>[оверквотинг удален]
> crypto map TUNNEL0
> !
> interface FastEthernet4
> ip address 192.168.1.2 255.255.255.0
> !
> ip route 0.0.0.0 0.0.0.0 Tunnel0
> !
> ip access-list extended IPSEC-TUN
> remark IPSEC ACL
> permit ip any anyне получается соединится!
show crypto ipsec sa
interface: Tunnel0
Crypto map tag: TUNNEL0, local addr хх.хх.213.71
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer хх.хх.9.227 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 882881, #recv errors 0
local crypto endpt.: хх.хх.213.71, remote crypto endpt.: хх.хх.9.227
path mtu 1476, ip mtu 1476, ip mtu idb Tunnel0
current outbound spi: 0x0(0)
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
show crypto engine connections active
Crypto Engine Connections
ID Interface Type Algorithm Encrypt Decrypt IP-Address
router1#show crypto isakmp sa detail
Codes: C - IKE configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal
X - IKE Extended Authentication
psk - Preshared key, rsig - RSA signature
renc - RSA encryption
IPv4 Crypto ISAKMP SA
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.
0 хх.хх.213.71 хх.хх.9.227 ACTIVE 0 0
Engine-id:Conn-id = ???
0 хх.хх.213.71 хх.хх.9.227 ACTIVE 0 0
Engine-id:Conn-id = ???
(deleted)
не может поднять канал - видимо не хватает Engine-id:Conn-id = ???
что не так??
