Привет, незнакомец!

Похоже, вы здесь новенький. Чтобы принять участие, нажмите одну из кнопок ниже!

In this Discussion

Полтыргейст!!!

Добрый день
непонятный полтыргейст у меня, стоял обычный tplinkс с ddwrt, провайдер с pppoe, все как обычно, инет работает, все пучком. Поменял tplink на cisco 881,в итоге все сайты открываются, кроме хабра, что это?????!!!!!!!!! опять перетыкаю в tplink все работает, пробовал на смартах и с пк.
в Wireshark след. картина
конфиг:


boot-start-marker
boot-end-marker
!
!
logging buffered 128000
enable secret 4 d.WBCC7IWlDwy4k50bbkYdn0RiiMNwkjkyaBWXQEhwI
!
aaa new-model
!
!
aaa authentication login VPNUSER_AUTH local
aaa authentication login LOCALUSERS local
aaa authentication enable default enable
aaa authorization network VPN_USERS local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone MSK 3 0
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.105
ip dhcp excluded-address 192.168.1.150
ip dhcp excluded-address 192.168.1.151
ip dhcp excluded-address 192.168.1.20
ip dhcp excluded-address 192.168.1.10
ip dhcp excluded-address 192.168.1.11
ip dhcp excluded-address 192.168.1.30
ip dhcp excluded-address 192.168.1.40
!
ip dhcp pool LAN-POOL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.10
domain-name NekshLocal
dns-server 192.168.1.10 77.87.97.3
!
!
!
ip domain name salam.local
ip name-server 77.87.97.3
ip name-server 8.8.8.8
ip inspect name FIREWALL tcp
ip inspect name FIREWALL udp
ip inspect name FIREWALL icmp
ip inspect name FIREWALL ftp
ip inspect name FIREWALL router
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn FCZ1742C32R
!
!
object-group network DNS_SERVERS
host 77.87.97.3
host 8.8.8.8
host 8.8.4.4
!
username admin privilege 15 secret 4 PrRV9IpxH1Mr8Xc.fGhsIQRfTLEVTYqp61z70LpZq1s
!
!
!
!
!
ip ssh version 2
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN_USERS
key **********
pool VPN_POOL
acl ACL_SPLIT_VPN
netmask 255.255.255.0
crypto isakmp profile VPN_CLIENT
match identity group VPN_USERS
client authentication list VPNUSER_AUTH
isakmp authorization list VPN_USERS
client configuration address respond
!
!
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto dynamic-map VPN_DYN_MAP 1
set transform-set 3DES-SHA
set isakmp-profile VPN_CLIENT
reverse-route
!
!
!
crypto map MAP_OUTSIDE_D 1 ipsec-isakmp dynamic VPN_DYN_MAP
!
!
!
!
!
interface Loopback1
ip address 172.16.1.1 255.255.255.255
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description WAN_PPPoE
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
description LAN
ip address 192.168.1.10 255.255.255.0
ip nat inside
ip inspect FIREWALL in
ip virtual-reassembly in
!
interface Dialer0
no ip address
!
interface Dialer1
mtu 1492
ip address negotiated
ip access-group WAN_IN in
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp chap hostname *********
ppp chap password 7 ***********
crypto map MAP_OUTSIDE_D
!
ip local pool VPN_POOL 10.0.0.1 10.0.0.10
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source list NAT_POOL interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended ACL_SPLIT_VPN
permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 172.16.0.0 0.0.255.255 10.0.0.0 0.0.0.255
ip access-list extended NAT_POOL
deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended WAN_IN
permit udp any host ***** eq isakmp
permit esp any host ******
permit udp any host ******* eq non500-isakmp
permit udp object-group DNS_SERVERS eq domain host ********
permit tcp object-group DNS_SERVERS eq domain host **********
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any host-unreachable
deny ip any any
!
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
no modem enable
speed 115200
line aux 0
line vty 0 4
login authentication LOCALUSERS
transport input ssh
line vty 5 15
login authentication LOCALUSERS
transport input ssh
!
ntp server ntp2.stratum2.ru
!
end

Войдите или Зарегистрируйтесь чтобы комментировать.