请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科服务支持
思科服务支持社区

  
 找回密码
 立即注册

扫一扫,访问微社区

搜索
热搜: 邮件服务器
查看: 742|回复: 2

2921 中国电信拨号不成功

[复制链接]
发表于 2016-8-8 23:55:53 | 显示全部楼层 |阅读模式
45可用金钱
路由器2921已经有一个专线,现在想加多一条中国电信的光纤,我找一之前的试过的模板,但是不行。
GigabitEthernet0/1连专线,GigabitEthernet0/1接内网,GigabitEthernet0/2接中国电信
配置如下:
Current configuration : 14247 bytes
!
! Last configuration change at 23:31:58 beijing Mon Aug 8 2016 by huitone
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname UC-ROUTER
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local group radius
aaa authentication login noauth line none
aaa authentication login easyvpn local
aaa authentication ppp VPDN_AUTH local
aaa authorization network groupauthor local group radius
aaa authorization network easyvpn local
!
!
!
!
!
aaa session-id common
clock timezone beijing 8 0
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.0.240 192.168.0.254
ip dhcp excluded-address 192.168.0.89
ip dhcp excluded-address 192.168.0.92
ip dhcp excluded-address 192.168.0.200 192.168.0.220
!
ip dhcp pool a
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 172.16.0.99 221.5.88.88
option 43 hex f104.ac10.010f
!
!
!
ip flow-cache timeout active 10
ip domain name uc.com
ip name-server 172.16.0.99
ip name-server 114.114.114.114
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
  protocol l2tp
  virtual-template 1
no l2tp tunnel authentication
!
!
!
!
!
!
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-1647751106
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1647751106
revocation-check none
rsakeypair TP-self-signed-1647751106
!
!
crypto pki certificate chain TP-self-signed-1647751106
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31363437 37353131 3036301E 170D3136 30343036 31343238
  32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36343737
  35313130 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B634 376BE021 88334ED3 A51641B6 9E67D159 CE62A474 2E8200C3 A72CD863
  385B950A 4215FB07 352402BD 965BC2CA D7A0F5F0 9C9D55AF C0D7EE15 60560D1C
  1E3506F3 D9641117 B312F5D5 21AB03EE 48942421 4CEB85DD 42A74A21 2DDD211A
  E405CF86 89A586BF C780DA8D ED1EAC37 104B639D 67CFB131 F333E0DF 68F9CC23
  08830203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14A02750 AEB1E08C B16C9F99 F983294B DFD3EEE9 A3301D06
  03551D0E 04160414 A02750AE B1E08CB1 6C9F99F9 83294BDF D3EEE9A3 300D0609
  2A864886 F70D0101 05050003 81810033 4C7B4278 2E583E87 8A498767 1EAE382B
  B289DBDF 19BDFCF7 B475AF18 4F8BD80E D279F25A 16B1DDB2 E4A57746 9F66A395
  288EAB34 441BFAA3 8C832BF2 D6FF6334 D1DAD8E9 62CBF246 C6A77AB1 BE4144F5
  B7A73787 C0740ADD 4850FC4E E6A3A190 0383D81A 4002918F 51D1ED82 2520E93B
  BDFF038D 71C59350 BFA14279 F1C65A
          quit
voice-card 0
!
!
voice call send-alert
voice rtp send-recv
!
voice service voip
no ip address trusted authenticate
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip handle-replaces
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
modem passthrough nse codec g711alaw
h323
  call preserve
sip
  registrar server expires max 600 min 60
  redirect contact order best-match
!
!
!
!
!
!
!
!
!
application
service aa flash0:/aa/its-CISCO.2.0.2.0.tcl
  paramspace english language en
  paramspace english index 0
  param operator 8012
  paramspace english location flash0:/aa/
  paramspace english prefix en
  param aa-pilot 9999
  param welcome-prompt en_welcome.au
!
!
license udi pid CISCO2921/K9 sn FGL201510ZS
hw-module pvdm 0/0
!
!
!
!
redundancy
!
!
!
!
!
ip ssh version 2
!
class-map match-all office
match access-group name office
class-map match-all server
class-map match-all server_out
match access-group 103
class-map match-all server_in
match access-group 133
class-map match-all 3M_OUT
match access-group name office
class-map match-all 3M
match access-group 3
!
policy-map 3M
class 3M
  police 4000000 conform-action transmit  exceed-action drop
policy-map server_out
class server_out
  police rate 2620000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map 3M_out
class 3M_OUT
  police 40000000 conform-action transmit  exceed-action drop
policy-map office
class office
  police rate 5240000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map server_in
class server_in
  police rate 2620000
   conform-action transmit
   exceed-action drop
   violate-action drop
!
!
crypto keyring abc  
  pre-shared-key address 0.0.0.0 0.0.0.0 key
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group myezvpn
dns 114.114.114.114
domain cisco
pool ezvpn_ip
acl 110
save-password
max-logins 5
netmask 255.255.255.0
!
crypto isakmp client configuration group hcvpn
dns 114.114.114.114
domain cisco
pool HC_VPN_POOL
acl HC_VPN_ACL
save-password
max-logins 5
netmask 255.255.255.0
!
crypto isakmp client configuration group hcvpn0
pool HC_VPN_POOL
acl HC_VPN_ACL
save-password
crypto isakmp profile ppp
   keyring abc
   match identity address 0.0.0.0
crypto isakmp profile IsaProfile
   match identity group hcvpn0
   client authentication list userauthen
   isakmp authorization list groupauthor
   client configuration address respond
   virtual-template 10
crypto isakmp profile VPNclient
   description VPN clients profile
   match identity group myezvpn
   client authentication list clientauth
   isakmp authorization list groupauthor
   client configuration address respond
!
!
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
mode tunnel
!
crypto ipsec profile IPSecProfile
set transform-set ccie
set isakmp-profile IsaProfile
!
!
!
crypto dynamic-map dymap 20
set transform-set ccie
set isakmp-profile ppp
reverse-route
!
crypto dynamic-map ezvpn_dymap 10
set transform-set ccie
set isakmp-profile VPNclient
reverse-route
!
!
crypto map mymap 10 ipsec-isakmp dynamic ezvpn_dymap
crypto map mymap 20 ipsec-isakmp dynamic dymap
!
!
!
!
!
interface Loopback8
ip address 10.100.100.1 255.255.255.252
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip nat outside
no ip virtual-reassembly in
ip policy route-map HC_VPN_RM
duplex auto
speed auto
crypto map mymap
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
service-policy input server_in
!
interface GigabitEthernet0/2
no ip address
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp lcp predictive
ppp authentication chap pap callin
ppp chap hostname 02008540566@163.gd
ppp chap password 0 EATBVKID
ppp pap sent-username 02008540566@163.gd password 0 EATBVKID
ppp ipcp address accept
no cdp enable
!
ip local pool ezvpn_ip 10.100.100.100 10.100.100.200
ip local pool HC_VPN_POOL 10.100.100.208 10.100.100.215
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination 172.16.1.10 9991
!
ip nat inside source list nat interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.0.179 80 interface GigabitEthernet0/0 80
ip nat inside source static tcp 192.168.0.181 80 interface GigabitEthernet0/0 81
ip nat inside source static tcp 192.168.0.180 80 interface GigabitEthernet0/0 82
ip route 0.0.0.0 0.0.0.0 157.122.53.225
ip route 10.200.200.0 255.255.255.0 192.168.0.253
ip route 172.16.0.0 255.255.252.0 192.168.0.253
ip route 172.16.4.0 255.255.255.0 192.168.0.253
!
ip access-list extended HC_VPN_ACL
permit ip 172.16.0.0 0.0.3.255 any
permit ip 192.168.0.0 0.0.0.255 any
permit ip 112.96.0.0 0.0.255.255 any
permit ip 120.80.48.0 0.0.0.255 any
ip access-list extended HC_VPN_RM_ACL
permit ip 10.100.100.208 0.0.0.7 any
ip access-list extended nat
deny   ip 10.200.200.0 0.0.0.255 10.100.100.0 0.0.0.255
deny   ip any 10.0.8.0 0.0.0.255
deny   ip host 192.168.0.133 any
deny   ip 172.16.0.0 0.0.3.255 10.100.100.0 0.0.0.255
deny   ip 192.168.0.0 0.0.0.255 10.100.100.0 0.0.0.255
permit ip 10.200.200.0 0.0.0.255 any
permit ip 172.16.0.0 0.0.3.255 any
permit ip 192.168.0.0 0.0.0.255 any
permit ip 10.100.100.208 0.0.0.7 any
ip access-list extended office
permit ip any any
deny   ip any any
!
logging history critical
logging trap debugging
logging host 192.168.0.17
dialer-list 1 protocol ip permit
arp 192.168.0.89 bcae.c543.fa68 ARPA
arp 192.168.0.92 4437.e69d.5066 ARPA
!
route-map HC_VPN_RM permit 10
match ip address HC_VPN_RM_ACL
set ip next-hop 10.100.100.2
!
!
snmp-server group cisco v3 auth
snmp-server group cisco v3 priv
snmp-server community cisco RW
no snmp-server enable traps entity-sensor threshold
access-list 1 permit any
access-list 3 permit 192.168.0.133
access-list 23 permit 10.10.10.0 0.0.0.127
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 103 permit ip any host 192.168.0.133
access-list 103 deny   ip any any
access-list 110 permit ip 172.16.0.0 0.0.3.255 any
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
access-list 110 permit ip 10.200.200.0 0.0.0.255 any
access-list 111 permit ip 192.168.0.0 0.0.0.255 any
access-list 120 deny   ip any any fragments
access-list 120 permit ip any any
access-list 133 permit ip host 192.168.0.133 any
!
!
!
control-plane
!
!
voice-port 0/0/0
supervisory disconnect dualtone mid-call
cptone CN
timeouts call-disconnect 1
timeouts wait-release 1
caller-id enable
!
voice-port 0/0/1
supervisory disconnect dualtone mid-call
cptone CN
timeouts call-disconnect 1
timeouts wait-release 1
caller-id enable
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
dial-peer voice 1 pots
preference 1
service aa
destination-pattern 9T
incoming called-number .
port 0/0/0
!
dial-peer voice 2 pots
preference 2
service aa
destination-pattern 9T
incoming called-number .
port 0/0/1
!
dial-peer voice 7 voip
preference 1
destination-pattern 8...
session protocol sipv2
session target ipv4:172.16.0.100
dtmf-relay rtp-nte
fax rate disable
no vad
!
dial-peer voice 8 voip
preference 2
destination-pattern 8...
session protocol sipv2
session target ipv4:172.16.0.101
dtmf-relay rtp-nte
fax rate disable
no vad
!
dial-peer voice 9 voip
preference 3
destination-pattern 8...
session protocol sipv2
session target ipv4:172.16.0.102
dtmf-relay rtp-nte
fax rate disable
no vad
!
dial-peer voice 100 voip
service aa
destination-pattern 9999
session target ipv4:192.168.0.1
incoming called-number 9999
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 20 voip
destination-pattern 7...
session protocol sipv2
session target ipv4:10.200.200.100
dtmf-relay rtp-nte
fax rate disable
no vad
!
!
!
!
gatekeeper
shutdown
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
exec-timeout 5 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
transport input all
line vty 5 15
privilege level 15
transport input all
line vty 16 1114
transport input all
!
scheduler allocate 20000 1000
ntp master 1
ntp server 3.asia.pool.ntp.org
ntp server 1.asia.pool.ntp.org minpoll 10
ntp server 2.asia.pool.ntp.org
ntp server 0.asia.pool.ntp.org
!
end


端口信息
UC-ROUTER#show interfaces gigabitEthernet 0/2
GigabitEthernet0/2 is up, line protocol is up
  Hardware is CN Gigabit Ethernet, address is 003a.7d1a.7d92 (bia 003a.7d1a.7d92)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full Duplex, 100Mbps, media type is RJ45
  output flow-control is XON, input flow-control is XON
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:03, output 00:00:06, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     533 packets input, 50102 bytes, 0 no buffer
     Received 533 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     351 packets output, 21145 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     533 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

UC-ROUTER#show interfaces DIaler 1
Dialer1 is up, line protocol is up (spoofing)
  Hardware is Unknown
  Internet address will be negotiated using IPCP
  MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Closed, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 1 seconds on reset
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 00:46:28
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     0 packets output, 0 bytes


debug信息
UC-ROUTER#SHOw DEBUgging
PPP:
  PPP authentication debugging is on
  PPP authorization debugging is on
  PPP protocol errors debugging is on
  PPP protocol negotiation debugging is on
  PPP packet display debugging is on
  PPP Negotiation Elogs debugging is on
  PPP Keepalive Elogs debugging is on
  PPP Detailed Elogs debugging is on
PPPoE:
  PPPoE protocol events debugging is on
  PPPoE data packets debugging is on
  PPPoE control packets debugging is on
  PPPoE protocol errors debugging is on
  PPPoE elog debugging is on

debug输出只有以下内容
Aug  8 15:50:26.730:  padi timer expired
Aug  8 15:50:26.730:  Sending PADI: Interface = GigabitEthernet0/2
Aug  8 15:50:26.730: pppoe_send_padi:
contiguous pak, size 60
         FF FF FF FF FF FF 00 3A 7D 1A 7D 92 88 63 11 09
         00 00 00 10 01 01 00 00 01 03 00 08 48 00 00 01
         00 00 26 29 00 00 00 00 00 00 00 00 00 00 00 00
         00 00 00 00 00 00 00 00 00 00 00 00


日志信息

*Aug  8 14:59:06.623: %PA-3-PA_INIT_FAILED: Performance Agent failed to initialize (Missing Data License)
*Aug  8 14:59:11.539: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Aug  8 14:59:11.539: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Aug  8 14:59:11.539: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
*Aug  8 14:59:14.543: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
*Aug  8 14:59:55.779: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Aug  8 15:00:14.991: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:00:20.999: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/0, changed state to up
Aug  8 15:00:21.263: %LINK-3-UPDOWN: Interface Foreign Exchange Office 0/0/1, changed state to up
Aug  8 15:05:32.075: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:06:57.230: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:07:57.878: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:08:57.878: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:09:58.856: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:10:58.903: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:12:00.937: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:13:08.863: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:14:08.866: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:15:08.868: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:16:09.178: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:17:09.417: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:18:09.951: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:19:13.953: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:20:14.240: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:21:15.126: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:22:15.165: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:23:17.884: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:24:17.887: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:25:17.886: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:26:17.902: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0x77451321(2001015585), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:27:18.333: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:28:18.800: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:29:21.220: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:29:27.664: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
Aug  8 15:29:41.564: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
Aug  8 15:30:21.340: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:31:21.495: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:31:57.819: %LINK-3-UPDOWN: Interface Dialer1, changed state to up
Aug  8 15:32:21.975: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:33:22.218: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:34:22.758: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:35:28.069: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:36:30.013: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:37:31.664: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:38:32.195: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:39:32.419: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:40:33.914: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:41:37.789: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:42:39.741: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0
Aug  8 15:43:18.864: %CRYPTO-4-IKMP_NO_SA: IKE message from 115.200.229.162 has no SA and is not an initialization offer
Aug  8 15:43:41.512: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=157.122.53.228, prot=50, spi=0xB493DCC2(3029589186), srcaddr=115.200.229.162, input interface=GigabitEthernet0/0


show tech信息见附件 show tech.zip (68.46 KB, 下载次数: 0)

  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
发表于 2016-8-9 15:50:52 | 显示全部楼层
关键点:

1.  interface Dialer1 接口下没有ip nat outside;
2.  看配置 gi0/0 接专线,也是有做NAT的,所以如果要实现多接口NAT,全局模式下的ip nat inisde soure 命令必须基于route-map 的nat配置方式才能实现;
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
发表于 2016-8-11 15:40:03 | 显示全部楼层
45金钱,楼主好大手笔,帮你置顶高亮
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver | 思科服务支持社区  

GMT+8, 2017-4-27 11:32 , Processed in 0.094612 second(s), 37 queries .

京ICP备09041801号-187

版权所有 :copyright:1992-2019 思科系统  重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表