我的 Cisco 861 出了问题。我无法从路由器跟踪路由到任何 IP 地址,甚至无法跟踪到下一跳。有人能提出可能的原因吗?
抱歉进行审查,但我不会冒险在网上发布 IP
version 15.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname ####
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 ####
!
no aaa new-model
memory-size iomem 10
clock summer-time EST recurring
crypto pki token default removal timeout 0
!
!
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool vlan1pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
domain-name ####
dns-server ### ###
lease 14
!
!
ip inspect name fire-rules tcp
ip inspect name fire-rules udp
ip inspect name fire-rules ssh
no ip domain lookup
ip domain name ###
ip name-server ###
ip name-server ###
ip cef
!
!
password encryption aes
license udi pid CISCO861-K9 sn ###
!
!
username ### privilege 15 secret 5 ###
!
!
!
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key 6 ####
!
!
crypto ipsec transform-set cmevpn esp-3des esp-md5-hmac
!
!
!
crypto map ### 1 ipsec-isakmp
set peer ###
set transform-set cmevpn
match address 100
!
!
!
!
!
interface Loopback0
ip address ### 255.255.255.255
!
interface Tunnel0
ip address ### 255.255.255.252
tunnel source ###
tunnel destination ##
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
switchport access vlan 2
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description ip
ip address ##87 255.255.255.192
ip access-group 150 in
ip inspect fire-rules out
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
crypto map cmevpn
!
interface Vlan1
description 'Default Vlan'
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
ip address ### 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip mroute ###.###.19.0 255.255.255.0 Tunnel0
ip nat inside source static tcp <Mail IP> 25 <Public IP> 25 extendable
ip nat inside source static tcp <DNS IP> 53 <Public IP> 53 extendable
ip nat inside source static udp <DNS IP> 53 <Public IP> 53 extendable
ip nat inside source static tcp <Mail IP> 443 <Public IP> 443 extendable
ip nat inside source static udp <Mail IP> 443 <Public IP> 443 extendable
ip nat inside source static tcp <Mail IP> 993 <Public IP> 993 extendable
ip route 0.0.0.0 0.0.0.0 <Next Hop IP>
ip route ### 255.255.255.0 <Next Hop IP>
ip route ### 255.255.255.0 <Next Hop IP>
ip route ### 255.255.255.0 <Next Hop IP>
ip route ### 255.255.255.0 <Next Hop IP>
ip route ### 255.255.255.0 <Next Hop IP>
ip route ### 255.255.255.0 <Next Hop IP>
ip route ### 255.255.255.0 <Next Hop IP>
ip route ### 255.255.255.0 <Next Hop IP>
ip route ### 255.255.255.255 <Next Hop IP>
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit ip ### ###
access-list 100 permit gre host ### host ###
access-list 150 permit udp any any eq isakmp
access-list 150 permit ahp any any
access-list 150 permit esp any any
access-list 150 permit icmp any any echo-reply
access-list 150 permit tcp any host <Public IP> eq smtp
access-list 150 permit tcp any host <Public IP> eq domain
access-list 150 permit udp any host <Public IP> eq domain
access-list 150 permit tcp any host <Public IP> eq 443
access-list 150 permit udp any host <Public IP> eq 443
access-list 150 permit tcp any host <Public IP> eq 993
access-list 150 deny tcp any any
access-list 150 deny udp any any
access-list 150 deny ip any any
no cdp run
!
line con 0
login local
line aux 0
line vty 0 4
access-class 1 in
privilege level 15
login local
transport input telnet ssh
!
ntp server 194.35.252.7 prefer
sntp server 194.35.252.7
sntp server 81.168.77.149
sntp server 194.164.127.6
sntp source-interface FastEthernet4
end