[GTER] RES: VPN entre cisco e checkpoint

Everton Diniz notrevebr at gmail.com
Fri Aug 25 11:18:50 -03 2006


Eae Fabio,

eu tenho a rota ai do meu lado assim..

ip route 157.238.xx.xx 255.255.255.224 157.238.XX.XX(Gateway VPN)
ip route 198.87.xx.xx 255.255.255.224 198.87.xx.xx (Gateway VPN)

É pra ele mesmo q tenho q apontar...ou pra outro local??

Valeu cara..

On 8/25/06, Fabio <fabio.corp2 at gmail.com> wrote:
>
> Tem rota dos DOIS lados?
>
> Abs,
> Fabio
>
> -----Mensagem original-----
> De: gter-bounces at eng.registro.br
> [mailto:gter-bounces at eng.registro.br] Em nome de
> Everton Diniz
> Enviada em: sexta-feira, 25 de agosto de 2006
> 11:03
> Para: Grupo de Trabalho de Engenharia e Operacao
> de Redes
> Assunto: Re: [GTER] VPN entre cisco e checkpoint
>
> Alguem ja trabalhou com isso...teve o mesmo
> problema???
>
> On 8/24/06, Everton Diniz <notrevebr at gmail.com>
> wrote:
> >
> > E ae pessoal,
> > Tem alguem que faça ideia do que pode ser??
> >
> > Configurei no cisco pra fechar a vpn com um
> checkpoint.
> > o tunnel tá up, porem o trafego naum tem
> retorno. Eu vejo o pacote
> > pelo ip accountig, mas parece que ele não
> cosnegue fazer o retorno.
> > Tem alguma config que deixei de fazer, algum NAT
> sei lá...
> >
> > vejam a config.
> >
> > crypto isakmp policy 2
> >  encr 3des
> >  authentication pre-share
> >  group 2
> > crypto isakmp key vpn address 198.87.xx.xx
> crypto isakmp key vpn
> > address 157.238.xx.xx
> >
> > crypto ipsec transform-set vpn esp-3des
> esp-sha-hmac !
> > crypto map vpn 2 ipsec-isakmp
> >  set peer 198.87.49.254
> >  set peer 157.238.185.130
> >  set transform-set veraz
> >  match address 117
> >
> > sh ip access-lists
> > Extended IP access list 117
> >     permit ip host 208.48.xx.xx 198.87.xx.xx
> 0.0.0.31 (22 matches)
> >     permit ip host 208.48.xx.xx 157.238.xx.xx
> 0.0.0.31
> >     permit gre host 208.48.xx.xx host
> 198.87.xx.xx
> >     permit gre host 208.48.xx.xx host
> 157.238.xx.xx
> >     permit gre host 208.48.xx.xx host
> 157.238.xx.xx
> >     permit gre host 208.48.xx.xx host
> 198.87.xx.xx
> >     permit udp host 208.48.xx.xx host
> 198.87.xx.xx eq isakmp (13 matches)
> >     permit udp host 208.48.xx.xx host
> 157.238.xx.xx. eq isakmp (13
> > matches)
> >     permit udp host 208.48.xx.xx host
> 157.238.xx.xx eq isakmp (196
> > matches)
> >     permit udp host 208.48.xx.xx host
> 198.87.xx.xx eq isakmp (208 matches)
> >     permit tcp host 208.48.xx.xx host
> 198.87.xx.xx eq 500
> >     permit tcp host 208.48.xx.xx host
> 157.238.xx.xx eq 500
> >     permit tcp host 208.48.xx.xx host
> 157.238.xx.xx eq 500
> >     permit tcp host 208.48.xx.xx host
> 198.87.xx.xx eq 500
> >     permit ip 10.90.0.0 0.0.0.255 host
> 198.87.xx.xx
> >     permit ip 10.90.1.0 0.0.0.255 host
> 198.87.xx.xx
> >     permit ip 10.90.2.0 0.0.0.31 host
> 198.87.xx.xx (8 matches)
> >     permit ip 10.90.2.32 0.0.0.31 host
> 198.87.xx.xx
> >     permit ip 10.90.2.64 0.0.0.31 host
> 198.87.xx.xx
> >     permit ip 10.90.3.0 0.0.0.31 host
> 198.87.xx.xx
> >     permit ip 10.90.3.32 0.0.0.31 host
> 198.87.xx.xx
> >     permit ip 10.90.3.64 0.0.0.31 host
> 198.87.xx.xx
> >     permit ip 10.90.0.0 0.0.0.255 host
> 157.238.xx.xx
> >     permit ip 10.90.1.0 0.0.0.255 host
> 157.238.xx.xx
> >     permit ip 10.90.2.0 0.0.0.31 host
> 157.238.xx.xx
> >     permit ip 10.90.2.32 0.0.0.31 host
> 157.238.xx.xx
> >     permit ip 10.90.2.64 0.0.0.31 host
> 157.238.xx.xx
> >     permit ip 10.90.3.0 0.0.0.31 host
> 157.238.xx.xx
> >     permit ip 10.90.3.32 0.0.0.31 host
> 157.238.xx.xx
> >     permit ip 10.90.3.64 0.0.0.31 host
> 157.238.xx.xx
> >     permit ip 10.90.0.0 0.0.0.255 198.87.xx.xx
> 0.0.0.31
> >     permit ip 10.90.1.0 0.0.0.255 198.87.xx.xx
> 0.0.0.31
> >     permit ip 10.90.2.0 0.0.0.31 198.87.xx.xx
> 0.0.0.31 (87 matches)
> >     permit ip 10.90.2.32 0.0.0.31 198.87.xx.xx
> 0.0.0.31
> >     permit ip 10.90.2.64 0.0.0.31 198.87.xx.xx
> 0.0.0.31
> >     permit ip 10.90.3.0 0.0.0.31 198.87.4xx.xx
> 0.0.0.31
> >     permit ip 10.90.3.32 0.0.0.31 198.87.xx.xx
> 0.0.0.31
> >     permit ip 10.90.0.0 0.0.0.255 157.238.xx.xx
> 0.0.0.31
> >     permit ip 10.90.1.0 0.0.0.255 157.238.xx.xx
> 0.0.0.31
> >     permit ip 10.90.2.0 0.0.0.31 157.238.xx.xx
> 0.0.0.31 (27 matches)
> >     permit ip 10.90.2.32 0.0.0.31 157.238.xx.xx
> 0.0.0.31
> >     permit ip 10.90.2.64 0.0.0.31 157.238.xx.xx
> 0.0.0.31
> >     permit ip 10.90.3.0 0.0.0.31 157.238.xx.xx
> 0.0.0.31
> >     permit ip 10.90.3.0 0.0.0.255 157.238.xx.xx
> 0.0.0.31
> >
> >
> > #sh crypto isakmp sa
> >     dst           src          state
> conn-id   slot
> > 157.238.xx.xx208.48.xx.xx MM_NO_STATE       36
> 0   (deleted)
> > 208.48.xx.xx 157.238.xx.xxQM_IDLE           2
> 0
> > 198.87.xx.xx   208.48.xx.xx MM_KEY_EXCH       37
> 0
> > 208.48.xx.xx 198.87.xx.xx  QM_IDLE           1
> 0
> >
> > Valeu galera..
> >
> >
> --
> gter list
> https://eng.registro.br/mailman/listinfo/gter
>
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>



More information about the gter mailing list