以下为远程办事处使用Cisco1800路由器接入总部的典型配置案例
该典型配置可以满足远程办事处的Internet联网及于总部VPN连接的要求。
具体实施:申请ADSL接入方式,使用Cisco1801建置PPoE以及VPN连接。
拓扑图如下:
路由器的配置档如下
Building configuration...
Current configuration : 5554 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname CXX-OFFICE ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings no logging monitor enable secret 5 $1$jVqI$7y9FRgsddK8NFn0/MDlug. ! aaa new-model ! ! ! aaa session-id common ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ! ! ip cef no ip dhcp use vrf connected ip dhcp excluded-address 10.186.82.1 ! ip dhcp pool CSD network 10.186.82.0 255.255.255.0 default-router 10.186.82.1 dns-server 10.xxx.xxx.100 ! ! no ip domain lookup ip domain name yourdomain.com vpdn enable ! vpdn-group pppoe request-dialin protocol pptp ! ! ! crypto pki trustpoint TP-self-signed-494023030 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-494023030 revocation-check none rsakeypair TP-self-signed-494023030 ! ! crypto pki certificate chain TP-self-signed-494023030 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34393430 32333033 30301E17 0D303630 32323130 37313533 395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3439 34303233 30333030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B478FCAB 8C1F7B37 0B78BE82 3632E94F 2E3C7EB0 D6D12232 0880A4E6 1ADB2146 272861F6 EFA01721 F2B5162E 368B97C0 73EA69B0 E414881D 4DA9DDA4 1B27966E 4DAD48D9 710DEFAD 594EA3F9 54BF7A75 2619BE3C 4FCBC069 50591286 0C1B0A70 89DFF2F5 72FEC15F ACADB4C8 FDCF75D7 4AD71B8E 97B8D391 F616FF33 D8682097 02030100 01A37930 77300F06 03551D13 0101FF04 05300301 01FF3024 0603551D 11041D30 1B821943 53442D4F 46464943 452E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 1478BAAE 042E1052 FD0102B8 519D31FD 22B9BC3A 4F301D06 03551D0E 04160414 78BAAE04 2E1052FD 0102B851 9D31FD22 B9BC3A4F 300D0609 2A864886 F70D0101 04050003 8181007C 10AFC9D5 5B756AD7 4075A820 217B40A1 D6A70197 9052711E FE71DC85 8A2183F7 0609634B 8171B4BD 76909F3D 75DFA859 6A2DC48E 6BCF0A79 B43FF8FF 18ECA262 08FD4707 4EBBBFFE 0532D43E BB371DB6 DB8D6C43 893F7EEB E02F1BBB 39BDCF3A E1A20E9C 5B327D56 4C951B83 AAE2F18F 8A836C85 098A5DC7 763E6F6F 71C4B3 quit username luo privilege 15 password 7 1514031B17232E username paul privilege 15 password 7 0709295B00050E1D28405B5C52 username ncc privilege 15 password 7 104A10120D1A1B0715 ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key fxxxkey address 61.144.200.20 ! ! crypto ipsec transform-set store esp-des esp-md5-hmac ! crypto map vpn 10 ipsec-isakmp set peer 61.144.200.20 set transform-set store match address 120 ! ! ! ! interface FastEthernet0 description Link to LAN no ip address ip virtual-reassembly duplex auto speed auto no keepalive ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/35 pppoe-client dial-pool-number 1 ! bundle-enable dsl operating-mode auto hold-queue 150 in ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$ ip address 10.186.82.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 no cdp enable ppp authentication pap callin ppp pap sent-username 200000073866 password 7 120D560D4A0E590C736B crypto map vpn ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ip nat inside source route-map nonat interface Dialer1 overload ! access-list 98 permit 10.100.100.29 access-list 98 permit 10.100.101.100 access-list 98 permit 10.100.101.105 access-list 99 permit 10.100.101.0 0.0.0.255 access-list 110 deny ip 10.186.82.0 0.0.0.255 10.0.0.0 0.255.255.255 access-list 110 permit ip 10.186.82.0 0.0.0.255 any access-list 120 permit ip 10.186.82.0 0.0.0.255 10.0.0.0 0.255.255.255
no cdp run ! route-map nonat permit 10 match ip address 110 !
! control-plane !
! line con 0 line aux 0 line vty 0 4 privilege level 15 password 7 121F0Dsd010209 transport input telnet ssh line vty 5 15 privilege level 15 transport input telnet ssh ! end
|
附件为Cisco官方文档,其中1800_ds.pdf是产品介绍,Cisco 1800 Installation Guide.pdf 为安装指南。
![](http://control.cublog.cn/fileicon/pdf.gif) |
文件: |
1800_ds.pdf |
大小: |
516KB |
下载: |
下载 | |
![](http://control.cublog.cn/fileicon/pdf.gif) |
文件: |
Cisco 1800 Installation Guide.pdf |
大小: |
2532KB |
下载: |
下载 | |
阅读(632) | 评论(0) | 转发(0) |