拓扑说明:解决远端用户上网问题,l2tp拨号成功以后,可以选择在本地修改路由,如公司内网资源10.1.1.0/24 指向l2tp虚拟网关接口,默认路由指向本地网络网关。或公司cisco router配
.
拓扑说明:
解决远端用户上网问题,l2tp拨号成功以后,可以选择在本地修改路由,如公司内网资源10.1.1.0/24 指向l2tp虚拟网关接口,默认路由指向本地网络网关。
或公司cisco router配置代理上网,所有流量经公司路由器上网。
Router#sh run
Building configuration
Current configuration : 2420 bytes
!
! Last configuration change at 09:47:41 UTC Mon Oct 12 2020 by vxiadmin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable password vxinetadmin2982
!
----------------aaa本地账户认证---------------
aaa new-model
!
!
aaa authentication ppp default local
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip address-pool local
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
-----------------VPDN拨号配置----------------
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FHK1429F0LJ
username cisco privilege 15 password 0 cisco
username admin privilege 15 password 0 admin123
!
redundancy
!
!
!
---------------Ipsec配置-------------------------
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
mode transport
!
crypto dynamic-map cisco 10
set transform-set cisco
!
!
crypto map cisco 10 ipsec-isakmp dynamic cisco
!
!
!
!
!
-----------网络接口配置-----------------
interface FastEthernet0/0
ip address 218.104.X.188 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map cisco
!
interface FastEthernet0/1
ip address 172.28.192.248 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
---------------VPDN虚拟模板配置----------------
interface Virtual-Template1
ip unnumbered FastEthernet0/0 ---------代理***客户端上网
ip nat inside
ip virtual-reassembly in
peer default ip address pool cisco
ppp authentication ms-chap-v2 ms-chap
ppp ipcp dns x.x.x.x
!
ip local pool cisco X.118.139.1 X.118.139.100 ---------*地址池
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 218.104.X.185
ip route 10.0.0.0 255.0.0.0 172.28.192.254
!
*-------------------流量拒绝NAT-------------------
access-list 101 deny ip any X.118.139.0 0.0.0.255
access-list 101 permit ip any any**
nls resp-timeout 1
cpd cr-id 1
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line vty 0 4
password vxinetadmin2982
transport input all
!
scheduler allocate 20000 1000
end
