Quantcast
Channel: АнтиCISCO
Viewing all articles
Browse latest Browse all 3086

Cisco2901 + Cisco2911 нет маршрутизации по GRE-туннелю

April 20, 2016, 2:45 am
$
0
0
Здравствуйте уважаемые специалисты. В очередной раз прошу помощи. Сломал голову. Есть две циски. Между ними поднят голый gre-туннель. OSPF работает через этот туннель. С2901 пингует хосты в подсети С2911, а наоборот нет. С С2901 не пингуется конец туннеля (172.16.1.1) на С2911. Подскажите, куда копать, как полноценно связать подсети? На С2901 заведено три провайдера и три VLAN (стоит 3 модуля HWIC на 4 порта). Внешние адреса получаются от прова по DHCP, они белые и статические. Конфиги: С2901: vlan 70,80,90 interface Tunnel0 ip address 172.16.1.2 255.255.255.252 ip ospf mtu-ignore tunnel source GigabitEthernet0/1 tunnel destination a.a.a.a ! interface GigabitEthernet0/0 no ip dhcp client request dns-nameserver ip dhcp client hostname test1.local ip address dhcp ip access-group 150 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly in duplex auto speed auto no lldp transmit no lldp receive no cdp enable ! interface GigabitEthernet0/1 no ip dhcp client request dns-nameserver ip dhcp client hostname test2.local ip address dhcp ip access-group 150 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly in duplex auto speed auto no lldp transmit no lldp receive no cdp enable ! interface GigabitEthernet0/3/0 no ip dhcp client request dns-nameserver ip dhcp client hostname test3.local ip address dhcp ip access-group 150 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly in duplex auto speed auto no lldp transmit no lldp receive no cdp enable ! interface GigabitEthernet0/0/0 switchport access vlan 90 no ip address ! interface GigabitEthernet0/0/1 switchport access vlan 90 no ip address ! interface GigabitEthernet0/0/2 switchport access vlan 90 no ip address ! interface GigabitEthernet0/0/3 switchport access vlan 90 no ip address ! interface GigabitEthernet0/1/0 switchport access vlan 80 no ip address ! interface GigabitEthernet0/1/1 switchport access vlan 80 no ip address ! interface GigabitEthernet0/1/2 switchport access vlan 80 no ip address ! interface GigabitEthernet0/1/3 switchport access vlan 80 no ip address ! interface GigabitEthernet0/2/0 switchport access vlan 70 no ip address ! interface GigabitEthernet0/2/1 switchport access vlan 70 no ip address ! interface GigabitEthernet0/2/2 switchport access vlan 70 no ip address ! interface GigabitEthernet0/2/3 switchport access vlan 70 no ip address ! interface Vlan70 ip address 192.168.7.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map VLAN70 ! interface Vlan80 ip address 192.168.8.100 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map VLAN80 ! interface Vlan90 ip address 192.168.9.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip policy route-map VLAN90 ! router ospf 1 router-id 192.168.9.1 network 172.16.0.0 0.0.255.255 area 0 network 192.168.7.0 0.0.0.255 area 0 network 192.168.8.0 0.0.0.255 area 0 network 192.168.9.0 0.0.0.255 area 0 ! ip local policy route-map r1 ip forward-protocol nd ! ip nat inside source static tcp 192.168.7.13 53393 interface GigabitEthernet0/3/0 53394 ip nat inside source static tcp 192.168.9.55 3389 interface GigabitEthernet0/0 53395 ip nat inside source static tcp 192.168.8.3 3389 interface GigabitEthernet0/1 53393 ip nat inside source list 70 interface GigabitEthernet0/3/0 overload ip nat inside source static tcp 192.168.9.2 3389 interface GigabitEthernet0/0 53394 ip nat inside source static tcp 192.168.8.4 3389 interface GigabitEthernet0/0 53393 ip nat inside source list 180 interface GigabitEthernet0/1 overload ip nat inside source list 190 interface GigabitEthernet0/0 overload ip nat inside source static tcp 192.168.8.2 1723 interface GigabitEthernet0/1 1723 ip route 192.168.0.0 255.255.255.0 192.168.8.2 ! route-map VLAN70 permit 25 match ip address 103 set global ! route-map VLAN70 permit 30 match ip address 70 set ip next-hop b.b.b.b ! route-map VLAN90 permit 9 match ip address 103 set global ! route-map VLAN90 permit 10 match ip address 90 set ip next-hop c.c.c.c ! route-map VLAN80 permit 18 match ip address 84 set ip next-hop c.c.c.c ! route-map VLAN80 permit 19 match ip address 103 set global ! route-map VLAN80 permit 20 match ip address 80 set ip next-hop d.d.d.d ! route-map r1 permit 10 match ip address 100 set ip next-hop b.b.b.b ! route-map r1 permit 15 match ip address 101 set ip next-hop c.c.c.c ! route-map r1 permit 20 match ip address 102 set ip next-hop d.d.d.d ! ! access-list 70 permit 192.168.7.0 0.0.0.255 access-list 80 permit 192.168.8.0 0.0.0.255 access-list 84 permit 192.168.8.4 access-list 90 permit 192.168.9.0 0.0.0.255 access-list 100 permit ip b.b.b.0 0.0.15.255 any access-list 101 permit ip c.c.c.0 0.0.0.255 any access-list 102 permit ip d.d.d.0 0.0.7.255 any access-list 103 permit ip 192.168.0.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 103 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255 access-list 104 permit ip 172.16.1.0 0.0.0.3 any access-list 150 deny udp any any eq domain access-list 150 deny tcp any any eq domain access-list 150 permit ip any any access-list 180 permit ip 192.168.8.0 0.0.0.255 any access-list 180 deny ip any any access-list 181 permit ip 192.168.9.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 181 permit ip 192.168.9.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 182 permit ip 192.168.8.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 183 permit ip 192.168.9.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 184 permit ip host 192.168.8.4 192.168.10.0 0.0.0.255 access-list 185 permit ip host 192.168.8.4 192.168.9.0 0.0.0.255 access-list 190 permit ip 192.168.9.0 0.0.0.255 any access-list 190 deny ip any any С2911: interface Tunnel1 ip address 172.16.1.1 255.255.255.252 ip ospf mtu-ignore tunnel source GigabitEthernet0/0 tunnel destination c.c.c.c ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address a.a.a.a 255.255.255.252 ip access-group 150 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly in duplex auto speed auto no lldp transmit no lldp receive no cdp enable ! interface GigabitEthernet0/1 ip address 192.168.10.5 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! router ospf 1 router-id 192.168.10.5 network 172.16.0.0 0.0.255.255 area 0 network 192.168.10.0 0.0.0.255 area 0 ip nat inside source list 101 interface GigabitEthernet0/0 overload ip nat inside source static tcp 192.168.10.30 3389 interface GigabitEthernet0/0 53393 ip nat inside source static tcp 192.168.10.7 25 interface GigabitEthernet0/0 25 ip nat inside source static tcp 192.168.10.7 993 interface GigabitEthernet0/0 993 ip nat inside source static tcp 192.168.10.7 995 interface GigabitEthernet0/0 995 ip nat inside source static tcp 192.168.10.7 465 interface GigabitEthernet0/0 465 ip nat inside source static tcp 192.168.10.7 443 interface GigabitEthernet0/0 443 ip nat inside source static tcp 192.168.10.14 1723 interface GigabitEthernet0/0 1723 ip nat inside source static tcp 192.168.10.24 3389 interface GigabitEthernet0/0 53394 ip route 0.0.0.0 0.0.0.0 a.a.a.a1 access-list 101 permit ip 192.168.10.0 0.0.0.255 any access-list 101 deny ip any any access-list 150 deny udp any any eq domain access-list 150 deny tcp any any eq domain access-list 150 permit ip any any Заранее спасибо за любую помощь!
Search
Viewing all articles
Browse latest Browse all 3086
Search