问题描述:
如图,之前分公司通过vpn lt2p访问总部内网服务器,vpn设置在防火墙。核心交换机和防火墙之间连接的接口设置为link-mode route,只有一个外网连接防火墙。现在想增加一个vpn 连接华为云,通过核心连接的内网ip可以访问华为云上的内网ip,总部防火墙只有一个外网可以连接分部VPN和华为云,请问总部防火墙vpn和核心交换机怎么设置可以让两个vpn同时使用。谢谢!
- 2024-02-04提问
- 举报
-
(0)
L2TP可以对接多分支,参考案例:
1.组网
2.需求
分支MSR2和分支MSR3分别和总部MSR1建立L2TP VPN,并且分支之间能够通过总部互访。
配置步骤
3.关键配置
LNS:
#
interface LoopBack0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 1.1.1.2 255.255.255.252
nat outbound
#
ip pool huqi 66.66.66.3 66.66.66.65
#
interface Virtual-Template1
ppp authentication-mode pap chap
remote address pool huqi
ip address 66.66.66.66 255.255.255.0
#
l2tp-group 1 mode lns
allow l2tp virtual-template 1
undo tunnel authentication
tunnel name H3C-LNS
#
l2tp enable
#
local-user huqi class network
password simple huqi
service-type ppp
authorization-attribute user-role network-operator
#
ip route-static 0.0.0.0 0 1.1.1.1
ip route-static 192.168.2.0 24 66.66.66.1
ip route-static 192.168.3.0 24 66.66.66.2
#
LAC1:
#
interface LoopBack0
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 2.2.2.2 255.255.255.252
nat outbound
#
interface Virtual-PPP0
ppp chap password simple huqi
ppp chap user huqi
ip address 66.66.66.1 255.255.255.0
l2tp-auto-client l2tp-group 1
#
l2tp-group 1 mode lac
lns-ip 1.1.1.2
undo tunnel authentication
tunnel name H3C-LAC1
#
l2tp enable
#
ip route-static 0.0.0.0 0 2.2.2.1
ip route-static 192.168.1.0 24 Virtual-PPP0
ip route-static 192.168.3.0 24 Virtual-PPP0
#
LAC2:
#
interface LoopBack0
ip address 192.168.3.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 3.3.3.2 255.255.255.252
nat outbound
#
interface Virtual-PPP0
ppp chap password simple huqi
ppp chap user huqi
ip address 66.66.66.2 255.255.255.0
l2tp-auto-client l2tp-group 1
#
l2tp-group 1 mode lac
lns-ip 1.1.1.2
undo tunnel authentication
tunnel name H3C-LAC2
#
l2tp enable
#
ip route-static 0.0.0.0 0 3.3.3.1
ip route-static 192.168.1.0 24 Virtual-PPP0
ip route-static 192.168.2.0 24 Virtual-PPP0
#
配置关键点
4.测试
LNS侧:
[LNS]dis l2tp tunnel
LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName
31954 65062 Established 1 3.3.3.2 1701 H3C-LAC2
47746 55251 Established 0 2.2.2.2 1701 H3C-LAC1
LAC1侧:
[LAC1]dis l2tp tunnel
LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName
55251 47746 Established 0 1.1.1.2 1701 H3C-LNS
[LAC1]ping -a 192.168.2.1 192.168.1.1
Ping 192.168.1.1 (192.168.1.1) from 192.168.2.1: 56 data bytes, press CTRL_C to break
56 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=2.000 ms
56 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=1.000 ms
56 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=1.000 ms
56 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=2.000 ms
56 bytes from 192.168.1.1: icmp_seq=4 ttl=255 time=1.000 ms
--- Ping statistics for 192.168.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
[LAC1]%Jun 23 00:52:37:991 2020 LAC1 PING/6/PING_STATISTICS: Ping statistics for 192.168.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms.
[LAC1]ping -a 192.168.2.1 192.168.3.1
Ping 192.168.3.1 (192.168.3.1) from 192.168.2.1: 56 data bytes, press CTRL_C to break
56 bytes from 192.168.3.1: icmp_seq=0 ttl=254 time=3.000 ms
56 bytes from 192.168.3.1: icmp_seq=1 ttl=254 time=2.000 ms
56 bytes from 192.168.3.1: icmp_seq=2 ttl=254 time=3.000 ms
56 bytes from 192.168.3.1: icmp_seq=3 ttl=254 time=2.000 ms
56 bytes from 192.168.3.1: icmp_seq=4 ttl=254 time=5.000 ms
--- Ping statistics for 192.168.3.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/3.000/5.000/1.095 ms
LAC2侧:
[LAC2]dis l2tp tunnel
LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName
65062 31954 Established 0 1.1.1.2 1701 H3C-LNS
[LAC2]ping -a 192.168.3.1 192.168.1.1
Ping 192.168.1.1 (192.168.1.1) from 192.168.3.1: 56 data bytes, press CTRL_C to break
56 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=2.000 ms
56 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=2.000 ms
56 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 192.168.1.1: icmp_seq=4 ttl=255 time=3.000 ms
--- Ping statistics for 192.168.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.800/3.000/0.748 ms
[LAC2]ping -a 192.168.3.1 192.168.2.1
Ping 192.168.2.1 (192.168.2.1) from 192.168.3.1: 56 data bytes, press CTRL_C to break
56 bytes from 192.168.2.1: icmp_seq=0 ttl=254 time=3.000 ms
56 bytes from 192.168.2.1: icmp_seq=1 ttl=254 time=3.000 ms
56 bytes from 192.168.2.1: icmp_seq=2 ttl=254 time=2.000 ms
56 bytes from 192.168.2.1: icmp_seq=3 ttl=254 time=2.000 ms
56 bytes from 192.168.2.1: icmp_seq=4 ttl=254 time=2.000 ms
--- Ping statistics for 192.168.2.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.000/2.400/3.000/0.490 ms
- 2024-02-04回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论