1.1项目实训目的
- 不改变原有拓扑核心上加装一台VPN服务器
- 分部拨入旁挂VPN可实现访问总部网络
- 解决总部出口无VPN授权问题
1.2项目实训拓扑图
1.3项目实训设备
1.设备清单:
1台路由器模拟运营商
2台路由器模拟出口
1台路由器模拟VPN服务器
2PC模拟器内网设备
2.IP地址规划:
总部:
LNS服务器地址: 10.1.1.1
LAC接入地址池: 10.1.1.0
VPN路由器通讯地址:172.16.100.1
PC地址:192.168.1.0
出口路由器通讯地址:172.16.101.0
公网地址:1.1.1.2
分部:
PC地址:192.168.2.0
公网地址:2.2.2.2
1.4 项目实训要求
- 配置旁挂路由器AR1启用L2TP VPN充当服务器
- 分部出口路由器AR4充当拨入L2TP VPN充当客户端
3.总部AR2做nat服务器映射把AR1 映射出去也可以只映射1701端口
1.5 项目实训要求
2.总部配置:
LSW1:
interface Vlanif1
ipaddress 192.168.1.1 255.255.255.0
interface Vlanif100
ipaddress 172.16.100.1 255.255.255.0
interface Vlanif101
ipaddress 172.16.101.1 255.255.255.0
interface GigabitEthernet0/0/1
portlink-type access
portdefault vlan 101
interface GigabitEthernet0/0/2
portlink-type access
portdefault vlan 100
ip route-static 0.0.0.0 0.0.0.0172.16.101.2
ip route-static 10.1.1.0 255.255.255.0172.16.100.2
ip route-static 192.168.2.0 255.255.255.0172.16.100.2
AR2
interface GigabitEthernet0/0/0
ipaddress 172.16.101.2 255.255.255.0
interface GigabitEthernet0/0/1
ipaddress 1.1.1.2 255.255.255.0
natserver global 1.1.1.3 inside 172.16.100.2
natoutbound 2000
ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
ip route-static 172.16.100.0 255.255.255.0172.16.101.1
ip route-static 192.168.1.0 255.255.255.0172.16.101.1
AR1
l2tpenable
ip pool l2tp
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.0
aaa
local-user l2tp password cipher %
%
z5E{*9iiZ"90-%IFk
G
′
c
!
C
=
G'c!C=%
G′c!C=%$
local-userl2tp privilege level 0
local-user l2tp service-type ppp
interface Virtual-Template1
pppauthentication-mode chap
remote address pool l2tp
ipaddress 10.1.1.1 255.255.255.0
interface GigabitEthernet0/0/0
ipaddress 172.16.100.2 255.255.255.0
l2tp-group 1
allow l2tp virtual-template 1 remotel2tp_client
tunnel password cipher%$%KaTeX parse error: Expected 'EOF', got '#' at position 18: …!_@tnvS9S</s(Ts#̲QQ,"P9%%$
tunnel name lns
ip route-static 0.0.0.0 0.0.0.0172.16.100.1
ip route-static 192.168.2.0 255.255.255.0Virtual-Template1
4.分部配置:
AR4:
l2tpenable
acl number 2000
rule 5 permit
interface Virtual-Template1
pppchap user l2tp
pppchap password cipher %
%
C/pM%T.^F:GkU.a|*
3
,
3,
3,gX%
%
ipaddress ppp-negotiate
l2tp-auto-client enable
interface GigabitEthernet0/0/0
ipaddress 192.168.2.1 255.255.255.0
interface GigabitEthernet0/0/1
ipaddress 2.2.2.2 255.255.255.0
natoutbound 2000
l2tp-group 1
tunnel password cipher%
%
*5b+/zoDK8iy`e-~SSA0,
Z
q
Zq%
Zq%$
tunnel name l2tp_client
start l2tp ip 1.1.1.3 fullusername l2tp
ip route-static 0.0.0.0 0.0.0.0 2.2.2.1
ip route-static 192.168.1.0 255.255.255.0 Virtual-Template1