Добрый день,
Подскажите пожалуйста, что нужно еще добавить в конфигурацию, что был доступен публичный IP DFL1660 во время установленного к нему соединения через IPsec over L2TP из под Windows XP.
В данный момент соединение благополучно устанавливается, доступна локальная сеть и сервера в зоне dmz (transperent mode), доступен Public IP присоединенный к wan1 через публикацию ARP, а вот основной IP DFL на wan1, на который производится подключение недоступен.
Код:
DFL-1660:/> about
D-Link Firewall 2.30.01.06-15906
Copyright Clavister 1996-2011. All rights reserved
QuickSec SSHIPSECPM version 2.1 library 2.1
Copyright 1997-2003 SafeNet Inc
Build : May 12 2011
DFL-1660:/L2TPAddresses> show IP4Address
Name Address No DC UA Groups Comments
--------- ----------------------------- ----- --------- --------
l2tp_ip 192.168.100.1 No <empty> <empty>
l2tp_pool 192.168.100.2-192.168.100.254 No <empty> <empty>
DFL-1660:/> show PSK
Name Type Comments
---------------- ------------------ --------
l2tp_ipsec_psk ASCII (Passphrase) <empty>
DFL-1660:/> show Interface IPsecTunnel l2tp_ipsec_tunnel
Property Value
-------------------------- --------------------------------
Index: 2
Name: l2tp_ipsec_tunnel
LocalNetwork: InterfaceAddresses/wan1_ip
RemoteNetwork: all-nets
RemoteEndpoint: <empty>
IKEConfigModePool: <empty>
IKEAlgorithms: Standard
IPsecAlgorithms: Standard
IKELifeTimeSeconds: 28800
IPsecLifeTimeSeconds: 3600
IPsecLifeTimeKilobytes: 0
EncapsulationMode: Transport
AuthMethod: PSK (Pre-shared keying)
PSK: l2tp_ipsec_psk
LocalIDType: Auto
XAuth: Off
DHCPOverIPsec: No
AddRouteToRemoteNet: Yes
PlaintextMTU: 1420
OriginatorIPType: LocalInterface (Local interface)
IKEMode: Main (Mainmode)
DHGroup: 2
PFS: None
SetupSAPer: Net (Per network)
DeadPeerDetection: Yes
NATTraversal: OnIfNeeded (Only if needed)
KeepAlive: Disabled
Metric: 90
AutoInterfaceNetworkRoute: No
Comments: <empty>
DFL-1660:/> show Interface L2TPServer l2tp_ipsec
Property Value
---------------------- -------------------------------
Name: l2tp_ipsec
IP: L2TPAddresses/l2tp_ip
TunnelProtocol: L2TP
Interface: l2tp_ipsec_tunnel
ServerIP: InterfaceAddresses/wan1_ip
UseUserAuth: Yes
MPPENone: Yes
MPPERC440: No
MPPERC456: No
MPPERC4128: No
IPPool: L2TPAddresses/l2tp_pool
DNS1: <empty>
DNS2: <empty>
NBNS1: <empty>
NBNS2: <empty>
AllowedRoutes: all-nets
ProxyARPAllInterfaces: No
ProxyARPInterfaces: lan1
Comments: <empty>
DFL-1660:/> show UserAuthRule 1(l2tp_auth)
Property Value
------------------------- ------------------------------
Index: 1
Name: l2tp_auth
Agent: PPP (L2TP/PPTP/SSL VPN)
ChallengeExpire: 160
AuthSource: Local
Interface: l2tp_ipsec
OriginatorIP: all-nets
TerminatorIP: InterfaceAddresses/wan1_ip
LocalUserDB: UserDB
PPPAuthNoAuth: No
PPPAuthPAP: Yes
PPPAuthCHAP: Yes
PPPAuthMSCHAP: Yes
PPPAuthMSCHAPv2: Yes
IdleTimeout: 1800
SessionTimeout: <empty>
UseServerTimeouts: No
MultipleUsernameLogins: AllowMultiple (Allow multiple)
AccountingServers: <empty>
BytesSent: Yes
PacketsSent: Yes
BytesReceived: Yes
PacketsReceived: Yes
SessionTime: Yes
SupportInterimAccounting: No
LogEnabled: Yes
LogSeverity: Default
Comments: <empty>
DFL-1660:/8(l2tp_ipsec)> show IPRule
IPRule
# Name Action SrcIf SrcNet DestIf DestNet Service
- ------------------ ------ ---------- -------------------------- ---------- -------------------------- --------------
1 l2tp_ipsec_to_lan1 Allow l2tp_ipsec L2TPAddresses/l2tp_pool lan1 InterfaceAddresses/lan1net all_tcpudpicmp
2 lan1_to_l2tp_ipsec Allow lan1 InterfaceAddresses/lan1net l2tp_ipsec L2TPAddresses/l2tp_pool all_tcpudpicmp
3 l2tp_ipsec_to_fw Allow l2tp_ipsec L2TPAddresses/l2tp_pool any L2TPAddresses/l2tp_ip all_tcpudpicmp
4 fw_to_l2tp_ipsec Allow any L2TPAddresses/l2tp_ip l2tp_ipsec L2TPAddresses/l2tp_pool all_tcpudpicmp
5 allow_l2tp_ipsec NAT l2tp_ipsec L2TPAddresses/l2tp_pool wan1 all-nets all_tcpudpicmp
Вход
Регистрация
FAQ
Поиск
