Easy vpn访问不了内网

忘卟掉过去

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login login local
aaa authorization network network local
!
aaa session-id common
!
resource policy
!
memory-size iomem 5
ip subnet-zero
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.200.1 192.168.200.10
!
ip dhcp pool lan
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
   dns-server 202.106.46.151
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group network
key cisco
pool adsl
acl 100
!
!
crypto ipsec transform-set set esp-3des esp-md5-hmac
!
crypto dynamic-map dymap 10
set transform-set set
reverse-route
!
!
crypto map vpn client authentication list login
crypto map vpn isakmp authorization list network
crypto map vpn client configuration address respond
crypto map vpn 10 ipsec-isakmp dynamic dymap
!
!
!
!
interface Ethernet0/0
ip address 210.82.62.125 255.255.255.224
ip nat outside
ip virtual-reassembly
half-duplex
crypto map vpn
!
interface Ethernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
no ip http server
no ip http secure-server
!
ip classless
ip route 0.0.0.0 0.0.0.0 210.82.62.126
!
ip nat inside source list 1 interface Ethernet0/0 overload
!
access-list 1 permit any
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
!
!
end



该贴已经同步到 忘卟掉过去的微博

ＳＯＭＩＮＧ

pool adsl  ???    adsl pool 没有定义！
acl 100    ???   100的列表也没定义！

忘卟掉过去

pool adsl  
acl 100  
这些我都定义了 怎么还是访问不了啊  可以 ping通

忘卟掉过去

access-list 100 permit ip 192.168.200.0 0.0.0.255 any
ip local pool adsl 192.168.201.1 192.168.201.100
这些也都定义了  怎么还是访问不了呢

忘卟掉过去

求大家 帮帮忙啊 谢谢了

ＳＯＭＩＮＧ

interface Ethernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
access-list 1 permit any  关键在于你要访问的地址段，你做了个NAT ，，导致，地址被NAT ，你要访问的内网网段，地址不能被NAT！

忘卟掉过去

那该怎么解决啊

忘卟掉过去

这位大哥 帮帮忙 想想办法  谢谢了

ＳＯＭＩＮＧ

忘卟掉过去 发表于 2013-11-19 14:42
这位大哥 帮帮忙 想想办法  谢谢了

你把要访问的网段从NAT池里独立出来，比如像你这里，在interface Ethernet0/2  起个地址为192.168.202.1 255.255.255.0
然后把需要访问的服务器放入这个地址段内，就可以通讯了
或者你直接把interface Ethernet0/1 的NAT去掉  （如果没有其他需要跑NAT的话）。
最后或者你重新写access-list 1 permit any  来精确匹配把不需要NAT的地址去掉，，具体看你需要怎么实现了！

忘卟掉过去

{:soso_e100:}非常感谢您