Easy vpn访问不了内网
!!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login login local
aaa authorization network network local
!
aaa session-id common
!
resource policy
!
memory-size iomem 5
ip subnet-zero
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.200.1 192.168.200.10
!
ip dhcp pool lan
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 202.106.46.151
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group network
key cisco
pool adsl
acl 100
!
!
crypto ipsec transform-set set esp-3des esp-md5-hmac
!
crypto dynamic-map dymap 10
set transform-set set
reverse-route
!
!
crypto map vpn client authentication list login
crypto map vpn isakmp authorization list network
crypto map vpn client configuration address respond
crypto map vpn 10 ipsec-isakmp dynamic dymap
!
!
!
!
interface Ethernet0/0
ip address 210.82.62.125 255.255.255.224
ip nat outside
ip virtual-reassembly
half-duplex
crypto map vpn
!
interface Ethernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
no ip http server
no ip http secure-server
!
ip classless
ip route 0.0.0.0 0.0.0.0 210.82.62.126
!
ip nat inside source list 1 interface Ethernet0/0 overload
!
access-list 1 permit any
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
!
!
end
http://bbs.hh010.com/xwb/images/bgimg/icon_logo.png 该贴已经同步到 忘卟掉过去的微博 pool adsl??? adsl pool 没有定义!
acl 100 ??? 100的列表也没定义! pool adsl
acl 100
这些我都定义了 怎么还是访问不了啊可以 ping通 access-list 100 permit ip 192.168.200.0 0.0.0.255 any
ip local pool adsl 192.168.201.1 192.168.201.100
这些也都定义了怎么还是访问不了呢
求大家 帮帮忙啊 谢谢了 interface Ethernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
access-list 1 permit any关键在于你要访问的地址段,你做了个NAT ,,导致,地址被NAT ,你要访问的内网网段,地址不能被NAT! 那该怎么解决啊 这位大哥 帮帮忙 想想办法谢谢了 忘卟掉过去 发表于 2013-11-19 14:42 static/image/common/back.gif
这位大哥 帮帮忙 想想办法谢谢了
你把要访问的网段从NAT池里独立出来,比如像你这里,在interface Ethernet0/2起个地址为192.168.202.1 255.255.255.0
然后把需要访问的服务器放入这个地址段内,就可以通讯了
或者你直接把interface Ethernet0/1 的NAT去掉(如果没有其他需要跑NAT的话)。
最后或者你重新写access-list 1 permit any来精确匹配把不需要NAT的地址去掉,,具体看你需要怎么实现了! {:soso_e100:}非常感谢您
页:
[1]