
有高手在吗 麻烦看下这个配置VPN有问题吗?CISCO1801#sh run0 |: l- ~% ]! _7 E n
Building configuration...3 M4 j" D2 r$ x' r6 E
: s+ a0 f2 W5 q- JCurrent configuration : 3175 bytes
; l; ?4 K: x5 v!5 b+ K5 z7 X. {% d
version 12.4
0 t4 J4 P. V/ }* y9 sservice timestamps debug datetime msec+ \& f, y, a& q0 {7 J6 n& {) U
service timestamps log datetime msec( p1 |0 E2 p7 d* a' p6 B/ ]
no service password-encryption5 x8 G4 @$ C8 T: d, ]+ s5 g2 u+ ~- q
!& S4 Q% _) K$ {( u1 W' e
hostname CISCO1801/ `9 a7 D: Q" L! c& T8 [6 O
!
K8 h/ P7 S- z! ~1 B: t2 Xboot-start-marker! l* u! r( h3 n* X7 K, z7 r
boot system flash c180x-adventerprisek9-mz.124-24.T4.bin
1 D: T2 ` i G( k7 l: s% L5 |8 Dboot-end-marker
2 a: [& G0 r# b) `! b!. @* T# c' x3 g5 m+ M
logging message-counter syslog% i/ w7 o# \" c
logging buffered 51200 warnings
8 c+ E. x" r( |7 k0 J7 nenable secret 5 $1$FQTK$SEZmlKi2re3kr0/GxsjSg1
% e$ z; V' ]7 x# c" p- \!& o% y0 G! b/ H* I% U# p
no aaa new-model
) ~, n9 m& v% W" l. \!
1 n! E& W( D2 p5 U' t1 `!
7 R6 x+ k" e/ U/ e" c( sdot11 syslog# V7 Z8 Q! }' Q) V6 o+ [5 Y
ip source-route, R) H1 x0 W0 @: E
!+ Q# y9 J7 V/ q# j7 N* B, m
!
3 q) C7 r; [) V9 W1 T1 K!9 Z+ p- [3 b7 U8 [# x- I+ J4 Q0 z
!' p; Z+ C' Y$ E/ A( n
ip cef
: P& k) i) V. W0 C) yno ip domain lookup$ [0 g6 c: \$ j0 i
ip domain name yourdomain.com3 n' |5 |( n# s% z$ f& S4 \
no ipv6 cef
. ?* `1 [4 _# w* Y6 `. d2 u7 ]!" X* ?5 f; p1 G( o
multilink bundle-name authenticated
1 y8 r0 z( C3 |# d" s9 G/ L!1 A* Z3 I+ W+ u/ v! P
vpdn enable" u8 I0 Q9 M* l/ ^6 t' X
!' k- }# ^+ e/ W
vpdn-group office
8 a$ E/ z( i9 ^9 E request-dialin
. u% J: Z: m2 x7 U8 v* w protocol pppoe3 y$ o: F2 m3 S+ } z: p
!* ]8 _" B/ p# b0 I5 s/ ~, r% N
!
3 Q9 q8 Y. ?& d) ]$ r4 u! K5 v' [; X X; Z k5 Y! C$ N; i
username admin privilege 15 password 0 shengbao" K7 d" ^) [4 b' M# U
!
5 ?! n& w' I* d!: i3 k* K/ V/ h5 R7 E
crypto isakmp policy 10
0 k. \: s" v0 P encr 3des& ~3 d6 D5 L' X8 m# e/ w2 z; t
authentication pre-share
7 {. d) C2 z9 h# N" E: A& D group 2
; ]) W2 ^/ \ O!; C1 T3 D. z+ N, D5 I
crypto isakmp policy 30
$ [( }! M, V6 ]% t- D& p encr 3des
4 [5 H3 n, g# ^0 l* l4 ^$ z hash md52 E( m: w/ T' \; |/ U
authentication pre-share F, P2 B, n$ E
group 25 [6 c4 f5 q% k, ~
crypto isakmp key 56156195 address 121.227.225.2399 I" _6 l4 K- J3 w
crypto isakmp keepalive 30
5 h) n: R0 b8 I$ ]+ g! ]!+ z# a) t p& V$ d1 g: _
!' z# h: c* Q: _$ x! y C: b: D
crypto ipsec transform-set VPNSET esp-3des esp-sha-hmac
$ T" `7 R ?* a% f! H!" a# r+ k6 Q h8 V
crypto map myipsec 1 ipsec-isakmp , x2 D5 P9 K. v0 m3 b& \. T/ v2 h
set peer 121.227.225.2391 _) E5 N; B. Q# `7 S
set security-association lifetime seconds 86400
+ {0 S9 Q3 D4 K7 w. p set transform-set VPNSET 6 [- s: ~7 H* H) }1 F9 B
set pfs group2
' N: @$ j! k; o2 P4 @ match address 1116 Y% E7 j3 {# Q, s! W; }8 k; P: m* a
!
5 z9 l1 H/ ]$ T7 i2 Larchive
9 S: W* ~& c8 `, a1 s: r log config A) C) v- g" y6 h- c
hidekeys
9 A2 G2 q. v% D0 V% n* h!
0 G1 C6 f3 W" v0 V0 L$ Q!* Z1 `( O! v& l% W
!0 e% Z/ o' ~; Y" q, x
!+ j( [3 @) K4 A
!; M6 F! ~" J3 M* H$ E
interface ATM0
* k& Y. c# J( K" `, a; D no ip address+ g3 B$ K2 v% p+ c. u+ _( j2 f3 F
shutdown7 b0 K' F+ b _5 s- y, Q5 V1 X& T
no atm ilmi-keepalive- l E; |) Q8 `/ Y
!+ M: s1 e8 @, I! E5 E5 h/ p
interface BRI08 D- A/ o p- j5 B! A( h% x# `3 ^
no ip address6 o' V% D. T' Z$ v/ {: [" g" X. ~
encapsulation hdlc
3 J$ n& f% [9 v shutdown
: D4 T) _/ u2 [4 b!
9 k1 B9 G& g5 z% @ K) Z1 \interface FastEthernet0# `; w. p) S6 ~- C, E7 a, H
no ip address
& E& b8 ]: f) c5 I' t; Y duplex auto5 s9 J2 r9 W* C
speed auto
# e6 p; {" @+ d k1 f pppoe enable group global
6 p0 q5 `( n8 W u# H; f pppoe-client dial-pool-number 1; A7 r+ i/ n9 J% C( g
crypto map myipsec5 m3 T; y9 A& ~( V7 f
!
% t. p5 _3 {: Q' ?1 T0 Winterface FastEthernet1' n/ i4 x5 v. X
!, F4 |6 R# e6 B& Z4 Z1 U
interface FastEthernet2. E1 M- ?2 _* }0 @6 O/ p
!
& c0 J# b8 \( y: minterface FastEthernet3
$ x4 ?0 N, w- h" v. }!
4 T: ]4 \( t9 S2 c9 _interface FastEthernet4! v5 R! E, |1 E$ d
!4 e. d m* N$ ?, Q
interface FastEthernet51 A) U2 n' L' V8 L( S3 r
!, B; g1 I! f% q {5 }1 t) a
interface FastEthernet6( Q2 R1 W8 i% l! d. o% G4 u/ v
!, E4 }% h+ R; f5 V+ b) X
interface FastEthernet76 O$ P+ V) W2 E, }" `2 t
!% s8 B- [# h5 ~5 V. |9 B8 F$ Z
interface FastEthernet8$ y1 [, F0 \3 O& l# w( S/ l
!
/ x% W5 i$ p$ ^9 h' cinterface Vlan1' e- J$ I' B. {3 z- L
ip address 192.168.0.2 255.255.255.0& Z$ _" {$ S7 F
ip nat inside- L) x! C$ Z" ^$ Z0 F2 U$ a
ip virtual-reassembly
1 r' N7 X. _6 m5 d ip tcp adjust-mss 1452) o( c4 O0 P4 f& m$ a2 f
!
& g/ Y5 v. @1 a3 u. T5 w) o, jinterface Dialer1
# r. S0 l$ M6 K; a A ip address negotiated! {( Q! H) `* A: W! G0 T+ u6 l0 _( m
ip mtu 14924 G) T+ [, M+ H" V+ k5 g1 `* C" v
ip nat outside3 D" X N5 e0 H3 C
ip virtual-reassembly, F; @" m! n$ o; p# k
encapsulation ppp
+ g$ i3 u! N h. |1 P: W dialer pool 1
" N( x, @. B" k2 t* k* p6 [* j dialer-group 1
: i3 u# W, ^) R- ^+ } no cdp enable. p& e5 n$ m7 {9 J
ppp authentication pap callin
. x/ p5 c- _1 p( r, l ppp pap sent-username ad51949701 password 0 wJ5GrLTN: d- d1 }# ~: Q* h$ F
!6 L" N5 p2 M$ t( b
ip forward-protocol nd T! v3 U, K+ d
ip route 0.0.0.0 0.0.0.0 Dialer1
: J4 V0 b9 K, ]6 S! `' ?* |& Mip http server
% V, p4 T- S, U; a* e1 pip http access-class 2
) A1 T- I* @! Y; {ip http authentication local/ |7 e N+ x3 Z& X
no ip http secure-server( k. {3 a" {$ }- {' n3 e
ip http timeout-policy idle 60 life 86400 requests 10000' e7 j# c, [2 E6 d( j4 R1 I
!3 b* w C! a2 a2 f7 F* e
! `, R7 q' {1 J! b
ip nat inside source list 1 interface Dialer1 overload6 R; C2 o$ k- ^" n7 |# K
!
/ d( T7 l5 ^" Y. a8 Z7 U, laccess-list 1 permit 192.168.0.39" `% p7 F/ c1 p3 I& x
access-list 1 permit 192.168.0.248
; N5 t, G0 x& Q2 Waccess-list 1 permit 192.168.0.249" t) A6 R3 r7 u9 C
access-list 1 permit 192.168.0.250
0 g' J! l/ u& Z0 ^4 o* Jaccess-list 1 permit 192.168.0.251' X# F4 u) y0 U) v% L$ A% |
access-list 1 permit 192.168.0.252
2 G+ S. B$ H, k( k: waccess-list 1 permit 192.168.0.253
# r# V0 A5 G+ c% vaccess-list 1 permit 192.168.0.254
; _9 b3 T' L3 _. L8 ^4 \7 U( |access-list 1 permit 192.168.0.245
$ T0 a$ |* Z" B/ ^access-list 1 permit 192.168.0.2467 A& O+ C/ M* l3 }. L
access-list 1 permit 192.168.0.247: J% h c1 S/ N% T; `- ]6 _
access-list 1 permit 192.168.0.2001 t# K# R$ x% b7 T
access-list 1 permit 192.168.0.190
$ Q1 e, `8 M4 ~! f7 Qaccess-list 1 permit 192.168.0.144
. ? O% Q7 m0 `/ E" }4 w% r }access-list 1 permit 192.168.0.1463 N$ X* R: B/ A2 L4 S j
access-list 1 permit 192.168.0.150
1 ~. T1 T- U" faccess-list 1 deny any
1 N& \6 C0 T! T9 u& W. j: G6 qaccess-list 111 permit ip 192.168.0.0 0.0.0.255 192.168.9.0 0.0.0.255
. b+ _% T8 _( ~no cdp run7 H5 B' E6 b7 r2 \. l' R
) R' B; C, Q1 D1 H, D
!
) ?/ p0 e$ p% R* z/ f9 I+ _1 L!& l+ @' J! a9 ]2 d7 a; w/ Z# N, H
!
) d* P6 s2 i4 Y( z# a$ H4 a$ n# r!* Q% i3 j& c ^" y) w" m/ N0 T2 l
!$ ~4 D% _0 v6 m4 b3 @4 i. L6 T
!$ g, w" {! r; R8 Z
control-plane4 P5 d U/ k$ ?* X4 g
!
* h% D$ V9 d+ K) Q$ U+ p1 r!1 Z) s5 s, p5 ^& d0 w" Y @& A
line con 0, c1 \4 Z" T1 w1 j" i
login local
8 G8 }- l( e& W$ i! |3 Aline aux 0
' b5 q, Z1 H) A1 tline vty 0 4
9 |2 C2 }, \2 o; [, U privilege level 152 U _3 y8 L6 G+ M# m( @; Y
password SHSBCISCO1801. G# M5 z8 p# F
login; B1 W2 e z2 Q6 Z% t' ~
transport input telnet
, o* I/ |1 S7 } kline vty 5 15+ {3 b$ `# u4 Y
access-class 2 in
3 B' z: ^% m. n1 r6 N% { privilege level 15
- l) }8 Q# n0 F. y# F login local
. C0 ^6 j* K- q% f transport input telnet
6 S P' m2 q% \!; w: ^8 Q6 g* X' I7 U& h3 o
end
$ U) e: d: m% Y! ?/ U
( e$ X8 k4 R7 k- }5 T6 Q L以上是总部的配置 但是RV042上面配置了 没用 很奇怪到底怎么回事 谁知道的 帮个忙啊 |
|