С какими параметрами удалось завести?
Какова реальная производительность?
С таким конфигом не заводится:
ESR
Код: Выделить всё
tunnel vti 1
mtu 1400
security-zone trusted
local address [LOCALIP]
remote address [REMOTE]
ip address 172.30.1.1/30
enable
exit
security ike proposal ike_prop1
authentication algorithm md5
dh-group 2
exit
security ike policy ike_pol1
pre-shared-key ascii-text NotSkey111
proposal ike_prop1
exit
security ike gateway ike_gw1
ike-policy ike_pol1
mode route-based
bind-interface vti 1
exit
security ipsec proposal ipsec_prop1
authentication algorithm md5
exit
security ipsec policy ipsec_pol1
proposal ipsec_prop1
exit
security ipsec vpn ipsec1
mode ike
ike establish-tunnel immediate
ike gateway ike_gw1
ike ipsec-policy ipsec_pol1
enable
exitКод: Выделить всё
# show security ipsec vpn status ipsec1
Currently active IKE SA:
Name: ipsec1
State: Established
Version: v1-only
Unique ID: 122
Local host: [LOCAL]
Remote host: [REMOTE]
Role: Initiator
Initiator spi: 0x90bbfc222c5ca602
Responder spi: 0x2825e6854702ae4c
Encryption algorithm: 3des
Authentication algorithm: md5
Diffie-Hellman group: 2
Established: 8 seconds ago
Rekey time: 8 seconds
Reauthentication time: 45 minutes and 40 seconds
Child IPsec SAs:
Name: ipsec1
State: Invalid
Protocol: esp
Mode: Tunnel
Encryption algorithm: 3des
Authentication algorithm: md5
Rekey time: 7 hours, 42 minutes and 50 seconds
Life time: 7 hours, 59 minutes and 52 seconds
Established: 8 seconds ago
Traffic statistics:
Input bytes: 0
Output bytes: 0
Input packets: 0
Output packets: 0
-------------------------------------------------------------
Name: ipsec1
State: Installed
Protocol: esp
Mode: Tunnel
Encryption algorithm: 3des
Authentication algorithm: md5
Rekey time: 7 hours, 42 minutes and 17 seconds
Life time: 7 hours, 59 minutes and 56 seconds
Established: 4 seconds ago
Traffic statistics:
Input bytes: 0
Output bytes: 0
Input packets: 0
Output packets: 0
-------------------------------------------------------------cisco2900
Код: Выделить всё
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp key NotSkey111 address [REMOTEIP]
crypto ipsec transform-set ELTEXVPNTS esp-3des esp-md5-hmac
!
crypto ipsec profile ELTEXVPN
set transform-set ELTEXVPNTS
!
interface Tunnel0
ip address 172.30.1.2 255.255.255.252
ip mtu 1400
tunnel source [LOCALIP]
tunnel mode ipsec ipv4
tunnel destination [REMOTEIP]
tunnel protection ipsec profile ELTEXVPN
!
ELTEX как-то странно себя ведёт, похоже скрывая в конфиге параметры, которые совпадают с значениями по умолчанию, что не удобно.
Вроде как все поднимается, даже интерфейс на циске, и тут же падает
Код: Выделить всё
*Feb 26 11:14:20.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
*Feb 26 11:15:50.718: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down