crypto isakmp policy 2
> encr 3des
> authentication pre-share
> group 2
> crypto isakmp key vpn address 198.87.xx.xx
crypto isakmp key vpn
> address 157.238.xx.xx
>
> crypto ipsec transform-set vpn esp-3des
esp-sha-hmac !
> crypto map vpn 2 ipsec-isakmp
> set peer 198.87.49.254
> set peer 157.238.185.130
> set transform-set veraz
> match address 117
>
> sh ip access-lists
> Extended IP access list 117
> permit ip host 208.48.xx.xx 198.87.xx.xx
0.0.0.31 (22 matches)
> permit ip host 208.48.xx.xx 157.238.xx.xx
0.0.0.31
> permit gre host 208.48.xx.xx host
198.87.xx.xx
> permit gre host 208.48.xx.xx host
157.238.xx.xx
> permit gre host 208.48.xx.xx host
157.238.xx.xx
> permit gre host 208.48.xx.xx host
198.87.xx.xx
> permit udp host 208.48.xx.xx host
198.87.xx.xx eq isakmp (13 matches)
> permit udp host 208.48.xx.xx host
157.238.xx.xx. eq isakmp (13
> matches)
> permit udp host 208.48.xx.xx host
157.238.xx.xx eq isakmp (196
> matches)
> permit udp host 208.48.xx.xx host
198.87.xx.xx eq isakmp (208 matches)
> permit tcp host 208.48.xx.xx host
198.87.xx.xx eq 500
> permit tcp host 208.48.xx.xx host
157.238.xx.xx eq 500
> permit tcp host 208.48.xx.xx host
157.238.xx.xx eq 500
> permit tcp host 208.48.xx.xx host
198.87.xx.xx eq 500
> permit ip 10.90.0.0 0.0.0.255 host
198.87.xx.xx
> permit ip 10.90.1.0 0.0.0.255 host
198.87.xx.xx
> permit ip 10.90.2.0 0.0.0.31 host
198.87.xx.xx (8 matches)
> permit ip 10.90.2.32 0.0.0.31 host
198.87.xx.xx
> permit ip 10.90.2.64 0.0.0.31 host
198.87.xx.xx
> permit ip 10.90.3.0 0.0.0.31 host
198.87.xx.xx
> permit ip 10.90.3.32 0.0.0.31 host
198.87.xx.xx
> permit ip 10.90.3.64 0.0.0.31 host
198.87.xx.xx
> permit ip 10.90.0.0 0.0.0.255 host
157.238.xx.xx
> permit ip 10.90.1.0 0.0.0.255 host
157.238.xx.xx
> permit ip 10.90.2.0 0.0.0.31 host
157.238.xx.xx
> permit ip 10.90.2.32 0.0.0.31 host
157.238.xx.xx
> permit ip 10.90.2.64 0.0.0.31 host
157.238.xx.xx
> permit ip 10.90.3.0 0.0.0.31 host
157.238.xx.xx
> permit ip 10.90.3.32 0.0.0.31 host
157.238.xx.xx
> permit ip 10.90.3.64 0.0.0.31 host
157.238.xx.xx
> permit ip 10.90.0.0 0.0.0.255 198.87.xx.xx
0.0.0.31
> permit ip 10.90.1.0 0.0.0.255 198.87.xx.xx
0.0.0.31
> permit ip 10.90.2.0 0.0.0.31 198.87.xx.xx
0.0.0.31 (87 matches)
> permit ip 10.90.2.32 0.0.0.31 198.87.xx.xx
0.0.0.31
> permit ip 10.90.2.64 0.0.0.31 198.87.xx.xx
0.0.0.31
> permit ip 10.90.3.0 0.0.0.31 198.87.4xx.xx
0.0.0.31
> permit ip 10.90.3.32 0.0.0.31 198.87.xx.xx
0.0.0.31
> permit ip 10.90.0.0 0.0.0.255 157.238.xx.xx
0.0.0.31
> permit ip 10.90.1.0 0.0.0.255 157.238.xx.xx
0.0.0.31
> permit ip 10.90.2.0 0.0.0.31 157.238.xx.xx
0.0.0.31 (27 matches)
> permit ip 10.90.2.32 0.0.0.31 157.238.xx.xx
0.0.0.31
> permit ip 10.90.2.64 0.0.0.31 157.238.xx.xx
0.0.0.31
> permit ip 10.90.3.0 0.0.0.31 157.238.xx.xx
0.0.0.31
> permit ip 10.90.3.0 0.0.0.255 157.238.xx.xx
0.0.0.31
>
>
> #sh crypto isakmp sa
> dst src state
conn-id slot
> 157.238.xx.xx208.48.xx.xx MM_NO_STATE 36
0 (deleted)
> 208.48.xx.xx 157.238.xx.xxQM_IDLE 2
0
> 198.87.xx.xx 208.48.xx.xx MM_KEY_EXCH 37
0
> 208.48.xx.xx 198.87.xx.xx QM_IDLE 1
0
>
> Valeu galera..
>
>
--
gter list
https://eng.registro.br/mailman/listinfo/gter
More information about the gter
mailing list