各位大侠,请帮我下,我用的是cisco-2811的SDM中的easy vpn server配置的vpn设置,现在用cisco client 能拨入116.224.131.50,但是我只能访问192.168.1.1,其余的10.16.118.xx访问不了,不知道如何解决,请大侠们帮助解决下,谢谢!
9 V! q2 ], {- D9 K当前的代码如下!9 Z4 g; v% J3 A* C7 U# J9 [5 ^6 f3 v
This is the running config of the router: 116.224.131.50" o \! b. x5 }0 e+ P6 ^
!----------------------------------------------------------------------------5 ?; _0 ~3 {! e
!version 12.4) }2 d; C7 W2 R. e
service timestamps debug datetime msec
) ^" r( M3 f/ V/ Y- yservice timestamps log datetime msec& F% f3 s* N( J, Z4 {% A
no service password-encryption
. A: W7 e; X' F- J& U d, G% J!* l Q+ a/ p- m. y) W, c" u
hostname cisco-2811
. \* ?% @% _3 M. d+ q3 C!
% c# ~4 f) m$ W# i6 cboot-start-marker
* Y/ S7 r4 ?0 {/ z; {2 p8 H! X' {boot system flash c2800nm-advsecurityk9-mz.124-3.bin
8 M. Q) ~2 R, `9 bboot-end-marker
- o, T6 X4 C5 t!
" {4 P: E# l9 D. S) f+ alogging buffered 51200 warnings+ u% d8 U m0 V S3 e
!
v. s1 i( S. q% |" Baaa new-model) T. X; d1 a) q/ A6 a( R, x
!
: M6 s" F: ~+ M6 d# @!
8 v9 u2 D4 |2 v$ O ]aaa authentication login default local$ ]/ C4 D9 b+ Y* r1 M7 ~% ^
aaa authentication login sdm_vpn_xauth_ml_1 local
0 s2 a0 R/ S" gaaa authorization exec default local 6 o9 U7 \3 b2 J2 @* k5 L# S
aaa authorization network sdm_vpn_group_ml_1 local 8 k4 S& O' _' ^, z5 `
!4 U/ S/ M! a, V. D- G
aaa session-id common& ~5 L* ]% d/ H1 }
!9 Y) O: B5 m0 V6 F& n: w
resource policy+ U& z- E, k1 r
!
1 d1 a: @) e! b: [' A' y; O# Iip subnet-zero
2 g; E6 H1 Z) l!2 v' H: z% y5 d7 x+ |
!
: a' ^7 L! _8 ^4 H1 a+ kip cef
! X/ G+ ?& ?( T; U6 C!
) @8 C9 b |8 I( @9 j- j!
" g, e4 l* P3 S$ ]1 @% L3 M, ino ip domain lookup4 ?/ h9 k/ q, a! E1 t, M! Q
ip domain name yourdomain.com' Y3 @, n( u3 n0 a n' i
vpdn enable7 C4 K; ?) N) y" W# G- e
!/ D' @' _' |0 W7 p+ X- {$ s8 p
!
' a0 k$ G2 S! m' E* Z!) J' ~4 T* I+ V( L
!: D# _. b% v# H: }: j! ^5 W k
!: W! h' |4 X* v" N1 G5 U- D
username fuji privilege 15 secret 5 $1$uhpZ$y2QSd1CNbFQVzEVD/7455/% H# `1 |. v+ v# @/ K* \. ~
!- _* O: c5 Z& T: k6 T" @
!
4 b- r) J6 m$ s0 j* J!3 y; ]2 u4 z @2 d* r
crypto isakmp policy 1$ A2 ~5 U j( O% k- L4 c* m
encr 3des/ [, {) l' E. I, t4 L4 }7 O1 N3 o
authentication pre-share
" U& P; u2 c) v; ^group 2
$ j. Z# j; y/ r( ~; Rcrypto isakmp xauth timeout 15
* S) w! |( p9 T, k; ^!
+ b' }$ h) D3 I9 S8 A; W7 y8 Rcrypto isakmp client configuration group fslvpn
. g- ]2 Y( d2 y8 ekey fslvpn q- z: N# r' C
pool SDM_POOL_4
" e# F! k) p: d. c; _' Amax-users 104 g6 {$ l- s7 ]8 `- y
netmask 255.255.255.0. N. ?( L% h, ^
!9 F) _, e) k$ b6 [# l, k; O
!) y% G% V2 _! D* ^6 \
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac * U6 w/ J _# a$ c
!- X; D& Y8 a; N9 R
crypto dynamic-map SDM_DYNMAP_1 1
" j4 i* Y5 b4 P( f, @, _. ^" \set transform-set ESP-3DES-SHA1 8 h; t2 Q" o4 o N# B
reverse-route
% ^! \. y+ {; X!5 t* x5 s5 I- H# u+ M
!+ C; }( j. ^& |* ]
crypto map SDM_CMAP_1 client authentication list default! k3 P4 r I f' S
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1+ I+ \& L9 U2 D$ y; }5 ]: i2 h
crypto map SDM_CMAP_1 client configuration address respond7 c. n: F9 ]; C7 r* M. n
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 # ]- I% f2 u4 ^# V7 c
!
8 b: `, R& H2 @/ |* I1 l!
/ q. F- h* s* B( I!5 U+ }: j; S+ V$ I$ h+ U7 o, k
interface FastEthernet0/0
& W* l. L/ \( H0 l& M3 O2 A9 Ldescription WAN$ETH-WAN$
: I d! V+ ]/ L% tip address 116.224.131.50 255.255.255.224/ D* O( }2 Z# Z% x. P% f Y
ip nat outside) h9 J8 H7 n$ u2 Z2 F- ]4 a% N" t
ip virtual-reassembly. W3 f) [9 ?7 [3 B0 b" V6 j
duplex auto
+ l4 j. S6 r' ^& {- R, j5 Yspeed auto8 i2 ^8 p3 ^& y. r3 i1 Q5 ^
crypto map SDM_CMAP_1
0 s# |2 F6 t w!" T, ], w$ B% ? N5 M. o/ X) d0 E
interface FastEthernet0/1
# Z" }) m% [" I c0 r c" Edescription LAN" E) E" ~! I- r N& ]$ w7 Q% {- q5 ]& Z& Q
ip address 192.168.1.1 255.255.255.0
# @: P6 o- N& c7 P( Pip nat inside
# d: b1 k7 T( K' t1 F5 x$ i3 mip virtual-reassembly
5 J0 p9 \4 L) @) Dduplex auto% I1 t" O. y; {
speed auto
% ?, O r3 L. f+ T!
& ~9 D1 ]! {. x. e7 tip local pool SDM_POOL_4 10.16.116.1 10.16.116.10
" j+ K: y0 O5 d6 B) {ip classless5 A: k# @" H' h% l
ip route 0.0.0.0 0.0.0.0 116.224.131.330 s6 S9 _( Q5 J1 `7 S p
!9 F! v; Y3 k2 h$ d! h) C2 S
ip http server
8 R4 |; q/ {6 j4 @/ Sip http access-class 23$ X. s9 B7 V0 [. u9 I2 A0 S2 }
ip http authentication local1 k5 ] ?& @ R! S4 E, @! O
ip http secure-server
/ y# u+ b& R, \3 Q5 nip http timeout-policy idle 60 life 86400 requests 10000
0 k2 K/ U+ j( W) x3 [: M6 Eip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/0 overload
! s3 F8 j/ \+ c6 ]" x! d# ~ip nat inside source static 192.168.1.3 222.72.114.233 route-map SDM_RMAP_3
8 v H1 }/ t1 Y% R4 l3 N# D/ j/ P!
9 I3 Q) i, h0 f2 f% y A$ v8 Caccess-list 1 remark SDM_ACL Category=16
# t# g. A" t0 e7 C1 r" xaccess-list 1 permit 192.168.1.0 0.0.0.2553 g. k- I/ g9 o5 y' n" C
access-list 1 permit 10.16.118.0 0.0.0.255
6 G% ^ \2 e& L4 C' V% Caccess-list 23 permit any) E( A' |* {5 A9 B. M" S( A
access-list 100 remark SDM_ACL Category=2- d T$ w7 R, p! P" ?
access-list 100 deny ip any host 10.16.116.1
; y: c% |# e2 n& U; D5 daccess-list 100 deny ip any host 10.16.116.2; S- b! F) G, e$ K( F; z0 N7 c
access-list 100 deny ip any host 10.16.116.3" m# z5 G/ n" ?) R! h
access-list 100 deny ip any host 10.16.116.4/ A6 J% k! _9 t- T4 m& ?* I
access-list 100 deny ip any host 10.16.116.52 v6 Y/ ?- R7 v; V: i
access-list 100 deny ip any host 10.16.116.67 r7 D3 u. f, H% {, s# i
access-list 100 deny ip any host 10.16.116.7! p' y* Y! g; }+ g0 b2 a5 B3 g' q/ n0 S
access-list 100 deny ip any host 10.16.116.80 I9 _/ S: ]5 B8 W& y4 D
access-list 100 deny ip any host 10.16.116.9
1 [1 e; K7 F2 i& _access-list 100 deny ip any host 10.16.116.10
- T8 [# _. u8 s0 b1 A0 c& ?access-list 100 deny ip host 192.168.1.3 any
0 z9 y1 `: H5 w& j+ X4 Haccess-list 100 permit ip 10.16.118.0 0.0.0.255 any1 ]; P8 W- r0 H1 v) O t
access-list 100 permit ip 192.168.1.0 0.0.0.255 any5 x% p d7 z. P3 ^4 T
access-list 101 remark SDM_ACL Category=29 o7 P7 R0 K( f0 Z- E9 w1 j' X8 I8 s/ I+ h
access-list 101 deny ip host 192.168.1.3 host 10.16.116.108 M. K4 K+ g1 q: t' T3 P6 b
access-list 101 deny ip host 192.168.1.3 host 10.16.116.97 P$ W/ M& m3 J4 {) B$ h
access-list 101 deny ip host 192.168.1.3 host 10.16.116.8
( V3 [3 e, A$ M$ [6 o: j6 [0 oaccess-list 101 deny ip host 192.168.1.3 host 10.16.116.7! R, f$ b: M/ D& b. E
access-list 101 deny ip host 192.168.1.3 host 10.16.116.6* e4 j0 m# k# T" V+ L
access-list 101 deny ip host 192.168.1.3 host 10.16.116.59 g2 H5 _+ [% l* X/ U
access-list 101 deny ip host 192.168.1.3 host 10.16.116.4$ C, B+ U$ J' [ M; H: Q/ H/ T
access-list 101 deny ip host 192.168.1.3 host 10.16.116.3
6 B3 _9 A# ^, w; daccess-list 101 deny ip host 192.168.1.3 host 10.16.116.2
: N5 T8 \* e: E9 ]. daccess-list 101 deny ip host 192.168.1.3 host 10.16.116.1
( a3 _: L3 L& I; o6 X0 Aaccess-list 101 permit ip host 192.168.1.3 any. V" W) ?; H0 ?4 k5 _3 S* Y
route-map SDM_RMAP_2 permit 10 v3 A& h( d$ ~) o0 C( i- B; P% E
match ip address 100% M- v* m3 q: D. C3 Y
!* Q& [1 {" U) m7 x& p$ k! o, z
route-map SDM_RMAP_3 permit 1- W5 v4 C: ` v5 H
match ip address 1015 h, G: X# v4 ^+ J/ \9 P
!) d3 \2 W; b& V% o# X+ n2 v
!
6 Z* k" {( ?. [!( G O9 ^* Q5 `2 } u0 b1 h3 b
control-plane
6 E6 G- q2 r2 y" Y9 E! K: h!2 l) Y! [% \' f" u6 |
!4 I6 @% ]) G% [: { e6 ?
!4 c* y* ^( z* ?8 o' f7 `6 f3 p
line con 0
: l/ Q- j/ ^& Y" qline aux 0
; R, { A7 O* N* R0 wline vty 0 4
& c; O: X5 n' maccess-class 23 in
* \+ K' F8 v% qtransport input telnet
- R/ N: U c/ `- z% B% Y* j R; \2 g6 wline vty 5 15$ W9 ^! R: i. v2 M3 F9 |4 R; ^) E
access-class 23 in
8 F( `$ [4 Q0 ^transport input telnet% |1 m4 d% R$ s- \" w% z
! d8 o2 r8 t; o/ R4 s
scheduler allocate 20000 10006 L' ~! d/ J9 {. ]
!7 o5 B; O( C0 Z. \6 e; s" }, {# ~& r& L
end |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
