分点A用的是1721接网通动态ADSL,总部是7206接电信宽带.两者做VPN. A能ping通总部局域网内服务器B, ping 5000的数据包都通. 但访问服务器B的网页就只能得到页面的标题得不到页面内容.微软服务器的终端服务也不通 但pcanywhere远程控制双方向没问题.尝试更换1721也不行, 排除客户端和服务器之间的问题, 同样的硬件配置和设置, 在其他分支点工作也正常. 下面是具体配置

1721的配置
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname wan
!
boot system flash c1700-k9sy7-mz.122-15.T9.bin
logging queue-limit 100
enable secret xxxxx
!
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
vpdn enable
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 59.xx.xx.225
!
!
crypto ipsec transform-set rtpset esp-3des esp-md5-hmac
!
crypto map rtp 1 ipsec-isakmp
set peer 59.xx.xx.225
set transform-set rtpset
match address 115
!
!
interface Ethernet0
description outside interface
no shut
no ip address
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
no keepalive
!
interface FastEthernet0
description Inside interface
no shut
ip address 192.168.23.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
speed 100
full-duplex
!
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxx password 0 xxxx
crypto map rtp
!
ip nat inside source route-map nonat interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
no ip http server
no ip http secure-server
!
!
access-list 115 permit ip 192.168.23.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 115 deny ip any any
access-list 120 deny ip 192.168.23.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 120 permit ip any any
dialer-list 1 protocol ip permit
!
route-map nonat permit 10
match ip address 120
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password xxxxx
login
!
no scheduler allocate
end


7206的配置

service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:c7200-a3jk9s-mz.123-4.T.bin
boot-end-marker
!
enable secret 5 xxxxx
!
no aaa new-model
ip subnet-zero
!
!
ip cef
ip ssh break-string
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map cisco 1
set transform-set myset
!
!
crypto map mymap 10 ipsec-isakmp dynamic cisco
!
!
interface FastEthernet0/0
ip address 59.xx.xx.225 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map mymap
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
duplex half
!
interface FastEthernet2/1
ip address 192.168.200.253 255.255.255.240
ip nat inside
duplex half
!
!
ip nat translation timeout 600
ip nat translation tcp-timeout 100
ip nat translation udp-timeout 100
ip nat translation max-entries 58000
ip nat inside source route-map nonat-1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.0.1 59.xx.xx.226 extendable
ip nat inside source static 192.168.0.2 59.xx.xx.227 extendable
ip nat inside source static 192.168.0.224 59.xx.xx.228 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 59.xx.xx2.230
ip route 192.168.0.0 255.255.252.0 192.168.200.254
ip route 192.168.4.0 255.255.255.0 192.168.200.254
ip route 192.168.5.0 255.255.255.0 192.168.200.254
no ip http server
no ip http secure-server
!
!
!
access-list 100 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.200.0 0.0.0.255 any
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
!
route-map nonat-1 permit 10
match ip address 100
!
control-plane
!
dial-peer cor custom
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxx
login
!
!
!
end


实在是纳闷,各位老大有没有什么建议帮忙帮忙