https://www.opennet.ru/openforum/vsluhforumID6/21176.html Здравствуйте,<br>настроил ipsec vpn между 2811 и 1841 по доке:<br>hostname R2<br>!<br>boot-start-marker<br>boot-end-marker<br>!<br>!<br>no aaa new-model<br>!<br>resource policy<br>!<br>clock timezone EST 0<br>ip subnet-zero<br>no ip domain lookup<br>!<br>!<br>crypto isakmp policy 10<br> authentication pre-share<br>!<br>crypto isakmp key ciscokey address 200.1.1.1<br>!<br>!<br>crypto ipsec transform-set myset esp-3des esp-md5-hmac <br>!<br>crypto map myvpn 10 ipsec-isakmp <br> set peer 200.1.1.1<br> set transform-set myset<br><br>!--- Include the private-network-to-private-network traffic<br>!--- in the encryption process:<br><br>match address 101<br>!<br>!<br>!<br>interface Ethernet0/0<br> ip address 172.16.1.1 255.255.255.0<br> ip nat inside<br> ip virtual-reassembly<br>!<br>interface Ethernet1/0<br> ip address 100.1.1.1 255.255.255.0<br> ip nat outside<br> ip virtual-reassembly<br> crypto map myvpn<br>!<br>ip classless<br>ip route 0.0.0.0 0.0.0.0 100.1.1.254<br>!<br>ip http server<br>no ip http secure-server<br>!<br><br>!--- Except the private network from the NAT process:<br><br>ip nat inside source list 175 interfa https://www.opennet.ru/openforum/vsluhforumID6/21176.html#3 Thu, 17 Jun 2010 09:55:52 GMT Спасибo!<br> https://www.opennet.ru/openforum/vsluhforumID6/21176.html#2 Thu, 17 Jun 2010 09:40:53 GMT &gt;[оверквотинг удален]<br>&gt;crypto map myvpn 10+n ipsec-isakmp <br>&gt; set peer n.n.n.n <br>&gt; set transform-set myset <br>&gt;!--- Include the private-network-to-private-network traffic <br>&gt;!--- in the encryption process: <br>&gt;match address 10n <br>&gt;! <br>&gt;access-list 10x permit ip 172.16.1.0 0.0.0.255 10.x.1.0 0.0.0.255 <br>&gt;... <br>&gt;access-list 10n permit ip 172.16.1.0 0.0.0.255 10.n.1.0 0.0.0.255 <br><br>and sure don't forget to exclude branch networks from the nat ACL<br>!<br>access-list 175 deny ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255<br>access-list 175 deny ip 172.16.1.0 0.0.0.255 10.x.1.0 0.0.0.255<br>...<br>access-list 175 deny ip 172.16.1.0 0.0.0.255 10.n.1.0 0.0.0.255<br>access-list 175 permit ip 172.16.1.0 0.0.0.255 any<br><br> https://www.opennet.ru/openforum/vsluhforumID6/21176.html#1 Thu, 17 Jun 2010 07:50:14 GMT &gt;[оверквотинг удален]<br>&gt;line con 0 <br>&gt; exec-timeout 0 0 <br>&gt;line aux 0 <br>&gt;line vty 0 4 <br>&gt; login <br>&gt;! <br>&gt;end <br>&gt;<br>&gt;Тунель работает. Скажите пожалуйста, как теперь сюда добавить еще несколько тунелей с <br>&gt;1841? <br><br>crypto isakmp key ciscokey address x.x.x.x<br>...<br>crypto isakmp key ciscokey address n.n.n.n<br>!<br>!<br>crypto map myvpn 10+x ipsec-isakmp <br> set peer x.x.x.x<br> set transform-set myset<br>!--- Include the private-network-to-private-network traffic<br>!--- in the encryption process:<br>match address 10x<br>!<br>!<br>crypto map myvpn 10+n ipsec-isakmp <br> set peer n.n.n.n<br> set transform-set myset<br>!--- Include the private-network-to-private-network traffic<br>!--- in the encryption process:<br>match address 10n<br>!<br>access-list 10x permit ip 172.16.1.0 0.0.0.255 10.x.1.0 0.0.0.255<br>...<br>access-list 10n permit ip 172.16.1.0 0.0.0.255 10.n.1.0 0.0.0.255<br>