Привет, незнакомец!

Похоже, вы здесь новенький. Чтобы принять участие, нажмите одну из кнопок ниже!

Easy VPN Remote (Client) for IPSec VTIs on Cisco 1841

отредактировано ноября 2016 Раздел: VPN
Router1(Cisco 1841, f0/1 - WAN, IP 172.16.1.7/24, VPN_Server) <==========Switch1========>Router1(Cisco 1841, f0/1 - WAN, IP 172.16.1.8/24, VPN_Client)

Router1:
Cisco 1841 128MB/64M, IOS: c1841-advipservicesk9-mz.124-19b.bin

Router2: Cisco 1841 128MB/64M, IOS: c1841-advipservicesk9-mz.124-19b.bin

rserver# sh running-config

!======================================VPN_Server===================================

version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname rserver
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$15oL$.3L8AgLxEJyH7DFgNpoiN0
!
aaa new-model
!
aaa authentication login user local
aaa authorization network group local
!
aaa session-id common
clock timezone Moscow 3
ip cef
!
no ip domain lookup
ip domain name hvnp.loc
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
username cisco password 0 cisco123
!
ip ssh authentication-retries 2
ip ssh version 2
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group vpngroup
key cisco123
pool vpnpool
save-password
crypto isakmp profile easy_vpn
match identity group vpngroup
client authentication list user
isakmp authorization list group
client configuration address respond
virtual-template 1
!
crypto ipsec transform-set vpn-vti esp-3des esp-sha-hmac
!
crypto ipsec profile easy_profile
set transform-set vpn-vti
set isakmp-profile easy_vpn
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.1.7 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/1
tunnel mode ipsec ipv4
tunnel protection ipsec profile easy_profile
!
ip local pool vpnpool 192.168.1.2 192.168.1.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.1.254
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input none
transport output none
!
scheduler allocate 20000 1000
ntp clock-period 17178550
ntp server 172.16.1.254
end

!===================================================================

rclient# sh running-config


!======================================VPN_Client===================================

version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname rclient
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$j71U$minhcQ97/lovDuurN9SS3/
!
aaa new-model
!
aaa session-id common
clock timezone Moscow 3
ip cef
!
no ip domain lookup
ip domain name hvnp.loc
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
username cisco password 0 cisco123
!
ip ssh authentication-retries 2
ip ssh version 2
!
crypto ipsec client ezvpn test_easy
connect auto
group vpngroup key cisco123
mode client
peer 172.16.1.7
username cisco password cisco123
xauth userid mode local
!
interface Loopback0
ip address 10.0.1.1 255.255.255.255
!
interface Loopback1
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.1.8 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.1.254
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
transport input ssh
line vty 5 15
transport input none
transport output none
!
scheduler allocate 20000 1000
ntp clock-period 17179093
ntp server 172.16.1.254
end

!===================================================================


Когда я пытаюсь указать виртуальный интерфейс в настройках EZVPN, появляется ошибка.

rserver(config)# crypto ipsec client ezvpn test_easy

rserver(config-crypto-ezvpn)# virtual-interface 1

^

% Invalid input detected at '^' marker.

Как правильно привязать к VTI ?
P.S. Вторую ночь бьюсь с этой привязкой.

Работает и без VTI, но тогда создается интерфейс Loopback N, и автоматом попадает в рабочий конфиг. Если что то править и сохранять в стартовый конфиг, то сохраняться настройки созданного автоматом этого интерфейса. При каждой перезагрузки они просто копятся.
Войдите или Зарегистрируйтесь чтобы комментировать.