设为首页收藏本站language 语言切换
开启辅助访问 切换到宽版

鸿鹄论坛

 找回密码
 论坛注册

QQ登录

先注册再绑定QQ

鸿鹄论坛»鸿鹄论坛 ≡□≡思科认证≡□≡ CCNA求助答疑 VPN部分网段不通
返回列表 发新帖
查看: 1358|回复: 1
收起左侧

[求助] VPN部分网段不通

[复制链接]
262855355
发表于 2013-9-13 10:41:09 | 显示全部楼层 |阅读模式
公司在上海、武汉、青岛三地用VPN互联。以前用的192.168.1.0/24 192.168.2.0/24 上海 192.168.3.0/24(公共上网网段不进入VPN)
192.168.100.0/24 192.168.101.0/24 武汉  192.168.104.0(公共上网网段不进入VPN)

192.168.110.0/24 青岛   192.168.111.0/24(公共上网网段不进入VPN)


现在武汉换了新大楼人员要增加 需要加103.0,105.0 两个网段我在防火墙上增加了如下的ACL列表
access-list 101 extended permit ip any any
access-list 101 extended permit icmp any any
access-list 110 extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 110 extended permit ip 192.168.101.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 110 extended permit ip 192.168.103.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 110 extended permit ip 192.168.101.0 255.255.255.0 host 192.168.254.254
access-list 110 extended permit ip 192.168.103.0 255.255.255.0 host 192.168.254.254
access-list 110 extended permit ip 192.168.100.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 110 extended permit ip 192.168.101.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 110 extended permit ip 192.168.103.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 110 extended permit ip 192.168.105.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 110 extended permit ip 192.168.105.0 255.255.255.0 host 192.168.254.254
access-list 110 extended permit ip 192.168.105.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonat extended permit ip 192.168.103.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 host 192.168.254.254
access-list nonat extended permit ip 192.168.103.0 255.255.255.0 host 192.168.254.254
access-list nonat extended permit ip 192.168.100.0 255.255.255.0 192.168.110.0 255.255.255.0
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 192.168.110.0 255.255.255.0
access-list nonat extended permit ip 192.168.103.0 255.255.255.0 192.168.110.0 255.255.255.0
access-list nonat extended permit ip 192.168.100.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.101.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.103.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.105.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonat extended permit ip 192.168.105.0 255.255.255.0 host 192.168.254.254
access-list nonat extended permit ip 192.168.105.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list nonat extended permit ip 192.168.105.0 255.255.255.0 192.168.110.0 255.255.255.0
access-list 104 extended permit ip 192.168.120.0 255.255.255.0 any
access-list 104 extended permit ip any 192.168.104.0 255.255.255.0
access-list 104 extended permit ip 192.168.104.0 255.255.255.0 any
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq www
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 18080
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 23459
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 5222
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 8086
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 8087
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 8084
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 8085
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 5523
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 5524
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 5525
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 5526
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq 18083
access-list allow-ip-inside extended permit tcp any host 192.168.254.254 eq https
access-list allow-ip-inside extended deny ip any host 192.168.254.254
access-list allow-ip-inside extended permit ip any any
access-list allow-ip-inside extended permit tcp any host 192.168.100.131 eq 3000
access-list allow-ip-inside extended permit tcp any host 192.168.100.131 eq pop3
access-list allow-ip-inside extended permit tcp any host 192.168.100.131 eq smtp
access-list 111 extended permit ip 192.168.100.0 255.255.255.0 192.168.110.0 255.255.255.0
access-list 111 extended permit ip 192.168.101.0 255.255.255.0 192.168.110.0 255.255.255.0
access-list 111 extended permit ip 192.168.103.0 255.255.255.0 192.168.110.0 255.255.255.0
access-list 111 extended permit ip 192.168.105.0 255.255.255.0 192.168.110.0 255.255.255.0

其中110绑定于到上海的VPN   111绑定于到青岛的VPN  nonat绑定于内部出口的

现在 武汉到上海所有的网段都已经互通了,但是武汉到青岛 100.0   101.0是可以互通,  103.0 105.0无法互通,青岛的防火墙是用的山石的,请他们工程师检测长ping 没有数据包被检测到。
回复

使用道具 举报

maqizhao
发表于 2013-9-15 15:37:00 | 显示全部楼层
把帖子弄热,等大神解答
沙发 2013-9-15 15:37:00 回复 收起回复
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 论坛注册

本版积分规则

QQ|Archiver|手机版|小黑屋|sitemap|鸿鹄论坛 ( 京ICP备14027439号 )  

GMT+8, 2025-5-12 21:15 , Processed in 0.062488 second(s), 24 queries , Redis On.  

  Powered by Discuz!

  © 2001-2025 HH010.COM

快速回复 返回顶部 返回列表