>>[оверквотинг удален]
>1. iz vashego traceroute ja ne vizhu chto ipsec tunnel ustanovlen tak
>kak ja vizhu tam peer address chto v principe ne dolzhen
>bit tam.
>
>2. esli vse taki ja ne prav na schet 1. :) uberite
>"ip access-group INET in" iz tun6 interfeisa na vremja dlja testa. interface: Tunnel6
Crypto map tag: MSK-TEST, local addr 192.168.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.0.2.0/255.255.255.0/0/0)
current_peer 192.168.2.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 368, #pkts decrypt: 368, #pkts verify: 368
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.1.1, remote crypto endpt.: 192.168.2.1
path mtu 1476, ip mtu 1476, ip mtu idb Tunnel6
current outbound spi: 0xCEA2D5F3(3466778099)
inbound esp sas:
spi: 0x410C0D53(1091308883)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2777, flow_id: NETGX:777, crypto map: MSK-TEST
sa timing: remaining key lifetime (k/sec): (4501033/203)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xCEA2D5F3(3466778099)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2778, flow_id: NETGX:778, crypto map: MSK-TEST
sa timing: remaining key lifetime (k/sec): (4501043/203)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas: