
有高手在吗 麻烦看下这个配置VPN有问题吗?CISCO1801#sh run
5 w. n( j3 H9 x1 A" n6 BBuilding configuration...
) H. ?6 z* g; G0 d' e* S6 X# U& t7 J( w" k% T
Current configuration : 3175 bytes
7 d3 l5 f# K! U) a' K6 y!/ i! |6 J3 H( o4 N$ c& a. c. b* o
version 12.4
/ X# j \( R* p8 j1 F z- K, n! Dservice timestamps debug datetime msec
) o! `% Y& x6 B* @/ c6 ]* D" [service timestamps log datetime msec
& x8 ]! d% ?6 i% Gno service password-encryption
* z0 T6 V: Q2 G% x!
4 b- V9 z4 T, X+ {6 Uhostname CISCO1801( |8 J; E) k% a" _# F; h) v
!" X; C/ f6 ]6 a4 |% ~/ h
boot-start-marker
3 _- Q) J+ J9 K }boot system flash c180x-adventerprisek9-mz.124-24.T4.bin
4 f. {$ u! [1 b3 y& N8 s8 Gboot-end-marker
' E: y" e0 h5 @" x! y/ }; y1 d# b% Q+ X. J
logging message-counter syslog: I- l9 e7 ` S) i; n" K. ]
logging buffered 51200 warnings$ ~ ^7 V/ L2 O# O1 o
enable secret 5 $1$FQTK$SEZmlKi2re3kr0/GxsjSg1" d+ j& }0 P Z& {* o3 q9 {& ?. L( A& j
!. K! x2 ]. U* t4 p# G$ J- j% ?
no aaa new-model! B4 j0 |' T% x P
!
" w- ^0 r y0 I# {1 h) I0 o!
5 ^9 e7 i6 }" o" K) u( L, Z1 |dot11 syslog& k8 D' u( @+ M( k
ip source-route4 {5 {4 x9 ~: ?2 M. q+ T- X
!: i; W1 o. v F0 p1 U# y" d- f
!
0 Q1 L" z8 O3 @- h5 y!/ x4 @+ G$ y( d' h' H
!
2 x7 D) a* e& a- d9 Gip cef2 T- C( l# X( ^+ N% o# q) ^
no ip domain lookup
' ~8 ?/ g2 q+ k f- sip domain name yourdomain.com3 M; P5 f) U+ }+ L
no ipv6 cef
8 E' S$ ]6 F4 c" B* k" K2 K9 G7 R!' I# e0 z" O6 M# c# c& ?
multilink bundle-name authenticated
: Z! o. L7 T9 N!8 L0 t8 K2 t/ j- D- G
vpdn enable+ ?: W& w+ \$ |7 O% z/ |
!5 V8 l2 t# w+ o+ _. Q$ A
vpdn-group office
6 K6 m: i7 W" F+ F1 h% d* | request-dialin
: }) C! ~$ o- W5 O0 `& D protocol pppoe
5 F# @/ a) x. G8 q2 I' L6 F. U!
: ?! I8 {7 ?7 l2 ?+ b f: b!
% D* o$ h4 C0 Q. H+ t2 k6 S!
8 M2 q* m: w" P$ ~+ n; K5 a* y( Ausername admin privilege 15 password 0 shengbao6 g4 N* q' ^9 a( E3 l
! ; W: I# q0 i; P9 l; l6 `7 L
!. m& M4 v0 ^* } @7 E
crypto isakmp policy 107 ]1 J, u5 U4 a* W) O
encr 3des
. i7 V1 m7 V( k% z" A! @1 { authentication pre-share
! g# Q7 g, @ a% ~ group 2: l- I& x+ h" L) D8 q
!/ S' X: `9 h* O" T
crypto isakmp policy 30
8 L! j8 L. N% `; F( w2 i encr 3des
; x8 F2 x8 e3 t: X% S( `5 Y+ f hash md5
" B" m/ H$ I3 y9 x authentication pre-share
4 ~& x Q" E& { group 2$ s. s$ s2 n( g/ \- T1 j
crypto isakmp key 56156195 address 121.227.225.239
2 Z& }! V, ?4 L$ Kcrypto isakmp keepalive 30
: Y% |" Z" Z L# f, J: B( W1 r!+ |! k" q' V2 U8 L2 c
!
3 q( D% v8 I# E- k5 bcrypto ipsec transform-set VPNSET esp-3des esp-sha-hmac ) U: B/ m4 t* _& P5 `/ T# u
!
( J* V' L Q g( d, rcrypto map myipsec 1 ipsec-isakmp
$ |0 e' q1 _; b+ x set peer 121.227.225.239/ t# f- }2 G9 H
set security-association lifetime seconds 86400
7 @, O3 z- @0 D1 s set transform-set VPNSET
% I% L, a* T, N* _ set pfs group2 M: F1 ]9 Y% e6 ] q5 I
match address 111
! v( E' q# R) o7 l$ t!5 ? z. D) N$ ?8 B- x$ d) e7 S
archive
9 n1 P# M9 [( U* Z8 K8 i log config
, Y9 s9 P6 K- ]! \' ^0 i hidekeys
# I- |+ X- `( a) v3 D2 ^!
% x+ b/ u9 b6 p3 r9 B2 j) @' Y!
$ a+ C( K# ]3 n9 d& \8 N1 s: A!
5 o1 _/ V, ^+ W5 g+ Q& H: W!( d5 W- m: [7 z6 Q6 L$ O
!5 s0 i p2 P- [% X' u E
interface ATM0
. Z; ^3 n( k# a1 A4 Z no ip address
% }$ {1 L A4 v+ }! S. p3 A- ? shutdown# s& `' f- u7 l ]5 \! j
no atm ilmi-keepalive& P' p5 U$ c, X2 W) M1 l
!
- L% C. o3 \- }% Z# Z' pinterface BRI0
, e1 w- i* \, W no ip address
# R y9 A8 B2 {. \( J2 g encapsulation hdlc
5 d7 d5 i2 \+ l/ M/ n. T# K2 O, D shutdown
/ a( k5 K+ v; t# W!- k1 _9 _# w" u, R8 o( g
interface FastEthernet0
) {' L' M/ Z( A+ v5 z no ip address0 R; E- _* a6 D2 t* X' h6 k E0 n
duplex auto3 Q) z' k2 k4 S3 W1 }
speed auto) U6 l6 {3 a! R& F- O" z1 K0 B
pppoe enable group global
6 ?& B+ k. b k. E pppoe-client dial-pool-number 1
. x" c9 s4 w% W2 y3 b0 Q crypto map myipsec# e% M# L6 I9 _9 Q& ?0 s
!
" a4 l+ R0 S3 x% kinterface FastEthernet14 K$ s! M3 w5 S& H
!
! S) e. X8 E6 yinterface FastEthernet20 V0 G; ]6 p" g5 |
!; ]: {: i% g. V& L/ ~! T/ Y2 r
interface FastEthernet3) y6 \6 y5 y8 b; I" X" T' S8 ?) u
!
4 F. g' y% O6 R9 jinterface FastEthernet4$ ]* H' r2 ~! S: u! }
!! l k5 K8 Z. U' X" ~# M
interface FastEthernet5
6 d- n) h8 Y/ t5 s! U/ K2 r% O y/ D% S3 _
interface FastEthernet6
K2 E9 }5 f' r3 R: I% E!, q; G0 Z6 J- x8 z) a
interface FastEthernet7
# Y0 A; f. ] v!
/ V+ U3 j- E6 _$ |0 Linterface FastEthernet8
# x9 d& H& {; C% a. y!, S3 V5 j6 L* S' G
interface Vlan14 \3 E! x) ?& W; f
ip address 192.168.0.2 255.255.255.0. l: k3 u; L) P; I
ip nat inside* H; ~, P! t `3 N" T1 h
ip virtual-reassembly
: P0 a5 g, Q$ B8 `; N ip tcp adjust-mss 1452' A3 z* T& K( p4 b. R. p
!
" T/ ?& s; |( A$ X9 O4 cinterface Dialer1# o& t7 j$ w4 R/ d+ K5 `
ip address negotiated
5 s x$ T( T8 @5 P1 Q ip mtu 1492
1 X1 W+ C2 z8 W j4 c1 Q/ ` ip nat outside9 W5 W! ?+ u" w+ p: O$ V
ip virtual-reassembly
; U4 i; z! j% Q$ D encapsulation ppp) X. n% \' c B0 |2 J2 I
dialer pool 1
3 N% @) n4 U2 r B- t, _( b dialer-group 16 A+ `# t" D1 M% ]) m1 Q
no cdp enable) Z7 b, B7 `1 u0 g. r- B
ppp authentication pap callin+ b% t" ]2 N* e. ~' A
ppp pap sent-username ad51949701 password 0 wJ5GrLTN
" [2 J1 k- k' R4 `9 M!
$ H4 ^0 K& C+ w" @. @7 z. aip forward-protocol nd
4 C; X3 ?0 }& ?& z* P0 [* Qip route 0.0.0.0 0.0.0.0 Dialer11 c: [3 w6 R; L9 ~. P# u$ Q
ip http server4 i4 [* e1 l% Z
ip http access-class 2
# Z1 n* `+ e8 N/ P, z o. ^ip http authentication local
5 @4 l6 a6 H( M( y( A5 A' {no ip http secure-server
1 w# q: @0 \9 Oip http timeout-policy idle 60 life 86400 requests 10000
/ e1 V6 u' r$ O5 u) U!
9 s1 j8 \, M- D4 i" Q1 g3 e3 d!
- j% C! j1 a7 E: L% x) B" N7 N5 jip nat inside source list 1 interface Dialer1 overload
2 s: U% Q: [4 l. n! ) M. j/ T/ [, L) A% d6 t( r
access-list 1 permit 192.168.0.39' m* {4 |/ o8 Q5 Y# ?# x+ @
access-list 1 permit 192.168.0.248
; T; z* ?. s- h" g a. Eaccess-list 1 permit 192.168.0.249) |, q; u; [8 Y5 a
access-list 1 permit 192.168.0.250
$ J# k5 B" n' b9 waccess-list 1 permit 192.168.0.251. @4 ^+ g3 X3 Z
access-list 1 permit 192.168.0.252 v& M; w7 P0 s5 C2 b
access-list 1 permit 192.168.0.253
$ Y; w, }9 S* O: M F: ]8 E7 o) Maccess-list 1 permit 192.168.0.254
5 t, @1 ?3 q( Q. F3 j& Eaccess-list 1 permit 192.168.0.2452 P$ x9 e `2 q$ E- V+ v3 x* x6 I
access-list 1 permit 192.168.0.246+ f9 P0 H9 r. f
access-list 1 permit 192.168.0.247
) Q, A. o$ Q9 R7 c; s& f1 h4 j/ caccess-list 1 permit 192.168.0.200
$ C7 k# _9 T- w4 L Daccess-list 1 permit 192.168.0.190
. |+ B+ a# j5 M% o( B8 Yaccess-list 1 permit 192.168.0.144
8 @; d7 R* r% ]. m8 Kaccess-list 1 permit 192.168.0.146
+ ?) g" {7 v G& {access-list 1 permit 192.168.0.150! }7 K* n, C8 ?! D
access-list 1 deny any
4 U7 U" V) E* ? X3 ^access-list 111 permit ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.2558 ]8 F) F3 n! G% ~' X
no cdp run: c0 _' A9 ~0 W; {$ t& ~ ]. Z& K
0 B1 `* N3 `) y7 |' E; c
!% W9 c6 k) o& o0 B% D2 \7 H) t
!
0 |4 h4 q+ N- [4 M!
% {( z! K; p$ w- T: a!
) l- e9 |$ R6 l; W+ Y!
1 ?/ X2 [; U- y3 q( S!
3 u! l+ c2 z2 ^# v/ vcontrol-plane* f" {, w& F2 U/ u
!% b9 ]4 @1 E1 Q, C% ^( V$ l
!) v* t; K% w. `, C, @
line con 0
1 V, Y2 }; y+ P* `9 a% _; H login local9 B3 ?/ F' c' b6 ?4 i7 @
line aux 0
* B. X' ~) V0 ^6 C; P1 Dline vty 0 4
; Z0 z* C9 v/ S6 f privilege level 15) S% E' F7 k/ y3 u4 H
password SHSBCISCO1801, Z) w+ \% u4 I5 O, R: I6 G" O# M$ Y
login8 u9 L7 t: t4 V# _3 k( }
transport input telnet* E+ [+ s9 P7 h! q, S
line vty 5 15
+ x' \2 u* G9 U9 [6 H: k7 ^ access-class 2 in
4 d- ` Y4 h7 P1 \ privilege level 15
/ ]: l) v3 t7 t$ G! Q* c# | login local2 s1 c2 V' x. P2 o/ l( |
transport input telnet0 G$ X. \6 c' W5 S- S& Z
!3 b) i$ t2 I* Y6 L
end, q, Q$ W9 a; r9 c- @& J. ]
% Y. Z1 Q- S! x3 [! }' E
以上是总部的配置 但是RV042上面配置了 没用 很奇怪到底怎么回事 谁知道的 帮个忙啊 |
|