
想在下面配置基础上 加一个VPN拨号, 现在的问题是 拨号成功 可以获取到10.0.1.1/24的IP地址 但是转发不出去. 求指教.$ R6 M$ ]: V- n* [- T
2 A9 ]6 M# c0 ?; s0 |
e) g b5 ^# l$ Q2 _) y* [resource policy, @3 m3 M! _! D( f, H
!
: X1 p) ?4 T- e, f. A) Zip subnet-zero
. U% d# a \9 }ip cef
) X6 a0 b9 a4 f/ @/ i8 { T0 m O* W!5 r( n# H, V/ S4 o. }: w* z3 J
! 7 o( c8 |* f" k
no ip dhcp use vrf connected
9 m* x- o6 f: v6 M!
: k/ q! y, E6 k+ x7 R!
4 i" O) o; [0 w% t+ j& B. Nno ip ips deny-action ips-interface
. v9 N( B( b' t9 M4 @4 uvpdn enable" P* p, |6 P1 Q& D* ~( X
!
, V. i0 K1 W& x9 Y+ }* S" u; e3 Qvpdn-group 1) b8 O2 H9 x. V3 ^, }3 v( c1 F' h
! Default PPTP VPDN group
2 F) D( A8 C' g3 A1 z5 X2 Y' j accept-dialin& Q3 S$ _( V0 c, q
protocol pptp* o# z+ I, ~. v+ L d
virtual-template 1
& u. a5 Q0 `" g/ V3 L2 \5 w% u- A# y
* ~7 A9 T" a Q! d9 D8 I!4 h6 s6 ]) O4 Z4 F5 h4 c9 O
interface GigabitEthernet0/2# Y( Q- k: M) x) w3 H! l# [8 v
no ip address) U6 h( N/ k0 x" z) P
ip broadcast-address 0.0.0.0
0 e- K" q2 Z% i duplex full
" ~" S5 y0 I) P9 `" M" K* U speed 10004 f: A/ d$ K. e7 `/ l
media-type gbic$ I) f- K1 w5 j& k( \
no negotiation auto$ w( E# v2 U5 L+ D8 W3 B% a$ W
!: p& V! n( @- J9 h7 t; A/ y
interface GigabitEthernet0/2.1( t9 H3 [ I8 M' W( T6 Q5 U9 Z
encapsulation dot1Q 105
# K5 T9 O6 C! c. n% I ip address 123.123.123.4 255.255.255.2248 Y$ u: ?8 k1 g
ip nat outside
: Y5 Q! H4 A2 J$ y, r ip virtual-reassembly
7 C6 y R6 B& l ?- U% c+ ] no snmp trap link-status7 W$ E; g" u4 U& p8 i1 ~( I) _$ S
!
6 d; V, a' a) v0 ^/ ?# N5 qinterface GigabitEthernet0/2.26 @5 G, r& \4 j" \! L
encapsulation dot1Q 304
+ v$ [# I @/ ^1 c6 U7 ^. @ ip address 172.172.172.200 255.255.255.240
7 v, B2 B. U; s: U5 O! I3 V ip nat outside
' ]6 y' c4 P4 h' y& b- w% A ip virtual-reassembly' ]. p) Y. `! n9 S' ?
no snmp trap link-status
' y1 [' c* |/ f* b0 {!
- H/ w2 J5 ^) w! }; Rinterface GigabitEthernet0/2.3
* u5 X |; \. ~ ?. j: H. \7 z encapsulation dot1Q 401
4 F( l T# q! a ip address 136.136.136.140 255.255.255.240
8 G4 h/ f& G- L! h: ^ ip nat outside
- i( b" y8 E- \2 q7 J9 k0 p* N ip virtual-reassembly
i! h- Z9 `' T6 Y) |* @0 a9 A8 P- [ no snmp trap link-status, i3 a* l# C5 |
!
! c" E& s! n" Y4 yinterface GigabitEthernet0/3- B( `; V8 L7 Q" _7 t8 M3 `! C
no ip address9 h5 {* G. `3 H$ F
duplex full
' A5 k3 W$ [; o, H1 A1 M speed 1000
! u; U b' F5 D+ }, ~ media-type gbic! R9 s4 T* s- ^& V" T
no negotiation auto
; a/ n6 f' w; }7 T r( D" @!
: a# @4 ~8 y' m, Dinterface GigabitEthernet0/3.14 p; o# w1 Z3 D- W& \9 X& T
encapsulation dot1Q 501; _2 ^9 H5 S' i2 u
ip address 10.0.0.1 255.255.255.0
' x/ J3 n5 i ~! V3 A7 h3 H ip nat inside4 I4 {; d- R* i" _
ip virtual-reassembly
' H# e5 C! o9 V# {( L7 y no snmp trap link-status
" b0 s6 Z2 J! e9 a" n' s * b* |0 Z( z! [" h8 @* V
!
. i2 Y2 i3 _' @/ F0 k A/ |' R4 sinterface Virtual-Template1
, y! E9 R$ z6 T! ^ ip address 10.0.1.1 255.255.255.08 b8 W8 z& C5 w/ d8 z7 p2 w, ]& }
peer default ip address pool VPNDHCP
' e6 ?* h+ D% b6 q ppp authentication ms-chap
! ~7 r8 c& U2 y5 q0 o6 j!# O0 e7 `9 U# `) n$ N7 l
ip local pool VPNDHCP 10.0.1.100 10.0.1.200+ ?! B9 T* N/ @1 W
ip classless3 ]& c& p6 j% C+ y
ip route 0.0.0.0 0.0.0.0 123.123.123.1
' { e3 h) K9 K) w6 }ip route 10.3.0.0 255.255.0.0 172.172.172.193# `' f u1 q9 }4 ~0 K: S
ip route 132.0.0.0 255.0.0.0 136.136.136.1295 x: \0 v3 G8 c8 W P" }
ip route 136.0.0.0 255.0.0.0 136.136.136.129
7 M; b0 x( U' W- F L& _. ~ip route 172.0.0.0 255.0.0.0 172.172.172.193
5 ^1 V' m5 O/ p3 I9 c6 Rno ip http server7 `4 x# b6 S* R; u. t" ^6 M
no ip http secure-server& X1 |, a6 F$ Y# U' w0 h3 Q0 b
!1 _) \7 `* s2 N$ c
!* h6 ~8 j* b( i- F+ W4 f
ip nat inside source route-map dcn interface GigabitEthernet0/2.3 overload: N: o0 g9 N) M! u$ @5 z( ?% v
ip nat inside source route-map internet interface GigabitEthernet0/2.1 overload
- p8 t9 n: I2 Wip nat inside source route-map oa interface GigabitEthernet0/2.2 overload
, d- N- @9 h$ D. v# i!4 U) w9 ~7 `- Z4 w8 E8 U
access-list 101 permit ip 10.0.0.0 0.255.255.255 172.0.0.0 0.255.255.2552 F1 P+ E3 e, j* [( C, ^
access-list 101 permit ip 10.0.0.0 0.0.0.255 10.3.0.0 0.0.255.255: g9 V5 e! C) h- D. E/ \
access-list 101 permit ip 10.1.1.0 0.0.0.255 10.3.0.0 0.0.255.255
2 s5 j9 m+ W, e4 S D% D; iaccess-list 101 deny ip any any
: b+ L) ~% ?7 _% M+ J. k& raccess-list 102 deny ip 10.0.0.0 0.255.255.255 172.0.0.0 0.255.255.255+ Z; o) `' [9 c* C4 [! H
access-list 102 deny ip 10.0.0.0 0.255.255.255 136.0.0.0 0.255.255.2551 L3 h5 Y/ A& H9 F) u+ N7 w
access-list 102 deny ip 10.0.0.0 0.255.255.255 132.0.0.0 0.255.255.255* P. I7 i' {2 y' l: j
access-list 102 deny ip 10.0.0.0 0.255.255.255 10.3.0.0 0.0.255.255" @% o0 v( X5 a
access-list 102 permit ip any any4 r1 v. N$ w( z+ w
access-list 103 permit ip 10.0.0.0 0.255.255.255 136.0.0.0 0.255.255.255" q4 j$ {$ E( f
access-list 103 permit ip 10.0.0.0 0.255.255.255 132.0.0.0 0.255.255.255- {" e" C+ n5 P' L+ m# Q
access-list 103 deny ip any any
2 @$ t& s; E& W: A+ B+ s F! u' E3 d; _# i+ X1 \" \. I
route-map oa permit 10
- ^2 h" a+ T E7 q2 @ match ip address 101 104 111 114* [' C' L* V# S9 N9 }. k
!
; s3 L$ I' E) P0 r4 O mroute-map internet permit 10
. ]. j; h. a. z' |: w% e6 K9 { match ip address 102 112
* o' T4 Q& ~8 P# {* J1 \1 h!
2 u6 Z' O3 ^: C( c0 i3 m5 Rroute-map dcn permit 10
) N% F% p! { p+ E: V* a match ip address 103 113
5 e3 L3 [6 S# [$ x!
0 `* Z" D% g! F$ W$ b+ ~!
) V' H$ f# A' K5 J* h- n!% b2 a0 N; N/ d2 w
!
2 {, @/ ~0 L9 T* @1 jcontrol-plane/ i" Z8 ~" `" p# ^
!9 X9 \! r1 C" t" z5 l& U
!6 j6 b: y. |9 s& b
!
) v$ T# z [6 Q7 A!
6 \, U- c5 b) \. M!4 R* W o7 E8 J' _, \
!
6 O4 R; @% [0 a& @. |3 P7 Jgatekeeper8 m% l; W+ M8 J T% _& a/ Y
shutdown
; \# W$ x7 ~& K2 L0 G1 G+ F6 P!
( Y1 J6 b7 ?& r9 B# f!
* a! F \' H. iline con 0
/ f( W7 L& u( R, I stopbits 1
- o! z1 R) J1 s3 w: fline aux 05 R! t0 o" @1 j( y
stopbits 1
, \: D! n: L2 v6 C; gline vty 0 4
( r+ C, |( g4 H" S password cisco0 M; P5 ?7 y8 E8 b0 ~
login
: B' v1 v% c6 R!3 j8 j2 Q) s% W( q! u) \( j4 ~
!# `% I( f# @6 d2 f2 K1 @9 ]
end |
|