Не могу понять где ошибка. Необходимо поднять тунель между циской и Linuxом.
циска
crypto isakmp policy 110
encr aes
authentication pre-share
group 2
lifetime 3600
crypto isakmp key AnubisAsterisk address 1.1.1.1
!
!
crypto ipsec transform-set TO_ASTERISK esp-aes esp-sha-hmac
mode transport
!
crypto map TO_A 110 ipsec-isakmp
set peer 1.1.1.1
set transform-set TO_ASTERISK
match address 136
!
interface Tunnel136
ip address 192.168.136.2 255.255.255.252
tunnel source 2.2.2.2
tunnel destination 1.1.1.1
...
interface Dialer1
...
crypto map TO_A
Linux - openswan
ipsec.secret
1.1.1.1 2.2.2.2 : PSK "AnubisAsterisk"
ipsec.conf
authby=secret
ike=aes-sha1;modp1024
forceencaps=yes
dpddelay=30
dpdtimeout=120
dpdaction=restart_by_peer
ikelifetime=86400s
phase2=esp
phase2alg=aes-sha1
type=transport
salifetime=3600s
pfs=no
left=1.1.1.1 # OpenSWAN side
leftsubnet=192.168.136.1/32 #net subnet on left side to assign to right side
leftnexthop=2.2.2.2 # CISCO side
right=2.2.2.2 #CISCO side
rightsubnet=192.168.136.2/32 #net on right side
rightnexthop=1.1.1.1 # OpenSWAN side
auto=start
leftprotoport=gre
rightprotoport=gre
создание тунеля
ip tunnel add gre136 mode gre local 1.1.1.1 remote 2.2.2.2 ttl 255
ip a a 192.168.136.1/30 dev gre136
ip link set dev gre136 up
выхлоп ipsec auto status | tail
ipsec auto: warning: obsolete command syntax used
000 Total IPsec connections: loaded 1, active 0
000
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0)
000 IPsec SAs: total(0), authenticated(0), anonymous(0)
000
000 #1: "kram":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 83846s; newest ISAKMP; lastdpd=1531s(seq in:4218 out:0); idle; import:admin initiate
000
000 Bare Shunt list:
000
вроде пишет что ISAKMP SA established, т.е. как я понимаю тунель поднят. но пингов между gre ифейсами нет.
Тема: cisco + ubuntu 16.04 gre over ipsec (Прочитано 1332 раз)
