Версия 10:03, 21 января 2010

Настройка VPN роутреа на cisco 1841=

Данная стстья не притендует на оригинальность, в интеренте полно такой информации. это просто краткие заметки для себя, что б не забыть =)

Есть роутер (2 Fa):

Cisco 1841 (revision 7.0) with 236544K/25600K bytes of memory.
Processor board ID XXXXXXXX
2 FastEthernet interfaces
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

Для работы VPN нужно

aaa new-model

Описать радиус-сервер

aaa group server radius MISERY
 server 192.168.1.1 auth-port 1812 acct-port 1813
 ip radius source-interface FastEthernet0/0
 attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
 deadtime 10
!

aaa authentication ppp RADIUS-MISERY group MISERY
aaa authorization network default group MISERY

aaa accounting delay-start
aaa accounting update newinfo periodic 1
aaa accounting network RADIUS-MISERY start-stop group MISERY
aaa accounting system default start-stop group MISERY

vpdn enable vpdn aaa attribute nas-ip-address vpdn-nas vpdn aaa attribute nas-port vpdn-nas vpdn session-limit 5000 !

vpdn-group VPN1
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 session-limit 32767
 pptp tunnel echo 0
 pptp flow-control static-rtt 5000
 l2tp tunnel receive-window 1024

Адрес используется в качестве конца тунеля.

interface Loopback0

ip address XX.XX.128.0 255.255.255.255

!

interface Virtual-Template1

description "VPN server"
ip unnumbered Loopback0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
peer default ip address pool DIAL-IN
ppp mtu adaptive
ppp authentication pap ms-chap-v2 RADIUS-MISERY
ppp accounting RADIUS-MISERY
ppp ipcp dns 193.33.48.33 193.33.19.160
hold-queue 4096 in
hold-queue 4096 out

! ip local pool DIAL-IN 172.16.2.21 172.16.2.25

Null-route для ИПов из пула

ip route XX.XX.128.16 255.255.255.240 Null0

radius-server attribute 44 include-in-access-req
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req
radius-server attribute 55 include-in-acct-req
radius-server attribute 55 access-request include
radius-server host 192.168.20.1 auth-port 1812 acct-port 1813 key 7 06080E32
radius-server vsa send cisco-nas-port
radius-server vsa send accounting
radius-server vsa send authentication

@@ Строка 65: / Строка 65: @@
 </PRE>
 !
-interface FastEthernet0/0
+</PRE>
- ip address 172.16.29.109 255.255.255.248
- duplex auto
- speed auto
-!
-interface FastEthernet0/1
- ip address 172.16.254.1 255.255.255.0
- duplex auto
- speed auto
-!
 interface Virtual-Template1
  description "VPN server"
@@ Строка 91: / Строка 83: @@
 !
 ip local pool DIAL-IN 172.16.2.21 172.16.2.25
+</PRE>
-ip forward-protocol nd
-ip route 0.0.0.0 0.0.0.0 172.16.29.108
+Null-route  для ИПов из пула
-ip route 95.69.128.16 255.255.255.240 Null0
+<PRE>
-!
+ip route XX.XX.128.16 255.255.255.240 Null0
-!
+</PRE>
-no ip http server
-no ip http secure-server
+<PRE>
-!
-!
-!
-!
-!
-!
 radius-server attribute 44 include-in-access-req
 radius-server attribute 6 on-for-login-auth
@@ Строка 115: / Строка 102: @@
 radius-server vsa send accounting
 radius-server vsa send authentication
-!
-control-plane
-!
-!
-!
-line con 0
-line aux 0
-line vty 0 4
- exec-timeout 0 0
- exec prompt timestamp
- history size 256
- full-help
- transport preferred none
- transport input ssh
-line vty 5 807
- exec-timeout 0 0
- exec prompt timestamp
- history size 256
- full-help
- transport preferred none
- transport input ssh
-!
-scheduler allocate 20000 1000
-ntp clock-period 17180301
-end
 </PRE>

Cisco-vpn: различия между версиями

Версия 10:03, 21 января 2010

Настройка VPN роутреа на cisco 1841=

Навигация

Действия на странице

Действия на странице

Персональные инструменты

Навигация

Поиск

Инструменты