
设备:cisco 1941! k6 r/ V2 q3 o2 o6 T1 i0 J$ ]" {
端口:fa0/1接ADSL fa0/0接内网
! M9 ~0 [ f- E1 MIP网段: 内网192.168.1.0 分配VPN 192.168.199.0& z% x. m* Z& R6 y
配置! V% R- p1 ~' ]' }; C" ?
Building configuration...; \, X, I! b8 S
Current configuration : 5533 bytes
R, I/ j- C* I# K& e!
- i* P' m/ u6 Z+ ]0 E. Oversion 12.4
$ i7 V( P# ^9 F; b6 C( \, ~service timestamps debug datetime msec; Y) Q2 F4 H* n, U1 G" X; @
service timestamps log datetime msec5 h0 g' P. _- c. }; g+ `+ ~! O8 `8 V
no service password-encryption: J9 G4 \1 X7 Y
!# Z4 _' K! w" G1 E, N# {+ i4 w
hostname wingo: O/ L& {; y3 z4 q+ q/ J" }
!
) ]$ X& `+ V2 a- Y1 b$ ^# Sboot-start-marker
, J$ ~, X" R. D1 ]- M+ w" i( {boot-end-marker
, {# E- t$ @ P! ]3 j/ Y!
j3 G- f8 Z+ y! d( X( L: Qlogging buffered 4096 debugging
% R# I8 g6 E8 y" k# R$ E3 q% e9 f8 Denable secret 5 $1$/9kG$8nQUz5gffWzZbzoMh24Z//
6 ]( |+ x1 c. I/ a+ j% f8 R!$ d( ^- e" b) ` L3 V( O7 A
aaa new-model
" T- `' N+ Y0 b7 D!
6 j$ j6 @/ J! m9 K; _!
% a9 Q7 J! n% R/ @5 A0 Q1 haaa authentication login default local
6 v1 p* o# c! w8 \7 K# Maaa authentication ppp default local5 o! b: V/ I. p
aaa authentication ppp vpdn group radius
1 m( a% H1 t3 Baaa authorization network default group radius 5 \7 }4 \+ Q: [' M7 m
aaa accounting network default start-stop group radius
) Y8 b5 p2 M" u* j% }' d% T9 O* I!
, ^( v" H7 q/ c" p& U, taaa session-id common' B2 p' Z: d3 s6 c* i2 z, g4 u) ^
clock timezone PCTime 80 b9 f" P8 j" X" D
ip cef! n9 y1 u- T) v" J3 G
!
j: h# w8 i1 M! N7 Y2 A!+ Y+ K2 z9 ~& X& O# W& g
!
4 y& I( A! N5 y# g!
' b. I, [! ^9 U" T. c% Eno ip domain lookup3 l; I1 t" Q4 t, Y/ U
ip domain name yourdomain.com+ ~, z% C, r2 W( A- m; I4 `! q; L+ d
ip auth-proxy max-nodata-conns 36 @* Y+ x$ G6 y$ \. b: i
ip admission max-nodata-conns 3
! _0 G) U, b; \" R9 |* g: vvpdn enable' t4 t- k# Q/ b2 m
!4 ?4 P: M1 |3 O) Y4 a
vpdn-group 1" r# O) Q" u' _# f5 @
! Default L2TP VPDN group3 [4 q+ W! b( q y3 p: n5 s7 e0 l+ ?
accept-dialin$ z: U) m3 x" U4 k0 _
protocol l2tp
& a2 ?4 r/ W( Q+ b4 H virtual-template 1
' U7 l8 f, |% j' k2 V4 o2 a( Vno l2tp tunnel authentication
0 M8 l4 z2 @ ^7 X& G% p8 o5 a; z!" F( ?& ?5 d; ^) X
!4 U& b$ i( J5 _. ~7 A1 q9 `# F
!% m( m8 G% O0 J% N7 H! s4 O/ O
!/ R* G% S, T( F3 x& @
username wingo secret 5 $1$hPn3$DxSDpG7DBqI/Jpo86opzp0
4 e1 L$ m" @' k% H# Q D0 j7 ousername poison privilege 15 secret 5 $1$lHU/$UG27fhUr4knGmskgXe0Xv/
% u2 O) h+ r& T1 U4 [$ z2 R!
8 \9 m+ }, s/ r!
* a* G) B; c" l3 {/ d# s!+ }5 j' ?3 g9 q, y" g/ X% K
!( r" g) M u) Z2 ]
! 2 T) M6 U# @# i) w$ H
!: k! g& E2 m! X, I% G9 [
!
! n7 W+ a* ?. j1 l!2 I$ r- ]( z1 B7 z) X, K! c* N
interface FastEthernet0/0
6 v+ y3 U# K9 F+ u; J" C" }0 Y0 q& ~. udescription to LAN$ETH-LAN$6 o/ n: g8 ?# g4 B% N6 M8 Z
ip address 192.168.1.1 255.255.255.0% V, S( B e; ]
ip nbar protocol-discovery. A. @0 p8 |) ^7 D
ip flow ingress' {+ S: P3 V& D8 l8 V6 S
ip flow egress
$ X0 I c# z9 f, |ip nat inside
- S3 I. a5 t7 g2 U1 ^* Oip virtual-reassembly
4 N, j9 U v2 d0 M$ O% Q$ V# Bip route-cache flow I" {+ \$ P8 [$ o+ j
no ip mroute-cache5 b. \* S: h+ s7 ~* ]& u) e4 k8 W. U7 ~
duplex auto
* R; m& O9 W4 L2 ]" p2 G! t% k/ i/ Zspeed auto. }$ @5 Q; K3 n/ J0 o& v
!- V9 y7 V9 K7 v9 g, ~
interface FastEthernet0/1" h9 P4 ^$ r( X9 O
bandwidth 20483 q7 |5 \8 D9 [ X* O+ s
no ip address
& a, a" |3 `1 s5 E1 ]duplex auto
0 z3 t/ ?# l, Z1 x/ B) K! x$ a. d2 Ospeed auto+ ~4 M/ t/ _0 a9 p( E t0 m4 w! q4 T
pppoe enable group global
8 h+ ]! {2 c7 S3 jpppoe-client dial-pool-number 1
& ~+ |5 ~& a0 Z7 ]! E( l+ w$ s6 O
interface Virtual-Template1* L) C' b. q3 B' @
ip unnumbered FastEthernet0/1
( U+ r8 y. }5 [$ W, u/ k/ V5 o. Fpeer default ip address pool vpn-pool$ }( \% d2 q: D* c
ppp authentication chap vpdn
: |1 Y( Q* w+ J9 W5 d6 r!
7 _' l4 s& n; @; M& g8 [interface Dialer1- Q4 M- B0 J. \
bandwidth 2048
! n; z7 O5 [3 L4 H p" \ip address negotiated
. L D. j, p/ e! Y2 V/ mip mtu 1492 `# X. Y& y' T# l5 o$ O6 J
ip nat outside
6 Y) f; w- t aip virtual-reassembly
) J5 a; Z `8 ]' \encapsulation ppp \- G. r$ X, k* e! V
no ip mroute-cache
: b4 v; ~+ e8 p5 |6 `0 tdialer pool 16 j3 ^) Z- t$ w8 Y- v
ppp authentication pap callin
) n8 {2 F6 h! ]& |9 u. jppp pap sent-username ****** password 0 *******
, ^( V% x! }8 K# @ F!: ]; A3 t) m) r
router eigrp 100
* H# M' S9 L3 W0 J% [6 Pnetwork 192.168.1.0- M# g% X! f U
network 192.168.199.0
! Q; Z+ e' j' d" M! v* n3 o- N( pauto-summary
3 b: G: P3 w, r8 a% O: f!
# j% E& F6 [4 Q2 l$ Pip local pool vpn-pool 192.168.199.2 192.168.199.38 O1 S. w, g: m& W0 _ W
ip route 0.0.0.0 0.0.0.0 Dialer1
4 X5 d* |, e) ?. {; _$ U! 4 ^9 t' ^2 Q# ^4 R7 I8 P
!# r! H, a8 r, f7 ?5 k
ip nat inside source list 1 interface Dialer1 overload
$ J; g, Y4 i' Y9 ~!* F: F5 f; ?+ g
!: u7 g2 Y: I8 |8 W" w+ Q
access-list 1 permit 192.168.1.0 0.0.0.2551 N7 L. G- z, t, l( [
!) k/ D! c1 @9 } V8 F" n
radius-server host ***.***.***.*** auth-port 1812 acct-port 1813 key ******
% k; N# n2 D# v8 N; e!
3 R8 f! ~6 K# y0 x4 g; s8 j4 E3 wcontrol-plane
9 \$ I: F( @2 v* e!7 L( j7 [1 | O3 j( q/ a
!
) {1 ^8 J1 g0 ?& e/ x$ zbanner login ^CThis is wingo router cisco 1841^C! Y7 o( r5 x- r
!' ]4 x+ X( Y, J$ \9 ] J( \
line con 0& G+ K, P/ C8 O' M1 x
line aux 0* J h: a# |0 |( K" M; Y( U v
line vty 0 45 q1 K9 z: D" H
privilege level 15+ k$ d: Y- R; t# |: i; O
password wingo
* A7 _/ v% a- |: Utransport input telnet
& e4 @% B4 C; ]!
1 E* \4 V; Y G4 sscheduler allocate 20000 1000
6 H6 l- ^1 S a6 J( tend
) e- ^8 b3 N$ t% F& G5 h问题是远程PC用VPN连接入VPN服务器之后只可以PING得通192.168.1.1。但PING不通内网其他的机器!还有就是VPN服务都不能PING得通远程PC! |
|