思科,华为l2tp组网,家庭宽带,公司内网数据分离
个人博客地址
拓扑
简介
办公网使用专线接入,拥有固定IP地址,网络出口使用防火墙做NAT,下联交换机接入服务器,办公电脑等,旁挂思科路由器做L2TP LNS
家庭宽带使用ADSL线路,华为路由器做拨号设备与DHCP服务器,下联无线路由器,下挂终端
需求
家庭终端访问办公网流量走L2tp隧道使用内网地址访问,互联网流量走互联网,特定终端流量全走办公网出
配置
思科
办公网组网配置略 vpdn enable ! vpdn-group 1 ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 1 no l2tp tunnel authentication l2tp tunnel password 7 000012140F5818 interface Virtual-Template1 ip address 192.168.33.1 255.255.255.0 ip nat inside ip virtual-reassembly ip policy route-map l2tp peer default ip address pool dark ppp authentication chap ppp ipcp dns 8.8.8.8 8.8.4.4 ip local pool dark 192.168.33.10 192.168.33.20
华为
l2tp enable acl number 2000 rule 10 permit source 172.18.0.183 0 acl number 2001 rule 5 permit source 172.18.0.0 0.0.0.255 acl number 2002 rule 5 permit source 172.18.0.0 0.0.0.255 ip pool dark gateway-list 172.18.0.1 network 172.18.0.0 mask 255.255.255.0 dns-list 114.114.114.114 8.8.8.8 interface Dialer1 link-protocol ppp ppp chap user 0011000000 ppp chap password simple 00000 tcp adjust-mss 1200 ip address ppp-negotiate dialer user 0011000000 dialer bundle 1 nat outbound 2001 interface Virtual-Template1 ppp chap user dark-l2 ppp chap password cipher %^%#!VG4=c>p<$2G25B ip address ppp-negotiate nat outbound 2002
l2tp-auto-client enable
interface GigabitEthernet0/0/1 undo portswitch ip address 172.18.0.1 255.255.255.0 traffic-policy dark-vpn inbound dhcp select global interface GigabitEthernet0/0/4 pppoe-client dial-bundle-number 1 l2tp-group 1 tunnel password cipher %^%#i]FR(<RDB5=BD!%IMx$1!nT]$a0# start l2tp ip 1.1.1.1 fullusername dark-l2 ip route-static 0.0.0.0 0.0.0.0 Dialer1 ip route-static 10.0.0.0 255.255.255.255 Virtual-Template1 traffic classifier dark-vpn operator or if-match acl 2000 # traffic behavior dark-vpn redirect ip-nexthop 192.168.33.1 # traffic policy dark-vpn classifier dark-vpn behavior dark-vpn precedence 5
以驱魔为理想,为生计而奔波
