原来总部和分部都是静态IP 直接利用ipesc VPN互通 现在总部改成PPPoE拨号了 不知道怎么弄也不通 总部一个MSR2600-10 分部一个MSR2600-10
总部是192.168.1.1 分部192.168.10.1
再改成拨号之前我已经把VPN 的对端地址都改成域名了 可以正常互通 也就是静态IP上网 VPN用域名对拨
总部 ***.*** 分部 ***.***
现在总部想把静态IP拆掉 改成PPPoE拨号上网 节约成本 现在宽带已经申请号了 电信可以测试好了 新宽带 账号 ad79984170 密码69887992 现在放在旁边
如果总部测试OK后 以后 分部也改成PPPoE
请问 总部的配置需要改什么 可以实现 总部自己可以上网 还可以和分部互通
总部配置
#
version 5.20, Release 2514P04
#
sysname shanze-2600-10
#
l2tp enable
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 114.114.114.114
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
ndp enable
#
ntdp enable
#
cluster enable
#
port-security enable
#
ip http port 8081
#
password-recovery enable
#
acl number 3000
rule 0 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 5 permit ip
acl number 3101
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 5 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.90.0 0.0.0.255
#
vlan 1
#
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 192.168.100.10 192.168.100.100
#
ike proposal 10
authentication-algorithm md5
sa duration 5000
#
ike peer peer
proposal 10
pre-shared-key cipher $c$3$AYwyTwfYWFK0LUzhMoRl5hLJGE5jlhb8
remote-address ***.*** dynamic
nat traversal
#
ipsec transform-set tran1
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm des
#
ipsec policy map1 10 isakmp
connection-name map1.10
security acl 3101
ike-peer peer
transform-set tran1
sa duration traffic-based 1843200
sa duration time-based 3600
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.1.150 192.168.1.220
network mask 255.255.255.0
forbidden-ip 192.168.1.180
gateway-list 192.168.1.1
dns-list 202.96.209.133 114.114.114.114
expired day 0 hour 4
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$4ZA9qteh70PBuC57Zag4/+bOjNEaHzKK79Fz1us=
authorization-attribute level 3
service-type telnet
service-type web
local-user shanze
password cipher $c$3$l2k8/35dfjAG4a+WobGZtqLa5FhyuvLtb5HxHA==
authorization-attribute level 2
service-type ppp
#
cwmp
undo cwmp enable
#
ddns policy 2222
interval 0 0 1
url ***.***/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
username root
password cipher $c$3$WiTndyCPAddYqx+/7QYHStsY7XV9Ot9d8PFU
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 0
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
tcp mss 1024
#
interface Virtual-Template0
ppp authentication-mode chap domain system
ppp ipcp remote-address forced
remote address pool 1
ip address 192.168.90.1 255.255.255.0
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.1 255.255.255.0
tcp mss 1024
dhcp server apply ip-pool vlan1
#
interface GigabitEthernet0/0
port link-mode route
nat outbound 3000
nat server 4 protocol tcp global current-interface 10000 inside 192.168.1.253 10000
nat server 5 protocol tcp global current-interface 143 inside 192.168.1.253 143
nat server 8 protocol tcp global current-interface 8082 inside 192.168.1.2 www
nat server 2 protocol tcp global current-interface www inside 192.168.1.253 www
nat server 7 protocol tcp global current-interface 3390 inside 192.168.1.188 3389
nat server 12 protocol tcp global current-interface 3391 inside 192.168.1.253 3389
nat server 9 protocol tcp global current-interface 8088 inside 192.168.1.248 www
nat server 10 protocol tcp global current-interface 8000 inside 192.168.1.248 8000
nat server 1 protocol tcp global current-interface 3392 inside 192.168.1.240 3389
ip address 101.95.141.190 255.255.255.252
tcp mss 1024
ipsec no-nat-process enable
ipsec policy map1
ddns apply policy 2222 fqdn ***.***
dns server 202.96.209.133
dns server 114.114.114.114
#
interface GigabitEthernet0/1
port link-mode route
nat outbound
shutdown
ip address dhcp-alloc
#
interface GigabitEthernet0/2
port link-mode bridge
#
interface GigabitEthernet0/3
port link-mode bridge
#
interface GigabitEthernet0/4
port link-mode bridge
#
interface GigabitEthernet0/5
port link-mode bridge
#
interface GigabitEthernet0/6
port link-mode bridge
#
interface GigabitEthernet0/7
port link-mode bridge
#
interface GigabitEthernet0/8
port link-mode bridge
#
interface GigabitEthernet0/9
port link-mode bridge
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 101.95.141.189
ip route-static 192.168.10.0 255.255.255.0 GigabitEthernet0/0 101.95.141.189
#
dhcp enable
#
nms primary monitor-interface GigabitEthernet0/1
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
分部配置
#
version 5.20, Release 2514P04
#
sysname sanxie-2600-10
#
l2tp enable
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 114.114.114.114
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
ndp enable
#
ntdp enable
#
cluster enable
#
port-security enable
#
ip http port 8081
#
password-recovery enable
#
acl number 3000
rule 0 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 5 permit ip
acl number 3101
rule 0 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 5 permit ip source 192.168.90.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
#
vlan 1
#
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 2 192.168.90.20 192.168.90.50
#
ike proposal 10
authentication-algorithm md5
sa duration 5000
#
ike peer peer
proposal 10
pre-shared-key cipher $c$3$d5XN64pRCq5ggucnZgPHP1G2I/1rPlv4
remote-address ***.*** dynamic
nat traversal
#
ipsec transform-set tran1
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm des
#
ipsec policy use1 10 isakmp
connection-name use1.10
security acl 3101
ike-peer peer
transform-set tran1
sa duration traffic-based 1843200
sa duration time-based 3600
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.10.200 192.168.10.230
network mask 255.255.255.0
gateway-list 192.168.10.1
dns-list 192.168.10.1 61.177.7.1
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$XWqBb6AUf72UfAYoSb4SZAu20RwPCH95nHVjQUo=
authorization-attribute level 3
service-type telnet
service-type web
local-user sanxie
password cipher $c$3$LNinYC99h4W/Q/SStaIYLzHIiFFFMsepsQrsFQ==
authorization-attribute level 2
service-type ppp
#
cwmp
undo cwmp enable
#
ddns policy ***.***
interval 0 0 1
url ***.***/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
username root
password cipher $c$3$XIQOGAoUCwEEqlMennELelIGbMqezx1UZumW
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 0
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
tcp mss 1024
#
interface Virtual-Template0
ppp authentication-mode chap domain system
ppp ipcp remote-address forced
remote address pool 2
ip address 192.168.90.1 255.255.255.0
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.10.1 255.255.255.0
tcp mss 1024
dhcp server apply ip-pool vlan1
#
interface GigabitEthernet0/0
port link-mode route
nat outbound 3000
nat server 1 protocol tcp global current-interface 3389 inside 192.168.10.253 3389
nat server 2 protocol tcp global current-interface 8082 inside 192.168.10.2 www
nat server 3 protocol tcp global current-interface 554 inside 192.168.10.199 554
nat server 4 protocol tcp global current-interface www inside 192.168.10.199 www
nat server 5 protocol tcp global current-interface 8000 inside 192.168.10.199 8000
nat server 6 protocol tcp global current-interface 81 inside 192.168.10.198 81
nat server 7 protocol tcp global current-interface 8001 inside 192.168.10.198 8001
nat server 8 protocol tcp global current-interface 1554 inside 192.168.10.198 1554
ip address 58.221.125.134 255.255.255.252
tcp mss 1024
ipsec no-nat-process enable
ipsec policy use1
ddns apply policy ***.*** fqdn ***.***
dns server 61.147.37.1
dns server 61.177.7.1
#
interface GigabitEthernet0/1
port link-mode route
nat outbound
shutdown
ip address dhcp-alloc
#
interface GigabitEthernet0/2
port link-mode bridge
#
interface GigabitEthernet0/3
port link-mode bridge
#
interface GigabitEthernet0/4
port link-mode bridge
#
interface GigabitEthernet0/5
port link-mode bridge
#
interface GigabitEthernet0/6
port link-mode bridge
#
interface GigabitEthernet0/7
port link-mode bridge
#
interface GigabitEthernet0/8
port link-mode bridge
#
interface GigabitEthernet0/9
port link-mode bridge
#
ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 58.221.125.133
#
dhcp enable
#
nms primary monitor-interface GigabitEthernet0/1
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
(0)
最佳答案
这是我修改的PPPoE的配置 对吗 看看 VPN 还可以链接的上吗
#
version 5.20, Release 2514P04
#
sysname shanze-2600-10
#
l2tp enable
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 114.114.114.114
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
ndp enable
#
ntdp enable
#
cluster enable
#
port-security enable
#
ip http port 8081
#
password-recovery enable
#
acl number 3000
rule 0 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 5 permit ip
acl number 3101
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 5 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.90.0 0.0.0.255
#
vlan 1
#
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 192.168.100.10 192.168.100.100
#
ike proposal 10
authentication-algorithm md5
sa duration 5000
#
ike peer peer
proposal 10
pre-shared-key cipher $c$3$AYwyTwfYWFK0LUzhMoRl5hLJGE5jlhb8
remote-address ***.*** dynamic
nat traversal
#
ipsec transform-set tran1
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm des
#
ipsec policy map1 10 isakmp
connection-name map1.10
security acl 3101
ike-peer peer
transform-set tran1
sa duration traffic-based 1843200
sa duration time-based 3600
#
dhcp server ip-pool vlan1 extended
network ip range 192.168.1.150 192.168.1.220
network mask 255.255.255.0
forbidden-ip 192.168.1.180
gateway-list 192.168.1.1
dns-list 202.96.209.133 114.114.114.114
expired day 0 hour 4
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher $c$3$4ZA9qteh70PBuC57Zag4/+bOjNEaHzKK79Fz1us=
authorization-attribute level 3
service-type telnet
service-type web
local-user shanze
password cipher $c$3$l2k8/35dfjAG4a+WobGZtqLa5FhyuvLtb5HxHA==
authorization-attribute level 2
service-type ppp
#
cwmp
undo cwmp enable
#
ddns policy 2222
interval 0 0 1
url ***.***/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
username root
password cipher $c$3$WiTndyCPAddYqx+/7QYHStsY7XV9Ot9d8PFU
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 0
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
tcp mss 1024
#
interface Dialer10
nat outbound 3000
nat server 5 protocol tcp global current-interface 10000 inside 192.168.1.253 10000
nat server 10 protocol tcp global current-interface 143 inside 192.168.1.253 143
nat server 15 protocol tcp global current-interface 8082 inside 192.168.1.2 www
nat server 20 protocol tcp global current-interface www inside 192.168.1.253 www
nat server 25 protocol tcp global current-interface 3390 inside 192.168.1.188 3389
nat server 30 protocol tcp global current-interface 3391 inside 192.168.1.253 3389
nat server 35 protocol tcp global current-interface 8088 inside 192.168.1.248 www
nat server 40 protocol tcp global current-interface 8000 inside 192.168.1.248 8000
nat server 45 protocol tcp global current-interface 3392 inside 192.168.1.240 3389
link-protocol ppp
ppp chap user ad79984170
ppp chap password cipher 69887992
ppp pap local-user ad79984170 password cipher 69887992
ppp ipcp dns admit-any
ppp ipcp dns request
mtu 1492
load-bandwidth 100000
ip address ppp-negotiate
tcp mss 1024
dialer user username
dialer-group 10
dialer bundle 10
ddns apply policy 2222 fqdn ***.***
ipsec no-nat-process enable
ipsec policy map1
#
interface Virtual-Template0
ppp authentication-mode chap domain system
ppp ipcp remote-address forced
remote address pool 1
ip address 192.168.90.1 255.255.255.0
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.1.1 255.255.255.0
tcp mss 1024
dhcp server apply ip-pool vlan1
#
interface GigabitEthernet0/0
port link-mode route
nat outbound 3000
pppoe-client dial-bundle-number 10
ipsec no-nat-process enable
ipsec policy map1
#
interface GigabitEthernet0/1
port link-mode route
nat outbound
shutdown
ip address dhcp-alloc
#
interface GigabitEthernet0/2
port link-mode bridge
#
interface GigabitEthernet0/3
port link-mode bridge
#
interface GigabitEthernet0/4
port link-mode bridge
#
interface GigabitEthernet0/5
port link-mode bridge
#
interface GigabitEthernet0/6
port link-mode bridge
#
interface GigabitEthernet0/7
port link-mode bridge
#
interface GigabitEthernet0/8
port link-mode bridge
#
interface GigabitEthernet0/9
port link-mode bridge
#
ip route-static 0.0.0.0 0.0.0.0 Dialer10
ip route-static 192.168.10.0 255.255.255.0 Dialer10
#
dhcp enable
#
nms primary monitor-interface GigabitEthernet0/1
#
load xml-configuration
#
load tr069-configuration
#
user-interface tty 12
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
ipesc应用在拨号口还是 g0/0
拨号口
我等下把我修改好的配置 粘贴上来 帮我看看 对不对
# version 5.20, Release 2514P04 # sysname shanze-2600-10 # l2tp enable # domain default enable system # dns resolve dns proxy enable dns server 114.114.114.114 # telnet server enable # dar p2p signature-file flash:/p2p_default.mtd # ndp enable # ntdp enable # cluster enable # port-security enable # ip http port 8081 # password-recovery enable # acl number 3000 rule 0 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 rule 5 permit ip acl number 3101 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 rule 5 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.10.0 0.0.0.255 rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.90.0 0.0.0.255 # vlan 1 # domain system authentication ppp local access-limit disable state active idle-cut disable self-service-url disable ip pool 1 192.168.100.10 192.168.100.100 # ike proposal 10 authentication-algorithm md5 sa duration 5000 # ike peer peer proposal 10 pre-shared-key cipher $c$3$AYwyTwfYWFK0LUzhMoRl5hLJGE5jlhb8 remote-address ***.*** dynamic nat traversal # ipsec transform-set tran1 encapsulation-mode tunnel transform esp esp authentication-algorithm sha1 esp encryption-algorithm des # ipsec policy map1 10 isakmp connection-name map1.10 security acl 3101 ike-peer peer transform-set tran1 sa duration traffic-based 1843200 sa duration time-based 3600 # dhcp server ip-pool vlan1 extended network ip range 192.168.1.150 192.168.1.220 network mask 255.255.255.0 forbidden-ip 192.168.1.180 gateway-list 192.168.1.1 dns-list 202.96.209.133 114.114.114.114 expired day 0 hour 4 # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$4ZA9qteh70PBuC57Zag4/+bOjNEaHzKK79Fz1us= authorization-attribute level 3 service-type telnet service-type web local-user shanze password cipher $c$3$l2k8/35dfjAG4a+WobGZtqLa5FhyuvLtb5HxHA== authorization-attribute level 2 service-type ppp # cwmp undo cwmp enable # ddns policy 2222 interval 0 0 1 url ***.***/dyndns/update?system=dyndns&hostname=<h>&myip=<a> username root password cipher $c$3$WiTndyCPAddYqx+/7QYHStsY7XV9Ot9d8PFU # l2tp-group 1 undo tunnel authentication allow l2tp virtual-template 0 # interface Aux0 async mode flow link-protocol ppp # interface Cellular0/0 async mode protocol link-protocol ppp tcp mss 1024 # interface Dialer10 nat outbound 3000 nat server 5 protocol tcp global current-interface 10000 inside 192.168.1.253 10000 nat server 10 protocol tcp global current-interface 143 inside 192.168.1.253 143 nat server 15 protocol tcp global current-interface 8082 inside 192.168.1.2 www nat server 20 protocol tcp global current-interface www inside 192.168.1.253 www nat server 25 protocol tcp global current-interface 3390 inside 192.168.1.188 3389 nat server 30 protocol tcp global current-interface 3391 inside 192.168.1.253 3389 nat server 35 protocol tcp global current-interface 8088 inside 192.168.1.248 www nat server 40 protocol tcp global current-interface 8000 inside 192.168.1.248 8000 nat server 45 protocol tcp global current-interface 3392 inside 192.168.1.240 3389 link-protocol ppp ppp chap user ad79984170 ppp chap password cipher 69887992 ppp pap local-user ad79984170 password cipher 69887992 ppp ipcp dns admit-any ppp ipcp dns request mtu 1492 load-bandwidth 100000 ip address ppp-negotiate tcp mss 1024 dialer user username dialer-group 10 dialer bundle 10 ddns apply policy 2222 fqdn ***.*** ipsec no-nat-process enable ipsec policy map1 # interface Virtual-Template0 ppp authentication-mode chap domain system ppp ipcp remote-address forced remote address pool 1 ip address 192.168.90.1 255.255.255.0 # interface NULL0 # interface Vlan-interface1 ip address 192.168.1.1 255.255.255.0 tcp mss 1024 dhcp server apply ip-pool vlan1 # interface GigabitEthernet0/0 port link-mode route nat outbound 3000 pppoe-client dial-bundle-number 10 ipsec no-nat-process enable ipsec policy map1 # interface GigabitEthernet0/1 port link-mode route nat outbound shutdown ip address dhcp-alloc # interface GigabitEthernet0/2 port link-mode bridge # interface GigabitEthernet0/3 port link-mode bridge # interface GigabitEthernet0/4 port link-mode bridge # interface GigabitEthernet0/5 port link-mode bridge # interface GigabitEthernet0/6 port link-mode bridge # interface GigabitEthernet0/7 port link-mode bridge # interface GigabitEthernet0/8 port link-mode bridge # interface GigabitEthernet0/9 port link-mode bridge # ip route-static 0.0.0.0 0.0.0.0 Dialer10 ip route-static 192.168.10.0 255.255.255.0 Dialer10 # dhcp enable # nms primary monitor-interface GigabitEthernet0/1 # load xml-configuration # load tr069-configuration # user-interface tty 12 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme # return