forum.opennet.ru

Составление сообщения

Исходное сообщение

"Связь филиалов PPTP + NAT"
Отправлено DrShooter, 01-Сен-09 11:06

  Как и обещал - выкладываю рабочие конфиги цисок клиентов и сервера, для соединения представительств через VPN:
Конфиг Cisco VPN сервер *****************************************************************
Building configuration...
Current configuration : 5576 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication ppp auth-list local
!
aaa attribute list pptp-list-user
attribute type addr 192.168.0.230 service ppp protocol ip mandatory
!
aaa attribute list pptp-list-user1
attribute type addr 192.168.0.231 service ppp protocol ip mandatory
!
aaa attribute list pptp-list-user2
attribute type addr 192.168.0.232 service ppp protocol ip mandatory
!
aaa session-id common
!
resource policy
!
clock timezone Moscow 3
clock summer-time Moscow date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
!
!
ip cef
!
!
ip flow-cache timeout active 1
ip domain name my.com
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
!
!
voice-card 0
no dspfarm
!
!
!
crypto pki trustpoint TP-self-signed-3759590078
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3759590078
revocation-check none
rsakeypair TP-self-signed-3759590078
!
!
username Ciscoadmin privilege 15 secret 5 *****************
username vpnuser password 7 ***************
username vpnuser aaa attribute list pptp-list-user
username vpnuser1 password 7 ***************
username vpnuser1 aaa attribute list pptp-list-user1
username vpnuser2 password 7 ***************
username vpnuser2 aaa attribute list pptp-list-user2
!
!
!
interface Loopback1
ip address 192.168.0.10 255.255.255.0
!
interface FastEthernet0/0
description WAN$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
ip address xxx.xxx.xx6.206 255.255.255.248
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN$ETH-LAN$
ip address 10.100.2.254 255.255.252.0
ip route-cache flow
duplex auto
speed auto
!
interface Virtual-Template1
description PPTP Server
mtu 1450
ip unnumbered Loopback1
peer default ip address pool test
no keepalive
ppp authentication pap chap ms-chap
ppp authorization auth-list
!
ip local pool test 192.168.0.230 192.168.0.250
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xx6.201 - роутинг на шлюз провайдера по умолчанию
ip route 10.10.0.0 255.255.0.0 10.100.0.1
ip route 10.100.4.0 255.255.252.0 10.100.0.1
ip route 10.100.8.0 255.255.252.0 10.100.0.1
ip route 10.100.12.0 255.255.252.0 10.100.0.1
ip route 10.100.16.0 255.255.252.0 192.168.0.231
ip route 10.100.20.0 255.255.252.0 192.168.0.232
!
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 10.100.0.9 9996
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 10.100.0.0 0.0.3.255
access-list 23 permit xxx.xxx.xxx.104 0.0.0.3
access-list 23 deny   any
access-list 23 permit 10.10.0.0 0.0.255.255
snmp-server ifindex persist
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179900
ntp server 10.100.0.5
!
end
Конфиг Cisco VPN клиент *****************************************************************
Building configuration...
Current configuration : 5047 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
clock timezone Moscow 3
clock summer-time Moscow date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.100.16.1 10.100.16.199
ip dhcp excluded-address 10.100.16.231 10.100.19.254
!
ip dhcp pool LAN
   import all
   network 10.100.16.0 255.255.252.0
   default-router 10.100.16.1
   dns-server 10.100.0.5 10.10.1.15
   lease 7
!
!
ip domain name my.com
ip multicast-routing
vpdn enable
!
vpdn-group 1
request-dialin
  protocol pptp
  rotary-group 0
initiate-to ip yyy.yyy.yy6.206 - адрес циски сервера PPTP
!
!
voice-card 0
no dspfarm
!
!
username ciscoadmin privilege 15 secret 5 ********************************
!
!
interface FastEthernet0/0
description LAN$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
ip address 10.100.16.1 255.255.252.0
duplex auto
speed auto
!
interface FastEthernet0/1
description WAN$ETH-WAN$
ip address yyy.yyy.yy8.106 255.255.255.252
duplex auto
speed auto
!
interface Dialer0
description PPTP Client
mtu 1450
ip address negotiated
ip pim dense-mode
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp eap refuse
ppp chap hostname vpnuser1
ppp chap password 7 **************** - пароль для VPN (bp него назначается IP)
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap refuse
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.100.16.0 255.255.252.0 FastEthernet0/0
ip route yyy.yyy.yy6.206 255.255.255.255 xxx.xxx.xx8.105 - роутинг на циску сервер через основной шлюз провайдера
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap warnings
access-list 23 permit 10.100.0.0 0.0.3.255
access-list 23 permit 10.10.0.0 0.0.255.255
access-list 23 permit 10.100.16.0 0.0.3.255
access-list 23 permit xxx.xxx.xx6.200 0.0.0.7
access-list 23 deny   any
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
line con 0
login local
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17179900
ntp server 10.100.0.5
!
end

Исходное сообщение
"Связь филиалов PPTP + NAT" Отправлено DrShooter, 01-Сен-09 11:06
Как и обещал - выкладываю рабочие конфиги цисок клиентов и сервера, для соединения представительств через VPN: Конфиг Cisco VPN сервер *************************************************************** Building configuration... Current configuration : 5576 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Cisco ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication ppp auth-list local ! aaa attribute list pptp-list-user attribute type addr 192.168.0.230 service ppp protocol ip mandatory ! aaa attribute list pptp-list-user1 attribute type addr 192.168.0.231 service ppp protocol ip mandatory ! aaa attribute list pptp-list-user2 attribute type addr 192.168.0.232 service ppp protocol ip mandatory ! aaa session-id common ! resource policy ! clock timezone Moscow 3 clock summer-time Moscow date Mar 30 2003 2:00 Oct 26 2003 3:00 ip subnet-zero ! ! ip cef ! ! ip flow-cache timeout active 1 ip domain name my.com vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! ! voice-card 0 no dspfarm ! ! ! crypto pki trustpoint TP-self-signed-3759590078 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3759590078 revocation-check none rsakeypair TP-self-signed-3759590078 ! ! username Ciscoadmin privilege 15 secret 5 ************* username vpnuser password 7 *********** username vpnuser aaa attribute list pptp-list-user username vpnuser1 password 7 *********** username vpnuser1 aaa attribute list pptp-list-user1 username vpnuser2 password 7 *********** username vpnuser2 aaa attribute list pptp-list-user2 ! ! ! interface Loopback1 ip address 192.168.0.10 255.255.255.0 ! interface FastEthernet0/0 description WAN$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$ ip address xxx.xxx.xx6.206 255.255.255.248 ip route-cache flow duplex auto speed auto ! interface FastEthernet0/1 description LAN$ETH-LAN$ ip address 10.100.2.254 255.255.252.0 ip route-cache flow duplex auto speed auto ! interface Virtual-Template1 description PPTP Server mtu 1450 ip unnumbered Loopback1 peer default ip address pool test no keepalive ppp authentication pap chap ms-chap ppp authorization auth-list ! ip local pool test 192.168.0.230 192.168.0.250 ip classless ip route 0.0.0.0 0.0.0.0 xxx.xxx.xx6.201 - роутинг на шлюз провайдера по умолчанию ip route 10.10.0.0 255.255.0.0 10.100.0.1 ip route 10.100.4.0 255.255.252.0 10.100.0.1 ip route 10.100.8.0 255.255.252.0 10.100.0.1 ip route 10.100.12.0 255.255.252.0 10.100.0.1 ip route 10.100.16.0 255.255.252.0 192.168.0.231 ip route 10.100.20.0 255.255.252.0 192.168.0.232 ! ip flow-export source FastEthernet0/1 ip flow-export version 5 ip flow-export destination 10.100.0.9 9996 ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! access-list 23 permit 10.100.0.0 0.0.3.255 access-list 23 permit xxx.xxx.xxx.104 0.0.0.3 access-list 23 deny any access-list 23 permit 10.10.0.0 0.0.255.255 snmp-server ifindex persist ! ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 access-class 23 in privilege level 15 transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 ntp clock-period 17179900 ntp server 10.100.0.5 ! end Конфиг Cisco VPN клиент ************************************************************* Building configuration... Current configuration : 5047 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service internal ! hostname Cisco ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model ! resource policy ! clock timezone Moscow 3 clock summer-time Moscow date Mar 30 2003 2:00 Oct 26 2003 3:00 ip subnet-zero ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.100.16.1 10.100.16.199 ip dhcp excluded-address 10.100.16.231 10.100.19.254 ! ip dhcp pool LAN import all network 10.100.16.0 255.255.252.0 default-router 10.100.16.1 dns-server 10.100.0.5 10.10.1.15 lease 7 ! ! ip domain name my.com ip multicast-routing vpdn enable ! vpdn-group 1 request-dialin protocol pptp rotary-group 0 initiate-to ip yyy.yyy.yy6.206 - адрес циски сервера PPTP ! ! voice-card 0 no dspfarm ! ! username ciscoadmin privilege 15 secret 5 **************************** ! ! interface FastEthernet0/0 description LAN$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$ ip address 10.100.16.1 255.255.252.0 duplex auto speed auto ! interface FastEthernet0/1 description WAN$ETH-WAN$ ip address yyy.yyy.yy8.106 255.255.255.252 duplex auto speed auto ! interface Dialer0 description PPTP Client mtu 1450 ip address negotiated ip pim dense-mode encapsulation ppp dialer in-band dialer idle-timeout 0 dialer string 123 dialer vpdn dialer-group 1 no peer neighbor-route no cdp enable ppp pfc local request ppp pfc remote apply ppp eap refuse ppp chap hostname vpnuser1 ppp chap password 7 ************** - пароль для VPN (bp него назначается IP) ppp ms-chap refuse ppp ms-chap-v2 refuse ppp pap refuse ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 10.100.16.0 255.255.252.0 FastEthernet0/0 ip route yyy.yyy.yy6.206 255.255.255.255 xxx.xxx.xx8.105 - роутинг на циску сервер через основной шлюз провайдера ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! logging trap warnings access-list 23 permit 10.100.0.0 0.0.3.255 access-list 23 permit 10.10.0.0 0.0.255.255 access-list 23 permit 10.100.16.0 0.0.3.255 access-list 23 permit xxx.xxx.xx6.200 0.0.0.7 access-list 23 deny any dialer-list 1 protocol ip permit ! ! ! control-plane ! ! line con 0 login local line aux 0 line vty 0 4 access-class 23 in privilege level 15 login local transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 login local transport input telnet ssh ! scheduler allocate 20000 1000 ntp clock-period 17179900 ntp server 10.100.0.5 ! end

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру