اطلاعیه

بستن
No announcement yet.

مشکل در pptp vpn

بستن
این موضوع بسته شده است.
X
X
 
  • فیلتر کردن
  • زمان
  • نمایش
Clear All
پست های جدید

  • مشکل در pptp vpn

    سلام

    کلاینت ها میتونن به VPN کانکت بشن ولی نمیتونن به شبکه لوکال من دسترسی داشته باشن. مشکل از اینجاست که هیچ روتی به کلاینت داده نمیشه. نمیدونم چرا


    Router configuration:

    Current configuration : 8038 bytes
    !
    ! Last configuration change at 10:30:16 UTC Sun May 18 2014 by etickr
    ! NVRAM config last updated at 10:20:16 UTC Sun May 18 2014 by etickr
    ! NVRAM config last updated at 10:20:16 UTC Sun May 18 2014 by etickr
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname etick_edge
    !
    boot-start-marker
    boot-end-marker
    !
    !
    logging buffered 51200 warnings
    enable secret 4 nH4GhP.nqSkUTxuTQ7zHRXJezQoQ598XBK3LPOzQp3A
    !
    no aaa new-model
    !
    no ipv6 cef
    ip source-route
    ip cef
    !
    !
    !
    !
    !
    no ip domain lookup
    ip domain name yourdomain.com
    multilink bundle-name authenticated
    !
    vpdn enable
    !
    vpdn-group 1
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    l2tp tunnel timeout no-session 15
    !

    !
    !
    !
    !
    !
    !

    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    !
    interface GigabitEthernet0/0
    description local network
    ip address 10.0.0.1 255.255.255.252
    ip nat inside
    ip virtual-reassembly in
    ip policy route-map PBR
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/1
    ip address 46.x.x.x 255.255.255.224
    ip mtu 1200
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/2
    description shatel
    ip address 192.168.130.22 255.255.255.0
    ip mtu 1200
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    !
    interface Virtual-Template1
    ip unnumbered GigabitEthernet0/1
    ip nat inside
    ip virtual-reassembly in
    peer default ip address pool tvm
    ppp authentication pap chap ms-chap
    !
    ip local pool tvm 192.168.3.20 192.168.3.30
    ip forward-protocol nd
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    ip nat inside source route-map ISP-RESPINA interface GigabitEthernet0/1 overload
    ip nat inside source route-map ISP-SHATEL interface GigabitEthernet0/2 overload

    ip route 0.0.0.0 0.0.0.0 46.209.221.65
    ip route 0.0.0.0 0.0.0.0 192.168.130.1
    ip route 10.0.1.0 255.255.255.252 10.0.0.2
    ip route 192.168.0.0 255.255.255.0 10.0.0.2
    ip route 192.168.2.0 255.255.255.0 10.0.0.2
    ip route 192.168.110.0 255.255.255.0 10.0.0.2
    !
    ip access-list extended respina
    permit ip any any
    permit icmp any any
    ip access-list extended shatel
    permit ip host 192.168.0.161 any
    permit ip host 192.168.0.132 any
    permit ip host 192.168.0.75 any
    permit ip host 192.168.0.153 any
    permit ip host 192.168.0.160 any
    permit ip host 192.168.0.164 any
    permit ip host 192.168.0.39 any
    permit ip host 192.168.0.47 any
    permit ip host 192.168.0.187 any
    permit ip host 192.168.0.76 any
    ip access-list extended test
    !
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 1 permit 192.168.110.0 0.0.0.255
    access-list 1 permit 192.168.3.0 0.0.0.255
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 46 permit 46.209.221.66
    access-list 110 permit ip host 192.168.110.10 any
    !
    route-map ISP-RESPINA permit 10
    match ip address 1
    match interface GigabitEthernet0/1
    !
    route-map PBR permit 10
    match ip address shatel
    set ip next-hop 192.168.130.1
    !
    route-map PBR permit 30
    match ip address respina
    set ip next-hop 46.209.221.65
    !
    route-map ISP-SHATEL permit 10
    match ip address 1
    match interface GigabitEthernet0/2
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    login local
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    line vty 5 15
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler allocate 20000 1000
    end

  • #2
    به نظر من از route-map ها هست
    باید رنج vpn ها را deny کنید

    کامنت

    در حال انجام ...
    X