زلزال الشرقيه
09-11-2011, 19:21
السلام عليكم ورحمه الله وبركاته
انا بعمل لاب vpn site to site على gns3
ولم يتم عمل البنح
ساضغ الاعدادات هنا
R2#show run
R2#show running-config
Building configuration...
Current configuration : 1178 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$5N6G$8N4yb8I3UJHJZ.vPSChoX0
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key cisco address 10.10.10.2
!
!crypto ipsec transform-set myset esp-aes esp-sha-hmac
!
crypto map najranto_nadi 1 ipsec-isakmp
set peer 10.10.10.2
set transform-set myset
match address 101
!
interface Ethernet0/0
ip address 10.10.10.1 255.0.0.0
half-duplex
crypto map najranto_nadi
!
interface Ethernet0/1
ip address 192.168.1.1 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
!
end
هذا الروتر الاول
اعدادات الروتر الثانى
R1#show running-config
Building configuration...
Current configuration : 1107 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key cisco address 10.10.10.1
!
!crypto ipsec transform-set myset esp-aes esp-sha-hmac
!
crypto map naditonajran 1 ipsec-isakmp
set peer 10.10.10.1
set transform-set myset
match address 101
!!
!interface Ethernet0/0
ip address 10.10.10.2 255.0.0.0
half-duplex
crypto map naditonajran
!
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
control-plane
!!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
عند تنفيذ امر بنج لا يرد
ping 192.168.1.1
او ping 192.168.2.1
وعندما اضع امر show crypto isakmp sa
show crypto isakmp peet
لا ارى نتيجه
ما الخطأ فى الاعدادات
11872
انا بعمل لاب vpn site to site على gns3
ولم يتم عمل البنح
ساضغ الاعدادات هنا
R2#show run
R2#show running-config
Building configuration...
Current configuration : 1178 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$5N6G$8N4yb8I3UJHJZ.vPSChoX0
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key cisco address 10.10.10.2
!
!crypto ipsec transform-set myset esp-aes esp-sha-hmac
!
crypto map najranto_nadi 1 ipsec-isakmp
set peer 10.10.10.2
set transform-set myset
match address 101
!
interface Ethernet0/0
ip address 10.10.10.1 255.0.0.0
half-duplex
crypto map najranto_nadi
!
interface Ethernet0/1
ip address 192.168.1.1 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
!
!
end
هذا الروتر الاول
اعدادات الروتر الثانى
R1#show running-config
Building configuration...
Current configuration : 1107 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key cisco address 10.10.10.1
!
!crypto ipsec transform-set myset esp-aes esp-sha-hmac
!
crypto map naditonajran 1 ipsec-isakmp
set peer 10.10.10.1
set transform-set myset
match address 101
!!
!interface Ethernet0/0
ip address 10.10.10.2 255.0.0.0
half-duplex
crypto map naditonajran
!
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
control-plane
!!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
عند تنفيذ امر بنج لا يرد
ping 192.168.1.1
او ping 192.168.2.1
وعندما اضع امر show crypto isakmp sa
show crypto isakmp peet
لا ارى نتيجه
ما الخطأ فى الاعدادات
11872