想在下面配置基础上 加一个VPN拨号, 现在的问题是 拨号成功 可以获取到10.0.1.1/24的IP地址 但是转发不出去. 求指教.
9 g3 c! K& Y( v* v6 {' X/ q# |- H. ^7 |2 d$ Z4 P! v
3 G/ L1 f0 T/ k+ D# `8 C
resource policy7 |( g0 b. V/ v, ?
!
: C- z3 _ Y; ~" K: ]# `+ |ip subnet-zero; q2 h7 N1 u- Q! q+ H/ _1 u
ip cef. b9 I! _! F$ `2 l3 x. | c K
!
* d' ?7 _! O6 [, A7 i' b4 E!
& h( H! ]! E: c; Q. z: ~+ }9 f: N) p: ono ip dhcp use vrf connected. i. M# J+ \" G' J1 C7 D4 ]
!) F4 r. l. m. n+ Y% [
!
/ z& o- _2 ]" Q3 \5 `/ s* _: v5 P7 kno ip ips deny-action ips-interface! D9 l3 i% g4 ~! U; S) ]
vpdn enable7 K4 Q& l7 V6 [" x& ` z: B! m
! z" z$ [, C5 q6 c, ]) i
vpdn-group 1
3 g% B Z& ] }: t8 g- L! Default PPTP VPDN group9 u' `9 r* N* O
accept-dialin
. z! z# Q7 M$ i5 @: K- x( y: E protocol pptp6 S( m$ _3 o4 y
virtual-template 12 Y* q6 L) z) C) A2 A. Q
4 j$ r. V. a! i5 J5 x$ V; V8 \0 j!3 R( J/ U0 ]0 v! g0 {
interface GigabitEthernet0/23 L0 ~/ {& \- B! s- i
no ip address
1 ~2 P# Z+ W( b$ |$ x% \ ip broadcast-address 0.0.0.0
; r6 J* a- D {( g6 P duplex full
" n) C3 k# x# X1 D speed 1000
( M* I+ a' J3 a* Z( e: U+ k; B media-type gbic
8 z, _; {' j& [0 R& o no negotiation auto S" K. t- B0 o0 P- R7 U
!
& h- Y$ a, v+ ^/ B% P9 ?interface GigabitEthernet0/2.1! ]: |8 `' m( s1 b0 S4 d8 b
encapsulation dot1Q 105
- |. a0 t2 s* j( }3 b) v7 | ip address 123.123.123.4 255.255.255.2243 n' C7 T. w2 A f# q
ip nat outside
( I+ r. {: p5 S. g ip virtual-reassembly
4 Q x8 ?* w! f- s no snmp trap link-status3 ]% g+ r5 D! d9 U
!
# ]# |) y8 K- d) t" `6 Ointerface GigabitEthernet0/2.27 P( K3 D% M# k/ E
encapsulation dot1Q 3045 m4 o+ K: d+ ~1 B$ {
ip address 172.172.172.200 255.255.255.240
) k. g! I, t7 J% ]/ x ip nat outside
l4 v$ V; Q8 E8 r1 f. W3 x ip virtual-reassembly- P/ e, T! n3 `1 T7 t$ u$ |& m+ Z
no snmp trap link-status0 \' a0 t2 @ U/ m% q8 f4 y3 J: i
!
$ F# E5 }# t6 J, I: finterface GigabitEthernet0/2.3# \. k+ |& \2 D# o8 X# j
encapsulation dot1Q 401" w* H7 H, ~3 ~/ c( w4 N
ip address 136.136.136.140 255.255.255.240, d* b% O; i9 W7 Y( X# k
ip nat outside
4 |, S; o5 w; i, U' R ip virtual-reassembly
: [9 a w4 j1 }3 O+ _! D" z no snmp trap link-status
; F |% i5 V; v- N!; T- A+ _* [' w* U3 M, @$ j
interface GigabitEthernet0/3
9 J% t, I% i1 t& Z! j" G+ b no ip address
6 n4 ?$ I+ o& ^1 Q s3 M duplex full
0 g7 k. g9 F9 Q) P+ e+ M speed 1000
+ v& J/ ?& D. d" Q3 z media-type gbic
* [( |; O# Y' _* c$ R* R @" j no negotiation auto
. {: ]1 v: F8 `7 p& V3 R!2 T0 f; b6 b% T8 x2 E# E
interface GigabitEthernet0/3.1( u* u$ V o- j+ q
encapsulation dot1Q 501
; @, M+ a2 W# v* f* P ip address 10.0.0.1 255.255.255.0
/ }/ C1 ]0 x; J+ G; l+ e ip nat inside% X& Q: \1 p' h
ip virtual-reassembly6 m2 |3 c2 o5 f6 S i
no snmp trap link-status
. E* {5 \! c: t5 q0 V2 M " G0 Q( H7 B& |" C! w
!5 w+ U. x; r8 ~. j
interface Virtual-Template1 3 h# }' W/ U) ]0 I
ip address 10.0.1.1 255.255.255.0- @" y0 n5 d4 h6 T1 V" q$ n( J
peer default ip address pool VPNDHCP% k9 a: ]3 |6 s+ I
ppp authentication ms-chap& ?. K. K/ \1 ^
!
( u1 ?: N% O0 k5 Z1 d! aip local pool VPNDHCP 10.0.1.100 10.0.1.2009 ?' n L8 j7 F
ip classless
1 }0 s, p$ J2 ~3 h3 i0 Kip route 0.0.0.0 0.0.0.0 123.123.123.1( B d: K2 l, |6 j6 x, y
ip route 10.3.0.0 255.255.0.0 172.172.172.193
' {8 R! Y% Z) x) K- kip route 132.0.0.0 255.0.0.0 136.136.136.129
; G2 w! v6 q4 |8 [' B7 F8 n2 rip route 136.0.0.0 255.0.0.0 136.136.136.129/ |& y/ y' L. j# f) @) w8 q, F
ip route 172.0.0.0 255.0.0.0 172.172.172.193* n* Y6 b. \ X" @7 i! i( a
no ip http server9 P3 A# d) i+ m: x2 _
no ip http secure-server
/ u. l6 `4 B% a4 s* _- W!
& [5 E; L" A- C, a!
' L/ i1 m$ n1 \" Q5 T/ E8 i& C# Hip nat inside source route-map dcn interface GigabitEthernet0/2.3 overload/ z+ \, i% q( H0 Q1 S
ip nat inside source route-map internet interface GigabitEthernet0/2.1 overload. F/ v& T3 x1 a
ip nat inside source route-map oa interface GigabitEthernet0/2.2 overload$ @5 z% K( X7 {9 O I! D0 r
!4 C5 C' v1 Z T) d: C
access-list 101 permit ip 10.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255$ Y6 m% L1 [" F6 X1 [4 g+ C9 O
access-list 101 permit ip 10.0.0.0 0.0.0.255 10.3.0.0 0.0.255.255$ X+ z, A* k! X4 \! T" [6 J
access-list 101 permit ip 10.1.1.0 0.0.0.255 10.3.0.0 0.0.255.2554 {3 l) [' t$ [1 Y
access-list 101 deny ip any any" g3 M% F5 Z7 t4 o/ e
access-list 102 deny ip 10.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255
8 G+ L+ z9 s5 W3 p7 j( d& t4 w# ?access-list 102 deny ip 10.0.0.0 0.255.255.255 136.0.0.0 0.255.255.255
% M/ Z- T7 Z9 i+ s: x/ Kaccess-list 102 deny ip 10.0.0.0 0.255.255.255 132.0.0.0 0.255.255.2555 Z' V+ }, Z/ Z# n: V: u! ^8 d3 H
access-list 102 deny ip 10.0.0.0 0.255.255.255 10.3.0.0 0.0.255.255
3 u+ g8 {8 |5 ^% W x+ Uaccess-list 102 permit ip any any3 |7 r+ V2 j' f) x' y0 N# l
access-list 103 permit ip 10.0.0.0 0.255.255.255 136.0.0.0 0.255.255.255
3 b1 s+ d" ?& {! }# Saccess-list 103 permit ip 10.0.0.0 0.255.255.255 132.0.0.0 0.255.255.255! V# Z& J" \. a* g6 n# F
access-list 103 deny ip any any
. z# Y4 k; n r! 6 N# {2 a' X+ E
route-map oa permit 10: j) t3 j7 R- y$ T- l) d
match ip address 101 104 111 114
) d! n/ K7 m; W% I!
' u& g# Y3 B* `0 `# lroute-map internet permit 103 g9 h$ Q. y( R3 p, V. I
match ip address 102 112) B" V: v8 J) w$ r. ?2 D/ l
!
1 L n* ]5 M3 A2 lroute-map dcn permit 10
& `) N+ t/ F/ ^. L: Y9 f% h& j: n+ Q match ip address 103 113
# a$ u% B+ b9 \) T% G1 W; d/ R3 g!- J' |( O2 w, m
!
# w5 H& j# n& `) B" a$ I) G!- d- c/ }) b' P8 ?* G) X& C
!: n$ ^; J. J% u" p
control-plane
( @$ A. R- M B0 Y# L!4 o* P0 d& w4 P
!
% R5 [, v# B2 z4 Z/ J# Q!
, ^( u3 n: `( I) ^$ C6 Z!
7 V$ J: C; V7 N!( l+ z6 J4 ]% M* M! K( I
!" p% J4 v5 r4 n/ x9 ]2 m
gatekeeper; r/ X2 t. [& s! Y9 B
shutdown
, i% r) y8 Z/ b) B!; m5 h) k$ }! U- x; X
!4 c. o5 c! ?* t6 x7 g+ R. Y
line con 0
1 p& R( Z7 T7 c. d stopbits 1$ h; r, S- G% H: O' n& F( e& ^/ l. n
line aux 0
* W5 b* S; p+ m5 @+ p" `8 { stopbits 10 |: r5 Y6 E: L8 n2 U9 i' D* Z
line vty 0 4
" }2 b2 o' j0 m9 l% z& P: N password cisco( T; U/ f/ w2 g3 u* K
login
/ N& N+ _0 Z Q, w# W4 L$ N!; @, ~/ |: m% Z+ c- h8 ]) p5 Y
!2 L. |+ K$ X/ g9 H
end |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
