[cisco-ttl] Route problemi

From: Oguzhan Kayhan <oguzhan.kayhan_at_....>
Date: Mon Apr 03 2006 - 15:35:23 EEST

    

Selamlar,
Bize disaridan baglanmaya calisan bir subemiz, mesafe kisa oldugundan dolayi BRI ustunden baglanmayi denedi
Biizm tarafimiza koyduklari router A, kendi taraflarindaki router B olarak configlerini ekliyorum..
Problem su,  

Bizim taraftaki routerdan (A routeri) ethernet subnetindeki ipleri pingleyebiliyorum.
Ayni zamanda karsi taraftaki routera da gidebiliyorum Karsi taraftakinde ise bizim taraftaki routerin ethernet ipsini pingleyebilirken, ayni subnetteki diger ipleri pingleyemiyorum (10.10.10.9 u pingleyebilmeme ragmen ki bu routein dogru calishtigini gosterir sanirim, 10.10.10.5i mesela pingleyemiyorum) Sanirim problem encryption ile ilgili.
ama daha once ipsec kullanmadigim icin isin isinden cikamadim. Bir fikir verebilirmisiniz?  

Router A  

#sh conf
Using 2595 out of 29688 bytes
!

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!

hostname barmekside
!

boot-start-marker
boot-end-marker
!

logging buffered 51200 warnings
!

no aaa new-model
!

resource policy
!

mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
!

isdn switch-type basic-net3
isdn leased-line BRI0
!
!

crypto pki trustpoint TP-self-signed-615604887  enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-615604887  revocation-check none
 rsakeypair TP-self-signed-615604887
!
!

crypto pki certificate chain TP-self-signed-615604887  certificate self-signed 01 nvram:IOS-Self-Sig#3701.cer username root privilege 15 secret 5 xxxxx
!
!
!

crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key yyyyy address 192.168.15.2
!
!

crypto ipsec transform-set tbsc esp-3des esp-md5-hmac
!

crypto map tbmap 10 ipsec-isakmp
 set peer 192.168.15.2
 set transform-set tbsc
 match address 100
!
!
!

interface BRI0
 no ip address
 shutdown
 no fair-queue
!

interface BRI0:1
 ip address 192.168.15.1 255.255.255.252  encapsulation ppp
 no fair-queue
 crypto map tbmap
!

interface BRI0:2
 no ip address
 shutdown
!

interface FastEthernet0
 description BARMEK LAN
 ip address 10.10.10.9 255.255.255.0
 speed auto
!

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.15.2
!

ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!

access-list 100 permit ip 10.10.10.0 0.0.0.255 172.60.20.0 0.0.0.255
!

control-plane
!
 

!

line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!

end



 

Router B  

tbside#sh conf
Using 2453 out of 29688 bytes
!

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!

hostname tbside
!

boot-start-marker
boot-end-marker
!

logging buffered 51200 warnings
!

no aaa new-model
!

resource policy
!

mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
!
!
!

crypto pki trustpoint TP-self-signed-615604887  enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-615604887  revocation-check none
 rsakeypair TP-self-signed-615604887
!
!

username root privilege 15 secret 5 xxxxx
!
!
!

crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key yyyyy address 192.168.15.1
!
!

crypto ipsec transform-set tbsc esp-3des esp-md5-hmac
!

crypto map tbmap 10 ipsec-isakmp
 set peer 192.168.15.1
 set transform-set tbsc
 match address 100
!
!
!

interface FastEthernet0
 description TB LAN
 ip address 172.60.20.250 255.255.255.0
 speed auto
!

interface Serial0
 ip address 192.168.15.2 255.255.255.252  encapsulation ppp
 no fair-queue
 crypto map tbmap
!

interface Serial1
 ip address 192.168.15.2 255.255.255.252  encapsulation ppp
 shutdown
 no fair-queue
 crypto map tbmap
!

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.15.1
!

ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!

access-list 100 permit ip 172.60.20.0 0.0.0.255 10.10.10.0 0.0.0.255
!

control-plane
!
 

!

line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!

end

[Non-text portions of this message have been removed]

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Mon Apr 3 15:57:25 2006

This archive was generated by hypermail 2.1.8 : Mon Apr 03 2006 - 15:57:28 EEST