[GTER] RES: RES: VPN entre cisco e checkpoint
Fabio
fabio.corp2 at gmail.com
Fri Aug 25 11:46:21 -03 2006
Se o trafego sai da sua rede, entao existe rota ai
para a outra ponta,
a questão é verificar do outro lado, de onde não
vem trafego...
Att,
Fabio
-----Mensagem original-----
De: gter-bounces at eng.registro.br
[mailto:gter-bounces at eng.registro.br] Em nome de
Everton Diniz
Enviada em: sexta-feira, 25 de agosto de 2006
11:19
Para: Grupo de Trabalho de Engenharia e Operacao
de Redes
Assunto: Re: [GTER] RES: VPN entre cisco e
checkpoint
Agora qto ao outro lado.....o cara diz q tem..q
tah tudo certo na parte dele...mas vai saber....
On 8/25/06, Everton Diniz <notrevebr at gmail.com>
wrote:
>
> Eae Fabio,
>
> eu tenho a rota ai do meu lado assim..
>
> ip route 157.238.xx.xx 255.255.255.224
157.238.XX.XX(Gateway VPN) ip
> route 198.87.xx.xx 255.255.255.224 198.87.xx.xx
(Gateway VPN)
>
> É pra ele mesmo q tenho q apontar...ou pra outro
local??
>
> Valeu cara..
>
>
> On 8/25/06, Fabio < fabio.corp2 at gmail.com>
wrote:
> >
> > Tem rota dos DOIS lados?
> >
> > Abs,
> > Fabio
> >
> > -----Mensagem original-----
> > De: gter-bounces at eng.registro.br
> > [mailto:gter-bounces at eng.registro.br ] Em nome
de Everton Diniz
> > Enviada em: sexta-feira, 25 de agosto de 2006
> > 11:03
> > Para: Grupo de Trabalho de Engenharia e
Operacao de Redes
> > Assunto: Re: [GTER] VPN entre cisco e
checkpoint
> >
> > Alguem ja trabalhou com isso...teve o mesmo
problema???
> >
> > On 8/24/06, Everton Diniz
<notrevebr at gmail.com>
> > wrote:
> > >
> > > E ae pessoal,
> > > Tem alguem que faça ideia do que pode ser??
> > >
> > > Configurei no cisco pra fechar a vpn com um
> > checkpoint.
> > > o tunnel tá up, porem o trafego naum tem
> > retorno. Eu vejo o pacote
> > > pelo ip accountig, mas parece que ele não
> > cosnegue fazer o retorno.
> > > Tem alguma config que deixei de fazer, algum
NAT
> > sei lá...
> > >
> > > vejam a config.
> > >
> > > crypto isakmp policy 2
> > > encr 3des
> > > authentication pre-share
> > > group 2
> > > crypto isakmp key vpn address 198.87.xx.xx
> > crypto isakmp key vpn
> > > address 157.238.xx.xx
> > >
> > > crypto ipsec transform-set vpn esp-3des
> > esp-sha-hmac !
> > > crypto map vpn 2 ipsec-isakmp
> > > set peer 198.87.49.254
> > > set peer 157.238.185.130
> > > set transform-set veraz
> > > match address 117
> > >
> > > sh ip access-lists
> > > Extended IP access list 117
> > > permit ip host 208.48.xx.xx 198.87.xx.xx
> > 0.0.0.31 (22 matches)
> > > permit ip host 208.48.xx.xx
157.238.xx.xx
> > 0.0.0.31
> > > permit gre host 208.48.xx.xx host
> > 198.87.xx.xx
> > > permit gre host 208.48.xx.xx host
> > 157.238.xx.xx
> > > permit gre host 208.48.xx.xx host
> > 157.238.xx.xx
> > > permit gre host 208.48.xx.xx host
> > 198.87.xx.xx
> > > permit udp host 208.48.xx.xx host
> > 198.87.xx.xx eq isakmp (13 matches)
> > > permit udp host 208.48.xx.xx host
> > 157.238.xx.xx. eq isakmp (13
> > > matches)
> > > permit udp host 208.48.xx.xx host
> > 157.238.xx.xx eq isakmp (196
> > > matches)
> > > permit udp host 208.48.xx.xx host
> > 198.87.xx.xx eq isakmp (208 matches)
> > > permit tcp host 208.48.xx.xx host
> > 198.87.xx.xx eq 500
> > > permit tcp host 208.48.xx.xx host
> > 157.238.xx.xx eq 500
> > > permit tcp host 208.48.xx.xx host
> > 157.238.xx.xx eq 500
> > > permit tcp host 208.48.xx.xx host
> > 198.87.xx.xx eq 500
> > > permit ip 10.90.0.0 0.0.0.255 host
> > 198.87.xx.xx
> > > permit ip 10.90.1.0 0.0.0.255 host
> > 198.87.xx.xx
> > > permit ip 10.90.2.0 0.0.0.31 host
> > 198.87.xx.xx (8 matches)
> > > permit ip 10.90.2.32 0.0.0.31 host
> > 198.87.xx.xx
> > > permit ip 10.90.2.64 0.0.0.31 host
> > 198.87.xx.xx
> > > permit ip 10.90.3.0 0.0.0.31 host
> > 198.87.xx.xx
> > > permit ip 10.90.3.32 0.0.0.31 host
> > 198.87.xx.xx
> > > permit ip 10.90.3.64 0.0.0.31 host
> > 198.87.xx.xx
> > > permit ip 10.90.0.0 0.0.0.255 host
> > 157.238.xx.xx
> > > permit ip 10.90.1.0 0.0.0.255 host
> > 157.238.xx.xx
> > > permit ip 10.90.2.0 0.0.0.31 host
> > 157.238.xx.xx
> > > permit ip 10.90.2.32 0.0.0.31 host
> > 157.238.xx.xx
> > > permit ip 10.90.2.64 0.0.0.31 host
> > 157.238.xx.xx
> > > permit ip 10.90.3.0 0.0.0.31 host
> > 157.238.xx.xx
> > > permit ip 10.90.3.32 0.0.0.31 host
> > 157.238.xx.xx
> > > permit ip 10.90.3.64 0.0.0.31 host
> > 157.238.xx.xx
> > > permit ip 10.90.0.0 0.0.0.255
198.87.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.1.0 0.0.0.255
198.87.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.2.0 0.0.0.31
198.87.xx.xx
> > 0.0.0.31 (87 matches)
> > > permit ip 10.90.2.32 0.0.0.31
198.87.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.2.64 0.0.0.31
198.87.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.3.0 0.0.0.31
198.87.4xx.xx
> > 0.0.0.31
> > > permit ip 10.90.3.32 0.0.0.31
198.87.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.0.0 0.0.0.255
157.238.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.1.0 0.0.0.255
157.238.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.2.0 0.0.0.31
157.238.xx.xx
> > 0.0.0.31 (27 matches)
> > > permit ip 10.90.2.32 0.0.0.31
157.238.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.2.64 0.0.0.31
157.238.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.3.0 0.0.0.31
157.238.xx.xx
> > 0.0.0.31
> > > permit ip 10.90.3.0 0.0.0.255
157.238.xx.xx
> > 0.0.0.31
> > >
> > >
> > > #sh crypto isakmp sa
> > > dst src state
> > conn-id slot
> > > 157.238.xx.xx208.48.xx.xx MM_NO_STATE
36
> > 0 (deleted)
> > > 208.48.xx.xx 157.238.xx.xxQM_IDLE
2
> > 0
> > > 198.87.xx.xx 208.48.xx.xx MM_KEY_EXCH
37
> > 0
> > > 208.48.xx.xx 198.87.xx.xx QM_IDLE
1
> > 0
> > >
> > > Valeu galera..
> > >
> > >
> > --
> > gter list
> > https://eng.registro.br/mailman/listinfo/gter
> >
> > --
> > gter list
https://eng.registro.br/mailman/listinfo/gter
> >
>
>
--
gter list
https://eng.registro.br/mailman/listinfo/gter
More information about the gter
mailing list