Ciao a tutti
ho un Cisco 1721 configurato con vpn e connesso con hdsl, avendo il secondo slot libero ,posso configurare una connessione di backup failover , installando una card ethernet aggiuntiva e collegandola ad un router alice.
Grazie in anticipo
Alex
Cisco 1721 backup failover
Moderatore: Federico.Lagni
-
paolomat75
- Messianic Network master
- Messaggi: 2965
- Iscritto il: ven 29 gen , 2010 10:25 am
- Località: Prov di GE
Si certo 
.
Cerca nelle configurazioni che ci sono tanti esempi.
.Cerca nelle configurazioni che ci sono tanti esempi.
Non cade foglia che l'inconscio non voglia (S.B.)
-
alexmio
- n00b
- Messaggi: 18
- Iscritto il: mer 13 giu , 2012 2:03 am
ciao a tutti,
scusate l'ignoranza,
ho visto svariate configurazioni , ma non riesco a capire bene come posso fare il backup mantenendo la piena funzionalità della VPN.
Questa è la mia configurazione:
Router#sh config
Using 2667 out of 29688 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.235.1 192.168.235.154
ip dhcp excluded-address 192.168.235.226 192.168.235.254
!
ip dhcp pool mypool
import all
network 192.168.235.0 255.255.255.0
dns-server 151.99.0.100 151.99.125.2
default-router 192.168.235.254
lease infinite
!
!
ip name-server 151.99.0.100
ip name-server 151.99.125.2
!
!
!
crypto pki trustpoint TP-self-signed-111111111
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-11111111
revocation-check none
rsakeypair TP-self-signed-111111111
!
!
crypto pki certificate chain TP-self-signed-111111111
certificate self-signed 01 nvram:IOS-Self-Sig#1111.cer
username ££££££ privilege 15 password 0 &&&&&&
username ?????? privilege 15 secret 5 $$$$$$$$$$$$$$$$$$$$$$$$$
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key $$$$$$$ address XXX.XXX.XXX.XXX
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map _MAP 10 ipsec-isakmp
set peer XXX.XXX.XXX.XXX
set security-association lifetime seconds 188800
set transform-set myset
match address acl_vpn
!
!
!
interface FastEthernet0
ip address 192.168.235.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
speed auto
!
interface Serial0
no ip address
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type cisco
!
interface Serial0.1 point-to-point
ip address YYY.YYY.YYY.YYY 255.255.255.252
ip nat outside
ip virtual-reassembly
frame-relay interface-dlci 297 IETF
crypto map _MAP
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0.1
ip route 192.168.22.0 255.255.255.0 Serial0.1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list acl_nat interface Serial0.1 overload
!
ip access-list extended acl_nat
deny ip 192.168.235.0 0.0.0.255 192.168.22.0 0.0.0.255
permit ip 192.168.235.0 0.0.0.255 any
ip access-list extended acl_vpn
permit ip 192.168.235.0 0.0.0.255 192.168.22.0 0.0.0.255
!
access-list 104 permit tcp any any eq telnet
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 40 0
privilege level 15
password cisco
login local
transport input telnet ssh
!
end
Grazie
scusate l'ignoranza,
ho visto svariate configurazioni , ma non riesco a capire bene come posso fare il backup mantenendo la piena funzionalità della VPN.
Questa è la mia configurazione:
Router#sh config
Using 2667 out of 29688 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
!
no aaa new-model
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.235.1 192.168.235.154
ip dhcp excluded-address 192.168.235.226 192.168.235.254
!
ip dhcp pool mypool
import all
network 192.168.235.0 255.255.255.0
dns-server 151.99.0.100 151.99.125.2
default-router 192.168.235.254
lease infinite
!
!
ip name-server 151.99.0.100
ip name-server 151.99.125.2
!
!
!
crypto pki trustpoint TP-self-signed-111111111
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-11111111
revocation-check none
rsakeypair TP-self-signed-111111111
!
!
crypto pki certificate chain TP-self-signed-111111111
certificate self-signed 01 nvram:IOS-Self-Sig#1111.cer
username ££££££ privilege 15 password 0 &&&&&&
username ?????? privilege 15 secret 5 $$$$$$$$$$$$$$$$$$$$$$$$$
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key $$$$$$$ address XXX.XXX.XXX.XXX
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map _MAP 10 ipsec-isakmp
set peer XXX.XXX.XXX.XXX
set security-association lifetime seconds 188800
set transform-set myset
match address acl_vpn
!
!
!
interface FastEthernet0
ip address 192.168.235.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
speed auto
!
interface Serial0
no ip address
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type cisco
!
interface Serial0.1 point-to-point
ip address YYY.YYY.YYY.YYY 255.255.255.252
ip nat outside
ip virtual-reassembly
frame-relay interface-dlci 297 IETF
crypto map _MAP
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0.1
ip route 192.168.22.0 255.255.255.0 Serial0.1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list acl_nat interface Serial0.1 overload
!
ip access-list extended acl_nat
deny ip 192.168.235.0 0.0.0.255 192.168.22.0 0.0.0.255
permit ip 192.168.235.0 0.0.0.255 any
ip access-list extended acl_vpn
permit ip 192.168.235.0 0.0.0.255 192.168.22.0 0.0.0.255
!
access-list 104 permit tcp any any eq telnet
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 40 0
privilege level 15
password cisco
login local
transport input telnet ssh
!
end
Grazie
-
Rizio
- Messianic Network master
- Messaggi: 1158
- Iscritto il: ven 12 ott , 2007 2:48 pm
- Contatta:
Di norma crei un'interfaccia di loopback a cui assegni l'ip di destinazione del peer vpn a cui fà riferimento l'altro router poi imposti una rotta secondaria sottoponendo a tracking la rotta primaria di default.
In questo modo l'ip che assegni alla loopback è sempre visibile da qualunque interfaccia tu entri e sottoponendo a tracking la rotta di default gestisci l'eventuale down in automatico e dovrebbe fare tutto da solo.....dovrebbe
Ma, per curiosità, mi spieghi questa riga:
considerando che la secondo è ridondante alla prima (avendo tu un'unica default route e nessun processo di routing automatico attivo)
Rizio
In questo modo l'ip che assegni alla loopback è sempre visibile da qualunque interfaccia tu entri e sottoponendo a tracking la rotta di default gestisci l'eventuale down in automatico e dovrebbe fare tutto da solo.....dovrebbe
Ma, per curiosità, mi spieghi questa riga:
Codice: Seleziona tutto
ip route 0.0.0.0 0.0.0.0 Serial0.1
ip route 192.168.22.0 255.255.255.0 Serial0.1Rizio
Si vis pacem para bellum
