求助Easy VPN无法ping通内网

stone88 · 发表于 2015-10-19 23:06:17

本帖最后由 stone88 于 2015-10-19 23:18 编辑

Host ip 192.168.1.6 绑定电脑WLAN 系统为window8 ；现要求window8 系统下通过easy vpn客户端连接获取内网 172.16.1.100-172.16.1.150 ，并ping通R1 fa0/0下的地址：

现问题是window8可以正常通过easy vpn 连接 R1 并获取内网地址，但就是无法ping通 R1 fa0/0接口地址

付上R1 配置一份：

R1#show run

!

hostname R1

!

aaa new-model

!

aaa authentication login remot-access local

aaa authorization network remot-group local

aaa session-id common

!

username cisco secret 5$1$hlzy$47IuTlql.Qa36JLEtwdY5.

!

ip tcp synwait-time 5

ip ssh version 1

!

crypto isakmp policy 10

encr3des

hashmd5

authentication pre-share

group 2

!

crypto isakmp client configuration groupcisco

keycisco

dns8.8.8.8

domain cisco.com

poolremot-address

netmask 255.255.255.0

banner ^CChello baby! ^C

crypto isakmp profile myvpn

match identity group cisco

client authentication list remot-access

isakmp authorization list remot-group

client configuration address respond

!

crypto ipsec transform-set myset esp-3desesp-md5-hmac

!

crypto dynamic-map mymap 10

settransform-set myset

setisakmp-profile myvpn

reverse-route

!

crypto map mymap 100 ipsec-isakmp dynamicmymap

!

interface Loopback0

ipaddress 1.1.1.1 255.255.255.0

!

interface FastEthernet0/0

ipaddress 172.16.1.149 255.255.255.0

ipnat inside

ipvirtual-reassembly

duplex half

!

interface FastEthernet1/0

ipaddress 202.100.1.1 255.255.255.0

ipnat outside

ipvirtual-reassembly

duplex auto

speed auto

crypto map mymap

!

ip local pool remot-address 172.16.1.100172.16.1.150

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 101 interfaceFastEthernet1/0 overload

ip route 0.0.0.0 0.0.0.0 202.100.1.2

!

access-list 100 permit ip 1.1.1.0 0.0.0.255any

access-list 101 deny ip 172.16.1.0 0.0.0.255 any

access-list 101permit ip any any

R2 简单做个NAT 出外网，附上配置

interface FastEthernet0/0

ipaddress 192.168.1.10 255.255.255.0

ipnat inside

ipvirtual-reassembly

duplex half

!

interface FastEthernet1/0

ipaddress 202.100.1.2 255.255.255.0

ipnat outside

ipvirtual-reassembly

duplex auto

speed auto

ip nat inside source list 101 interfaceFastEthernet1/0 overload

ip route 0.0.0.0 0.0.0.0 202.100.1.1

!

access-list 101 permit ip 0.0.0.0255.255.255.0 any

access-list 101 permit ip any any

电脑端：

李萌321 · 发表于 2015-10-20 09:27:31

R1好像没做感兴趣流做个ACL抓感兴趣流（本人猜测不一定是正确可以试试）

王嘉尔吧_蛋蛋 · 发表于 2015-11-9 16:30:57

哥顶的不是帖子，是寂寞！

盛桂芝 · 发表于 2015-11-9 20:12:30

曹宇康 · 发表于 2015-11-11 12:44:18

楼主，支持一下！！！

saidi123ab · 发表于 2015-11-13 21:52:32

浅浅ai · 发表于 2015-11-15 13:37:29

凡走過，必留下我的足跡

dkhfop5 · 发表于 2015-11-15 19:58:32

账号		自动登录	找回密码
密码			论坛注册

求助Easy VPN无法ping通内网

相关帖子

客服中心

投诉建议