#
acl number 3001 name nat
rule 0 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 (对端VPN设置 两个IP地址段对调)
rule 20 permit ip source 192.168.2.94 0 允许内网nat 的地址(可上网的ip)
rule 30 permit ip source 192.168.2.80 0
acl number 3026
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 定义VPN隧道数据流向(对端VPN设置 两个IP地址段对调)
#
ike peer testvpn 设置IKE 对等体
exchange-mode aggressive 野蛮模式
pre-shared-key cipher nWUE29323vCRHSJ19231231hkSNpRHtg== 共享密钥
id-type name ID类型为名称
remote-name testpeer 远程IKE名称
remote-address 202.106.0.20 (因本端ADSL接入动态IP地址,对端指定本段IKE名称即可不用指定远程IP地址)
local-name testvpn 本地IKE名称
nat traversal nat穿越
#
ipsec proposal testvpn
#
ipsec policy testvpn 10 isakmp
security acl 3026 匹配的ACL
pfs dh-group1
ike-peer testvpn IKE对等体名称
proposal testvpn IPSEC 安全提议名称
#
#
interface Dialer1 设置 PPPOE拨号接口
nat outbound 3001
link-protocol ppp
ppp pap local-user 9009239392939 password cipher )^6G123G6S032316;R3Q=^Q`MAF4<1!!
mtu 1450
ip address ppp-negotiate
tcp mss 1024
dialer user admin
dialer-group 1
dialer bundle 1
ipsec policy testvpn
#
interface Ethernet0/0
port link-mode route
description inside
ip address 192.168.2.1 255.255.255.0
#
interface Ethernet0/1
port link-mode route
description outside
pppoe-client dial-bundle-number 1
tcp mss 1024
ip address dhcp-alloc
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
#
- 上一篇:华三H3C(路由器)实现ipsec VPN穿越NAT实验配置命令
- 下一篇:没有了!
请立即点击咨询我们或拨打咨询热线: 17804441181,我们会详细为你一一解答你心中的疑难。项目经理在线