[GTER] VPN entre cisco e checkpoint

Quinn quinn at click21.com.br
Fri Aug 25 11:54:46 -03 2006 

Pessoal,

Ja tive alguns problemas que cito abaixo:

1-) Filtro nos provedores em Firewalls ou no meio do caminho.
2-) Roteamento entre os IP utilizados no NAT.

Elcio Quintiliano.



Citando Everton Diniz <notrevebr at gmail.com>:

> E ae pessoal,
> Tem alguem que faça ideia do que pode ser??
>
> Configurei no cisco pra fechar a vpn com um checkpoint.
> o tunnel tá up, porem o trafego naum tem retorno. Eu vejo o pacote pelo ip
> accountig, mas parece que ele não cosnegue fazer o retorno. Tem alguma
> config que deixei de fazer, algum NAT sei lá...
>
> vejam a config.
>
> crypto isakmp policy 2
  encr 3des
>  authentication pre-share
>  group 2
> crypto isakmp key vpn address 198.87.xx.xx
> crypto isakmp key vpn address 157.238.xx.xx
>
> crypto ipsec transform-set vpn esp-3des esp-sha-hmac
> !
> crypto map vpn 2 ipsec-isakmp
>  set peer 198.87.49.254
>  set peer 157.238.185.130
>  set transform-set veraz
>  match address 117
>
> sh ip access-lists
> Extended IP access list 117
>     permit ip host 208.48.xx.xx 198.87.xx.xx 0.0.0.31 (22 matches)
>     permit ip host 208.48.xx.xx 157.238.xx.xx 0.0.0.31
>     permit gre host 208.48.xx.xx host 198.87.xx.xx
>     permit gre host 208.48.xx.xx host 157.238.xx.xx
>     permit gre host 208.48.xx.xx host 157.238.xx.xx
>     permit gre host 208.48.xx.xx host 198.87.xx.xx
>     permit udp host 208.48.xx.xx host 198.87.xx.xx eq isakmp (13 matches)
>     permit udp host 208.48.xx.xx host 157.238.xx.xx. eq isakmp (13 matches)
>     permit udp host 208.48.xx.xx host 157.238.xx.xx eq isakmp (196 matches)
>     permit udp host 208.48.xx.xx host 198.87.xx.xx eq isakmp (208 matches)
>     permit tcp host 208.48.xx.xx host 198.87.xx.xx eq 500
>     permit tcp host 208.48.xx.xx host 157.238.xx.xx eq 500
>     permit tcp host 208.48.xx.xx host 157.238.xx.xx eq 500
>     permit tcp host 208.48.xx.xx host 198.87.xx.xx eq 500
>     permit ip 10.90.0.0 0.0.0.255 host 198.87.xx.xx
>     permit ip 10.90.1.0 0.0.0.255 host 198.87.xx.xx
>     permit ip 10.90.2.0 0.0.0.31 host 198.87.xx.xx (8 matches)
>     permit ip 10.90.2.32 0.0.0.31 host 198.87.xx.xx
>     permit ip 10.90.2.64 0.0.0.31 host 198.87.xx.xx
>     permit ip 10.90.3.0 0.0.0.31 host 198.87.xx.xx
>     permit ip 10.90.3.32 0.0.0.31 host 198.87.xx.xx
>     permit ip 10.90.3.64 0.0.0.31 host 198.87.xx.xx
>     permit ip 10.90.0.0 0.0.0.255 host 157.238.xx.xx
>     permit ip 10.90.1.0 0.0.0.255 host 157.238.xx.xx
>     permit ip 10.90.2.0 0.0.0.31 host 157.238.xx.xx
>     permit ip 10.90.2.32 0.0.0.31 host 157.238.xx.xx
>     permit ip 10.90.2.64 0.0.0.31 host 157.238.xx.xx
>     permit ip 10.90.3.0 0.0.0.31 host 157.238.xx.xx
>     permit ip 10.90.3.32 0.0.0.31 host 157.238.xx.xx
>     permit ip 10.90.3.64 0.0.0.31 host 157.238.xx.xx
>     permit ip 10.90.0.0 0.0.0.255 198.87.xx.xx 0.0.0.31
>     permit ip 10.90.1.0 0.0.0.255 198.87.xx.xx 0.0.0.31
>     permit ip 10.90.2.0 0.0.0.31 198.87.xx.xx 0.0.0.31 (87 matches)
>     permit ip 10.90.2.32 0.0.0.31 198.87.xx.xx 0.0.0.31
>     permit ip 10.90.2.64 0.0.0.31 198.87.xx.xx 0.0.0.31
>     permit ip 10.90.3.0 0.0.0.31 198.87.4xx.xx 0.0.0.31
>     permit ip 10.90.3.32 0.0.0.31 198.87.xx.xx 0.0.0.31
>     permit ip 10.90.0.0 0.0.0.255 157.238.xx.xx 0.0.0.31
>     permit ip 10.90.1.0 0.0.0.255 157.238.xx.xx 0.0.0.31
>     permit ip 10.90.2.0 0.0.0.31 157.238.xx.xx 0.0.0.31 (27 matches)
>     permit ip 10.90.2.32 0.0.0.31 157.238.xx.xx 0.0.0.31
>     permit ip 10.90.2.64 0.0.0.31 157.238.xx.xx 0.0.0.31
>     permit ip 10.90.3.0 0.0.0.31 157.238.xx.xx 0.0.0.31
>     permit ip 10.90.3.0 0.0.0.255 157.238.xx.xx 0.0.0.31
>
>
> #sh crypto isakmp sa
>     dst           src          state        conn-id   slot
> 157.238.xx.xx208.48.xx.xx MM_NO_STATE       36      0   (deleted)
> 208.48.xx.xx 157.238.xx.xxQM_IDLE           2       0
> 198.87.xx.xx  208.48.xx.xx MM_KEY_EXCH       37      0
> 208.48.xx.xx 198.87.xx.xx  QM_IDLE           1       0
>
> Valeu galera..
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>



___________________________________________________________________________________
Agora todas as suas ligações DDD e DDI com o 21 vêm junto com a conta do seu
telefone de casa ou celular. 
Mais comodidade e praticidade para você. Faz um 21 e aproveite!

More information about the gter mailing list