|
|
本帖最后由 fengzi110 于 2010-5-25 08:58 编辑
环境
内网IP:192.168.0.9/24(trust)
外部IP:电信给的公网IP(untrust)
VPN地址池:192.168.0.200 192.168.0.230
L2TP VPN 配置:
l2tp enable
#
aaa
local-user admin password simple ABCabc,
local-user admin service-type ppp
local-user admin level 3
ip pool 1 192.168.0.200 192.168.0.230
#
interface Virtual-Template 1
ppp authentication-mode chap pap
ip address 192.168.1.100 (奇怪这个是默认设置的,不能设置跟地址池一个网段)
remote address pool 1
#
firewall zone trust
add interface Virtual-Template 1
set priority 85
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 1
包过滤规则
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
做好以上配置之后
客户端拨号连接上VPN后不能访问内部192.168.0.20 WEB 服务器
VPN客户端不能访问内网的所有机子
请高手指点下
补充下 目前的路由设置
<Eudemon>display ip routing-table
Routing Table: public net
Destination/Mask Protocol Pre Cost Nexthop Interface
0.0.0.0/0 STATIC 60 0 x.x.x.65 Ethernet0/0/0
x.x.x.64/26 DIRECT 0 0 x.x.x.67 Ethernet0/0/0
x.x.x.67/32 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0
127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
192.168.0.0/24 DIRECT 0 0 192.168.0.9 Ethernet0/0/2
192.168.0.9/32 DIRECT 0 0 127.0.0.1 InLoopBack0
192.168.1.0/24 DIRECT 0 0 192.168.1.100 VT1
192.168.1.100/32 DIRECT 0 0 127.0.0.1 InLoopBack0
接口信息:
[Eudemon]display ip in br
*down: administratively down
(l): loopback
(s): spoofing
Interface IP Address Physical Protocol Description
Aux0 unassigned down down HUAWEI, Eudemon
Ethernet0/0/0 x.x.x.67 up up HUAWEI, Eudemon
Ethernet0/0/1 unassigned down down HUAWEI, Eudemon
Ethernet0/0/2 192.168.0.9 up up HUAWEI, Eudemon
Ethernet0/0/3 unassigned down down HUAWEI, Eudemon
Ethernet0/0/4 unassigned down down HUAWEI, Eudemon
Virtual-Template1 192.168.1.100 up up(s) HUAWEI, Eudemon
注:x.x.x.x 是电信IP |
评分
-
1
查看全部评分
-
|
发表于 2010-5-25 00:50:21
发表于 2010-5-25 07:30:47