思科,华为l2tp组网,家庭宽带,公司内网数据分离

拓扑

简介

  办公网使用专线接入,拥有固定IP地址,网络出口使用防火墙做NAT,下联交换机接入服务器,办公电脑等,旁挂思科路由器做L2TP LNS

  家庭宽带使用ADSL线路,华为路由器做拨号设备与DHCP服务器,下联无线路由器,下挂终端

需求

  家庭终端访问办公网流量走L2tp隧道使用内网地址访问,互联网流量走互联网,特定终端流量全走办公网出

配置

  思科

办公网组网配置略


vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
 l2tp tunnel password 7 000012140F5818

interface Virtual-Template1
 ip address 192.168.33.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map l2tp
 peer default ip address pool dark
 ppp authentication chap
 ppp ipcp dns 8.8.8.8 8.8.4.4


ip local pool dark 192.168.33.10 192.168.33.20

华为

l2tp enable
acl number 2000                           
 rule 10 permit source 172.18.0.183 0 
acl number 2001  
 rule 5 permit source 172.18.0.0 0.0.0.255 
acl number 2002  
 rule 5 permit source 172.18.0.0 0.0.0.255

ip pool dark
 gateway-list 172.18.0.1 
 network 172.18.0.0 mask 255.255.255.0 
 dns-list 114.114.114.114 8.8.8.8

interface Dialer1
 link-protocol ppp
 ppp chap user 0011000000
 ppp chap password simple 00000
 tcp adjust-mss 1200
 ip address ppp-negotiate
 dialer user 0011000000
 dialer bundle 1
 nat outbound 2001



interface Virtual-Template1
 ppp chap user dark-l2
 ppp chap password cipher %^%#!VG4=c>p<$2G25B
 ip address ppp-negotiate
 nat outbound 2002 l2tp-auto-client enable



interface GigabitEthernet0/0/1
 undo portswitch
 ip address 172.18.0.1 255.255.255.0
 traffic-policy dark-vpn inbound
 dhcp select global

interface GigabitEthernet0/0/4
 pppoe-client dial-bundle-number 1


l2tp-group 1
 tunnel password cipher %^%#i]FR(<RDB5=BD!%IMx$1!nT]$a0#
 start l2tp ip 1.1.1.1  fullusername dark-l2


ip route-static 0.0.0.0 0.0.0.0 Dialer1
ip route-static 10.0.0.0 255.255.255.255 Virtual-Template1


traffic classifier dark-vpn operator or
 if-match acl 2000
#
traffic behavior dark-vpn
 redirect ip-nexthop 192.168.33.1
#
traffic policy dark-vpn
 classifier dark-vpn behavior dark-vpn precedence 5

Leave a Reply

Your email address will not be published. Required fields are marked *

X