Azure 가상 네트워크와 Cisco 881 라우터 사이에 VPN 터널을 구축했습니다. Azure 가상 네트워크에 가상 머신이 있지만 라우터가 가상 머신을 ping할 수 없습니다. 또한 라우터는 가상 머신을 ping할 수 없습니다. 따라서 누군가 내가 무엇을 놓치고 있는지 알아내도록 도와줄 수 있다면 좋을 것입니다! 구성은 다음과 같습니다.
interface Tunnel1
ip address 169.254.0.1 255.255.255.0
ip tcp adjust-mss 1350
tunnel source FastEthernet4
tunnel mode ipsec ipv4
tunnel destination 104.215.95.202
tunnel protection ipsec profile vti
!
interface FastEthernet4
description Interface_to_3rd_party_ISP
ip address 97.105.10.190 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description Management_interface
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip route 0.0.0.0 0.0.0.0 97.105.10.189
ip route 172.16.0.0 255.255.255.0 Tunnel1
!
access-list 1 permit 192.168.251.0 0.0.0.255
access-list 1 permit 24.173.194.0 0.0.0.255
access-list 101 permit ip 10.0.0.0 0.0.0.255 172.16.0.0 0.0.0.255
이것이 내가 왜 핑을 할 수 없는지 알아내는 데 누군가가 도움을 줄 수 있는 충분한 정보였기를 바랍니다. 핑하려는 VM의 IP는 172.16.0.4입니다.
감사합니다!
요청에 따라 몇 가지 표시 명령을 추가하고 있습니다.
sh interfaces tunnel 1
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Internet address is 169.254.0.1/24
MTU 17878 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 97.105.10.190 (FastEthernet4), destination 104.215.95.202
Tunnel Subblocks:
src-track:
Tunnel1 source tracking subblock associated with FastEthernet4
Set of tunnels with source FastEthernet4, 1 member (includes iterators ), on interface <OK>
Tunnel protocol/transport IPSEC/IP
Tunnel TTL 255
Tunnel transport MTU 1438 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile "vti")
Last input never, output never, output hang never
Last clearing of "show interface" counters 1d17h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 73
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1061 packets input, 33976 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
79 packets output, 5631 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
sh crypto ipsec sa
interface: Tunnel1
Crypto map tag: Tunnel1-head-0, local addr 97.105.10.190
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 104.215.95.202 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 6, #pkts encrypt: 6, #pkts digest: 6
#pkts decaps: 1065, #pkts decrypt: 1065, #pkts verify: 1065
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 97.105.10.190, remote crypto endpt.: 104.215.95.202
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet4
current outbound spi: 0xD77E621E(3615384094)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xF41C8A8E(4095511182)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 422, flow_id: Onboard VPN:422, sibling_flags 80000040, crypto map: Tunnel1-head-0
sa timing: remaining key lifetime (k/sec): (4228180/3545)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD77E621E(3615384094)
transform: esp-256-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 421, flow_id: Onboard VPN:421, sibling_flags 80000040, crypto map: Tunnel1-head-0
sa timing: remaining key lifetime (k/sec): (4228181/3545)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas: