>покажи что покажет одна и вторая циска по командам
>sh crypto session detail
>sh access-lists первая:
#sh crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet4
Uptime: 03:10:28
Session status: UP-ACTIVE
Peer: 10.128.14.2 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 10.128.14.2
Desc: (none)
IKE SA: local 10.2.4.66/500 remote 10.128.14.2/500 Active
Capabilities:(none) connid:2002 lifetime:20:41:35
IPSEC FLOW: permit ip 192.168.111.0/255.255.255.0 192.168.63.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
IPSEC FLOW: permit ip 192.168.63.0/255.255.255.0 192.168.111.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 1722 drop 0 life (KB/Sec) 4574293/2547
Outbound: #pkts enc'ed 2118 drop 1 life (KB/Sec) 4574294/2547
sh access-lists
Extended IP access list 101
10 permit ip 192.168.63.0 0.0.0.255 192.168.111.0 0.0.0.255 (7810 matches)
Extended IP access list 175
10 permit ip 192.168.63.0 0.0.0.255 any
вторая:
#sh crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet4
Uptime: 03:10:03
Session status: UP-ACTIVE
Peer: 10.2.4.66 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 10.2.4.66
Desc: (none)
IKE SA: local 10.128.14.2/500 remote 10.2.4.66/500 Active
Capabilities:(none) connid:2003 lifetime:20:42:01
IPSEC FLOW: permit ip 192.168.111.0/255.255.255.0 192.168.63.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 2113 drop 1 life (KB/Sec) 4425128/2572
Outbound: #pkts enc'ed 1720 drop 0 life (KB/Sec) 4425128/2572
sh access-lists
Extended IP access list 101
10 permit ip 192.168.111.0 0.0.0.255 192.168.63.0 0.0.0.255 (7812 matches)
Extended IP access list 175
10 permit ip 192.168.111.0 0.0.0.255 any