selamlar;

ekteki konfigrasyonlarda iki nokta arasında ipsec Virtual Private Network (VPN) kurmaya çalışıyorum.
ancak bir türlü iki tarafıda birbirine pingletemedim.

konfigrasyonlara 3.göz olarak bakıp yorum yapabilirseniz çok sevinirim.

1.router;

sh run
Building configuration...

Current configuration : 3663 bytes
!
! Last configuration change at 09:49:25 GMT+2 Wed Jun 18 2008 by teknotel
! NVRAM config last updated at 09:43:55 GMT+2 Wed Jun 18 2008 by teknotel
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname test
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
enable secret <removed>
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone GMT+2 2
clock summer-time GMT+2 date Mar 26 2007 2:00 Oct 29 2007 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip source-route
!
!
!
!
ip cef
ip name-server 213.144.97.12
ip name-server 213.144.97.13
no ip bootp server
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip ips notify SDEE
!
!
!
!
username test privilege 15 secret <removed>
!
!
ip tcp synwait-time 10
ip ftp username ciscoios
ip ftp password 7 <removed>
ip ssh version 2
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
hash md5
authentication pre-share
crypto isakmp key <removed> address 213.144.122.24
!
!
crypto ipsec transform-set test esp-des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer 213.144.122.24
set transform-set test
match address 100
!
!
!
interface Ethernet0
ip address 172.1.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
half-duplex
!
interface FastEthernet0
ip address 10.229.1.50 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed auto
crypto map SDM_CMAP_1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.229.1.49
ip route 192.168.100.0 255.255.255.0 FastEthernet0
ip route 192.168.200.0 255.255.255.0 172.1.1.2
ip route 213.144.122.24 255.255.255.255 10.229.1.49 90
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 10
sort-by bytes
!
!
!
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 172.1.1.0 0.0.0.3 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.200.0 0.0.0.255 172.16.2.0 0.0.0.255
access-list 100 permit ip 172.1.1.0 0.0.0.3 172.16.2.0 0.0.0.255
snmp-server community lxa47zb RO 99
no cdp run
!
!
!
control-plane
!
banner login ^C
^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17180340
ntp server 207.46.130.100
ntp server 195.13.23.5
ntp server 129.6.13.23
end

2.router;
#sh run
Building configuration...

Current configuration : 10079 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname test
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging buffered 51200 warnings
enable secret <remove>
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone GMT+2 2
network-clock-participate wic 2
!
!
ip cef
!
!
ip domain name yourdomain.com
ip host melih 192.168.200.250
ip host ozgur 192.168.27.254
ip host korcan 192.168.253.2
ip host ahmet 192.168.30.254
ip sla monitor 1
type echo protocol ipIcmpEcho 10.250.251.9 source-ipaddr 10.250.251.26
timeout 2000
frequency 5
ip sla monitor schedule 1 life forever start-time now
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1702930444
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1702930444
revocation-check none
rsakeypair TP-self-signed-1702930444
!
!
crypto pki certificate chain TP-self-signed-1702930444
certificate self-signed 01
30820257 308201C0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373032 39333034 3434301E 170D3038 30343234 31343132
30395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37303239
33303434 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B371 9D57FC4D A87E0CCB E7F013F3 0C2CA8D8 976F255D FA1F7B8E FDE0B3F9
666C2498 EC4492F8 706F8035 2CFC6DD5 54EA7630 A26E27A7 3DEC8211 CE49F5BA
3CC9DBBA FD6F3FB8 29D5A482 FA986A0A 4B362E08 C1080BAD 8335EEC0 46F9C6CC
53BD0D9C E8353BEF 0D4443D6 79FF4122 81DD996E 294AAB5E 7FBFA51D DB51A745
1BCB0203 010001A3 7F307D30 0F060355 1D130101 FF040530 030101FF 302A0603
551D1104 23302182 1F546972 73616E5F 53616D61 6E646972 612E796F 7572646F
6D61696E 2E636F6D 301F0603 551D2304 18301680 146AA101 9B691ECA CC42CAC0
10983927 03F17031 AA301D06 03551D0E 04160414 6AA1019B 691ECACC 42CAC010
98392703 F17031AA 300D0609 2A864886 F70D0101 04050003 8181007A 0C0BA558
2C3CE5FA 6C4CF365 6604DC3D 386FAAAE 7C484415 06162B2B 2305DA02 BD163D41
561AC57A CF2B06F8 A8654496 0015F6F2 259BF103 2B70AC7F A182B979 E70D4DF5
D5855397 0DD1C1D9 C601DF45 2F1A57E2 B0EE66E0 8A70539E 70680024 82452854
BD13C072 7D575D95 3298A856 8C36CE62 C0E04A28 6E0E2643 06A74A
quit
username test privilege 15 secret <removed>
!
!
ip tcp synwait-time 10
ip ftp username ciscoios
ip ssh version 2
!
track 1 rtr 1 reachability
delay down 30
!
class-map match-all voice-signaling
match access-group 199
class-map match-all voice-traffic
match access-group 198
match access-group 175
class-map match-all voice-signalling
match access-group 176
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
hash md5
authentication pre-share
crypto isakmp key <removed> address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set test esp-des esp-md5-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set test
match address 100
!
!
!
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
interface Loopback0
ip address 213.144.122.24 255.255.255.255
crypto map SDM_CMAP_1
!
interface Tunnel0
ip address 10.250.252.1 255.255.255.252
ip accounting output-packets
ip tcp adjust-mss 1436
tunnel source 10.250.251.26
tunnel destination 10.250.251.9
!
interface Tunnel1
ip address 10.250.252.13 255.255.255.252
ip accounting output-packets
ip tcp adjust-mss 1436
keepalive 30 3
tunnel source 10.250.251.26
tunnel destination 10.250.251.18
!
interface Tunnel2
ip address 10.250.252.17 255.255.255.252
ip accounting output-packets
ip tcp adjust-mss 1436
tunnel source 10.250.251.26
tunnel destination 10.250.251.22
!
interface FastEthernet0/0
ip address 172.16.2.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 348
ip address 10.250.251.26 255.255.255.248
ip virtual-reassembly
!
interface Virtual-Template1
no ip address
!
ip route 192.168.200.0 255.255.255.0 Tunnel0 track 1
ip route 0.0.0.0 0.0.0.0 172.16.2.1
ip route 10.250.251.0 255.255.255.0 10.250.251.27
ip route 62.128.187.224 255.255.255.248 10.250.251.27
ip route 62.128.187.224 255.255.255.248 10.250.251.25
ip route 192.168.27.0 255.255.255.0 Tunnel2
ip route 192.168.30.0 255.255.255.0 Tunnel1
ip route 192.168.100.0 255.255.255.0 172.16.2.1
ip route 213.144.96.0 255.255.255.0 10.250.251.27
ip route 213.144.97.0 255.255.255.0 10.250.251.27
ip route 213.144.97.0 255.255.255.0 213.144.96.70
ip route 213.144.122.24 255.255.255.255 10.250.251.27
ip route 213.144.122.24 255.255.255.255 10.250.251.25
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 100 permit ip 172.16.2.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 100 permit ip 172.16.2.0 0.0.0.255 172.1.1.0 0.0.0.3
access-list 100 permit ip 192.168.100.0 0.0.0.255 172.1.1.0 0.0.0.3
access-list 175 permit udp any any range 16384 32767
access-list 176 permit tcp any eq 1720 any
access-list 176 permit tcp any any eq 1720
access-list 198 permit udp any any range 16384 32767
access-list 198 permit udp any range 16384 32767 any
access-list 199 permit tcp any eq 1720 any
access-list 199 permit tcp any any eq 1720
access-list 199 permit tcp any range 2000 2002 any
access-list 199 permit tcp any any range 2000 2002
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

teşekkür ederim.