高考问答马库斯莫里斯兄弟:王萌请进! Cisco 路由器 PPPOE /VPDN/NAT的问题
来源:百度文库 编辑:高考问答 时间:2024/05/03 20:31:02
用2514做了一个pptp 的Server 再公司用方便家里办公,公司使用的是ADSL, 见下面的配置,不知道为啥内网(ip nat inside)用户可以pptp连接上来,dialer 1外(ip nat outside) 的用户就是pptp不上来,外网的telnet 到pptp的1723(pptp的端口)显示为未开放,于是我发现有点问题,尝试从外网ping 2514 dialer 1接口 (PPPOE获取的的地址)的公网IP,可以通, 再尝试 telnet 过来却又提示端口未开放,可是我内网都可以啊! 我没有做做访问控制列表,为啥内部的可以,而外部不行呢???
到底是PPPoe的问题还是vpdn的问题还是ip nat 的问题亚?
请帮忙!!! 谢谢!!!!
Current configuration : 1942 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname "2514B"
!
enable password 7 0822455D0A16
!
username yk password 7 105702
ip subnet-zero
ip name-server 202.103.24.68
!
vpdn enable
!
vpdn-group vpn
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
interface Ethernet0
no ip address
no ip route-cache
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Ethernet1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
!
interface Virtual-Template1
ip unnumbered Ethernet1
ip nat inside
peer default ip address pool pptp
ppp authentication ms-chap ms-chap-v2
!
interface Serial0
ip address 172.1.1.1 255.255.255.0
ip nat inside
clockrate 4000000
!
interface Serial1
ip address 10.1.1.1 255.255.255.0
ip nat inside
clockrate 4000000
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
shutdown
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxx password xxxxxx
!
ip local pool pptp 192.168.0.223 192.168.0.254
ip nat translation timeout 240
ip nat translation tcp-timeout 240
ip nat translation udp-timeout 180
ip nat translation syn-timeout 20
ip nat translation dns-timeout 240
ip nat translation icmp-timeout 10
ip nat translation max-entries 1000
ip nat inside source list 2 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.1.1.0 255.255.255.0 Serial0
ip http server
!
!
access-list 1 permit any
access-list 2 permit any
!
banner motd ^C
Welcome To xxxxxxxxxx^C
!
line con 0
line aux 0
line vty 0 4
password 7 13121F010E1E12232821
logging synchronous
login
!
end
谢谢!!!
楼下的说错了,我找到答案了。
我发现是nat的access的问题。 不能写成permit ip any,应该写成permit ip 192.168.0.0 0.0.0.255,还是现谢谢大家了
到底是PPPoe的问题还是vpdn的问题还是ip nat 的问题亚?
请帮忙!!! 谢谢!!!!
Current configuration : 1942 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname "2514B"
!
enable password 7 0822455D0A16
!
username yk password 7 105702
ip subnet-zero
ip name-server 202.103.24.68
!
vpdn enable
!
vpdn-group vpn
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
interface Ethernet0
no ip address
no ip route-cache
no ip mroute-cache
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Ethernet1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
!
interface Virtual-Template1
ip unnumbered Ethernet1
ip nat inside
peer default ip address pool pptp
ppp authentication ms-chap ms-chap-v2
!
interface Serial0
ip address 172.1.1.1 255.255.255.0
ip nat inside
clockrate 4000000
!
interface Serial1
ip address 10.1.1.1 255.255.255.0
ip nat inside
clockrate 4000000
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
shutdown
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxx password xxxxxx
!
ip local pool pptp 192.168.0.223 192.168.0.254
ip nat translation timeout 240
ip nat translation tcp-timeout 240
ip nat translation udp-timeout 180
ip nat translation syn-timeout 20
ip nat translation dns-timeout 240
ip nat translation icmp-timeout 10
ip nat translation max-entries 1000
ip nat inside source list 2 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.1.1.0 255.255.255.0 Serial0
ip http server
!
!
access-list 1 permit any
access-list 2 permit any
!
banner motd ^C
Welcome To xxxxxxxxxx^C
!
line con 0
line aux 0
line vty 0 4
password 7 13121F010E1E12232821
logging synchronous
login
!
end
谢谢!!!
楼下的说错了,我找到答案了。
我发现是nat的access的问题。 不能写成permit ip any,应该写成permit ip 192.168.0.0 0.0.0.255,还是现谢谢大家了
看看网络权限设置是否正确吧,以及外网的telnet访问是否打开.