>> Циски пингуют друг друга как по внешним интерфейсам так в туннеле так
>> и лан друг друга, но локальные сети друг друга не видят,
>> плиз хелп
> Вы не весь sho run запостили, потому что считаете там все правильно
> настроено??
> Можно sho run полный?
> И еще можете глянуть на sho ip nat tran ))) sh run для 2 циски у первой аналогичен зеркально соответственно
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable secret ****
!
no aaa new-model
memory-size iomem 10
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.100
!
ip dhcp pool ccp-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.100
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
license udi pid CISCO861-PCI-K9 sn FCZ1631C27X
!
username **** privilege 15 password *****
!
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key globex address 10.31.1.50
crypto isakmp keepalive 20 5
!
!
crypto ipsec transform-set r2-r1 esp-des esp-sha-hmac
mode transport
!
crypto map r2-r1-map 10 ipsec-isakmp
set peer 10.31.1.50
set security-association lifetime seconds 28800
set transform-set r2-r1
set pfs group2
match address 101
!
interface Tunnel10
description "gre tunnel to r1"
ip address 10.1.1.2 255.255.255.252
ip access-group 102 out
ip mtu 1380
keepalive 10 3
tunnel source FastEthernet4
tunnel destination 10.31.1.50
tunnel path-mtu-discovery
crypto map r2-r1-map
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description "internet access for r2"
ip address 10.108.0.200 255.255.255.224
ip virtual-reassembly
duplex auto
speed auto
crypto map r2-r1-map
!
interface Vlan1
description "local network r1"
ip address 192.168.1.100 255.255.255.0
ip virtual-reassembly
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
ip dns server
ip route 0.0.0.0 0.0.0.0 FastEthernet4 10
ip route 192.168.0.0 255.255.255.0 10.1.1.1
!
access-list 101 remark CCP_ACL Category=4
access-list 101 permit gre host 10.108.0.200 host 10.31.1.50
!
control-plane
!
line con 0
password ***
login
no modem enable
line aux 0
line vty 0 4
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end