@antonsr98
Системный Администратор

Как настроить site-to-site на s-terra?

День добрый, подскажите как победить s-terra gate100. суть соединить их через ipsec.
Дано: 2 s-terra gate100,
1 s-terra (gw) ip 192.168.1.252 192.168.1.253 192.168.1.254
2 s-terra (client) ip 192.168.1.242 192.168.1.243 192.168.1.244
GW
!
version 12.4
no service password-encryption
!
crypto ipsec df-bit copy
crypto isakmp identity dn
username cscons privilege 15 password 0 csp
aaa new-model
!
!
hostname GW
enable password csp
!
!
!
logging trap debugging
!
!
crypto isakmp policy 1
 encr gost
 hash gost
 authentication gost-sig
 group vko
!
crypto ipsec transform-set TSET esp-gost28147-4m-imit
!
ip access-list extended LIST
 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 100.100.1.0 0.0.0.255 192.168.0.0 0.0.0.255
!
!
crypto map CMAP 1 ipsec-isakmp
 match address LIST
 set transform-set TSET 
 set pfs vko
 set peer 10.0.0.3
!
interface GigabitEthernet0/0
 ip address 192.168.1.252 255.255.255.0
 crypto map CMAP
!
interface GigabitEthernet0/1
 ip address 192.168.1.253 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.1.254 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
crypto pki trustpoint s-terra_technological_trustpoint
 revocation-check none
!
end

Client
!
version 12.4
no service password-encryption
!
crypto ipsec df-bit copy
crypto isakmp identity dn
username cscons privilege 15 password 0 csp
aaa new-model
!
!
hostname client
enable password csp
!
!
!
logging trap debugging
!
!
crypto isakmp policy 1
 encr gost
 hash gost
 authentication gost-sig
 group vko
!
crypto ipsec transform-set TSET esp-gost28147-4m-imit
!
ip access-list extended LIST
 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 100.100.1.0 0.0.0.255 192.168.0.0 0.0.0.255
 permit ip 192.168.0.0 0.0.0.255 any
!
!
interface GigabitEthernet0/0
 ip address 192.168.1.242 255.255.255.0
!
interface GigabitEthernet0/1
 ip address 192.168.1.243 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.1.244 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
crypto pki trustpoint s-terra_technological_trustpoint
 revocation-check none
!
end

при пинге gw линк не поднимается
  • Вопрос задан
  • 489 просмотров
Пригласить эксперта
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы