拓扑说明:通过公网IP映射到cisco router内网口IP,所有流量丢向核心,互联网流量通过出口防火墙进行管控,上网。Router#sh runBuilding configuration...C
.
拓扑说明:
通过公网IP映射到cisco router内网口IP,所有流量丢向核心,互联网流量通过出口防火墙进行管控,上网。
Router#sh run
Building configuration...
Current configuration : 2422 bytes
!
! Last configuration change at 11:32:24 UTC Fri Oct 16 2020 by vxiadmin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable password vxinetadmin2982
-------------------本地账户认证----------------------
aaa authentication ppp default local
!
-----------------------------------aaa认证 raduis----------------------------
aaa new-model
aaa authentication login ias group radius local
aaa authentication ppp default group radius local
aaa authorization network default group radius local
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip address-pool local
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
-------------------VPDN拨号配置-------------------------------
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FHK1429F0LJ
username vxiadmin password 0 vxinetadmin2982
username cisco privilege 15 password 0 cisco
!
redundancy
!
!
!
--------------------------ipsec配置----------------
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
mode transport
!
crypto dynamic-map cisco 10
set transform-set cisco
!
!
crypto map cisco 10 ipsec-isakmp dynamic cisco
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
-------------接口配置----------
interface FastEthernet0/1
ip address 172.28.192.249 255.255.255.0
ip virtual-reassembly in
duplex auto
speed auto
crypto map cisco
--------------------虚拟模板----------------
interface Virtual-Template1
ip address X.118.139.254 255.255.255.0
ip virtual-reassembly in
peer default ip address pool cisco
ppp authentication ms-chap-v2 ms-chap
ppp ipcp dns X.118.145.252
!
ip local pool cisco X.118.139.1 X.118.139.100 -------------地址池
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 172.28.192.254 -----------默认路由丢向核心
!
ip radius source-interface FastEthernet0/1
nls resp-timeout 1
cpd cr-id 1
!
!
!
!
!
----------------raduis认证---------
radius-server host 172.28.2.101 auth-port 1812 acct-port 1813
radius-server key vxicisco
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line vty 0 4
password vxinetadmin2982
login authentication ias
transport input all
!
scheduler allocate 20000 1000
end
