VPN配置实例(模板)篇

0VPN配置实例(模板)篇................................................................................................................................................1PPTP(Point-to-PointTunnelingProtocol)..................................................................................................1VPN服务端路由器配置.......................................................................................................................1远程VPN客户端设置方法..................................................................................................................3VPN服务端路由器的查看信息..........................................................................................................10L2TP(Layer2TunnelingProtocol)............................................................................................................11VPN服务端路由器配置.....................................................................................................................11远程VPN客户端设置方法................................................................................................................13VPN服务端路由器的查看信息..........................................................................................................20路由器同时作为PPTPServer与L2TPServer实例..................................................................................21VPN服务端路由器配置.....................................................................................................................21VPN客户端路由器配置.....................................................................................................................23VPN服务端路由器查看信息.............................................................................................................25GRE封装隧道VPN...........................................................................................................................................26GRE封装VPN路由器1配置...........................................................................................................27GRE封装VPN路由器2配置...........................................................................................................28GRE封装VPN路由器Tunnel信息..................................................................................................30手工方式建立IPSec安全联盟.........................................................................................................................31仅使用Esp-des加密算法....................................................................................................................31加密算法esp-des＋验证算法esp-sha-hmac......................................................................................34查看手工建立IPSec安全联盟信息...................................................................................................36IKE协商建立IPSec安全联盟.........................................................................................................................39VPDN路由器1配置...........................................................................................................................39VPDN路由器2配置...........................................................................................................................40查看IKE协商建立IPSec安全联盟信息...........................................................................................42IKE协商建立IPSecDebug信息........................................................................................................441VPN配置实例(模板)篇PPTP(Point-to-PointTunnelingProtocol)PPTP使得远程用户通过MicrosoftWindowsNT®Workstation,Windows®95,Windows®98和Windows®2000以及其它具备ppp功能的系统拨入到本地ISP，就能跨越Internet安全地连接并访问公司网络。其标准说明文档为RFC2637。VPN服务端路由器配置configt!进入全局模式hostnamePPTPserver!主机名设置为PPTPserverenablesecret0star!特权口令设置为staraccess-list1permitany!建立acl1，用来nat规则关联vpdnenable!使能vpdn功能vpdn-grouppptp!DefaultPPTPVPDNgroup，设置vpdn-group接口，名为pptpaccept-dialin!允许接受远程客户端拨入protocolpptp!设置隧道协议为pptpvirtual-template1!使用虚模板接口12exit!usernamepptppassword0pptp!设置用户信息（创建pptp/pptp帐号）iplocalpoolvpn_add10.32.0.20010.32.0.254!创建本地地址池，分配给拨入的远程VPN客户端，10.32.0.200-10.32.0.254interfaceFastEthernet1/0!设置FastEthernet1/0口，用于连接Internetipnatoutside!指定此接口连接外网ipaddress192.168.33.39255.255.255.0!为此接口分配IP地址192.168.33.39/24noshutdown!启用此接口exit!interfaceFastEthernet1/1!设置FastEthernet1/1口，用于连接本地局域网(内网)ipnatinside!指定此接口连接内网ipaddress10.32.0.1255.255.255.0!为此接口分配IP地址10.32.0.1/24noshutdown!启用此接口exit!interfaceVirtual-Template1!创建虚模板接口1，使之成为绑定并负载PPTP会话的virtual-access接口模板pppauthenticationpap!启动PPP验证，并指定身份验证模式为PAPipunnumberedFastEthernet1/1!设置此无编号接口关联的接口为FastEthernet1/1peerdefaultipaddresspoolvpn_add!为拨入的用户选择分配IP地址的策略，使用地址池vpn_addipnatinside!设置此虚模板接口参与nat，使远程客户端拨号到VPDN路由器之后通过此路由上网exit!ipnatinsidesourcelist1interfaceFastEthernet1/0overload!设置nat规则，关联ACL1，允许所有源主机进行natiproute0.0.0.00.0.0.0192.168.33.1!设置缺省路由即网关192.168.33.1linevty04!设置vty0-4的密码即telnet口令3loginpassword0star!telnet口令设置为starexitendwrite!保存配置远程VPN客户端设置方法45678910VPN服务端路由器的查看信息PPTPserver#showvpdnsession%NoactiveL2TPtunnelsPPTPSessionInformationTotalsessions1LocIDRemIDTunIDIntfUsernameStateLastChg3125630Va0pptpconnected00:00:15PPTPserver#showiprouteCodes:C