L2TP VPN问题请教

梁朝伟 · 发表于 2014-10-12 20:29:11

配了l2tp vpn后可以成功拨号上去，然后ping不通它的内网，但可以ping通它的内网网关。

另外这台路由有做nat转换，是这个影响了吗？

962456310@qq.co · 发表于 2014-10-12 20:29:12

你的L2TP VPN是怎么配置的？按理拔上去是可以正常访问的。你看一下你的返回流量是怎么样

梁朝伟 · 发表于 2014-10-12 22:57:17

version 5.20, Release 2511P02
#
sysname .......
#
l2tp enable
#
domain default enable system
#
dns proxy enable
dns server 211.136.192.6
dns server 120.196.165.24
#
telnet server enable
#
dar p2p signature-file flash:/p2p_default.mtd
#
qos carl 1 destination-ip-address range 192.168.0.1 to 192.168.3.255 per-address
qos carl 2 source-ip-address range 192.168.0.1 to 192.168.3.255 per-address
#
port-security enable
#
portal server newpt ip ....... key cipher $c$3$HjCFMP/4AJphziYerSHBgDboSVbPqGGbyw== url http://.........:7001/wifiauth-server/cmcc/portal.html
portal free-rule 0 source ip any destination ip 192.168.254.1 mask 255.255.255.255
#
password-recovery enable
#
acl number 3000
rule 0 permit ip source 192.168.0.0 0.0.255.255
rule 1 permit ip source 172.16.0.0 0.0.255.255
#
vlan 1
#
radius scheme rs1
primary authentication 211.139.201.104
primary accounting 211.139.201.104
key authentication cipher $c$3$dZsL8PL98rMkd9KDORzKF+wRKSM2DF5/ySY=
key accounting cipher $c$3$+TX82HgjnQvL59UqiSjyLTpeT7sDH5mzQlQ=
user-name-format without-domain
nas-ip ............
accounting-on enable
#
domain dm1
authentication portal radius-scheme rs1
authorization portal radius-scheme rs1
accounting portal radius-scheme rs1
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 172.16.0.2 172.16.0.10
#
dhcp server ip-pool lan
network 192.168.0.0 mask 255.255.0.0
gateway-list 192.168.254.1
dns-list 192.168.254.1
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher .............
authorization-attribute level 3
service-type telnet
service-type ppp
service-type web
local-user fsww
password cipher $c$3$0kTyw15TU7TE/JGRGSfsRUdyCbzmdBrVbQ==
authorization-attribute level 3
service-type telnet terminal
service-type web
#
cwmp
undo cwmp enable
#
l2tp-group 1
undo tunnel authentication
mandatory-lcp
allow l2tp virtual-template 0
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Ethernet0/0
port link-mode route
ip address 192.168.254.1 255.255.0.0
qos car inbound carl 2 cir 1024 cbs 64000 ebs 0 green pass red discard
qos car outbound carl 1 cir 2048 cbs 128000 ebs 0 green pass red discard
ip flow-ordering internal
#
interface Ethernet0/1
port link-mode route
nat outbound 3000
nat server 2 protocol tcp global current-interface 8083 inside 192.168.254.3 www
nat server 3 protocol tcp global current-interface 8084 inside 192.168.254.4 www
nat server 4 protocol tcp global current-interface 8085 inside 192.168.254.5 www
nat server 5 protocol tcp global current-interface 8086 inside 192.168.254.6 www
nat server 6 protocol tcp global current-interface 8087 inside 192.168.254.7 www
nat server 7 protocol tcp global current-interface 8089 inside 192.168.254.9 www
nat server 8 protocol tcp global current-interface 8088 inside 192.168.254.8 www
nat server 9 protocol tcp global current-interface 8090 inside 192.168.254.10 www
nat server 10 protocol tcp global current-interface 8091 inside 192.168.254.11 www
nat server 11 protocol tcp global current-interface 8092 inside 192.168.254.12 www
nat server 12 protocol tcp global current-interface 8093 inside 192.168.254.13 www
nat server 13 protocol tcp global current-interface 8094 inside 192.168.254.14 www
nat server 14 protocol tcp global current-interface 8095 inside 192.168.254.15 www
nat server 15 protocol tcp global current-interface 8096 inside 192.168.254.16 www
nat server 16 protocol tcp global current-interface 8097 inside 192.168.254.17 www
nat server 17 protocol tcp global current-interface 8098 inside 192.168.254.18 www
nat server 18 protocol tcp global current-interface 8099 inside 192.168.254.19 www
nat server 19 protocol tcp global current-interface 8100 inside 192.168.254.20 www
nat server 20 protocol tcp global current-interface 8101 inside 192.168.254.21 www
nat server 21 protocol tcp global current-interface 8102 inside 192.168.254.22 www
nat server 22 protocol tcp global current-interface 8103 inside 192.168.254.23 www
nat server 23 protocol tcp global current-interface 8104 inside 192.168.254.24 www
nat server 24 protocol tcp global current-interface 8105 inside 192.168.254.25 www
nat server 25 protocol tcp global current-interface 8106 inside 192.168.254.26 www
nat server 1 protocol tcp global current-interface 8082 inside 192.168.254.2 www
ip address ............. 255.255.255.128
undo dhcp select server global-pool
dns server 211.136.192.6
dns server 120.196.165.24
ip flow-ordering external
#
interface Virtual-Template0
ppp authentication-mode pap
remote address pool 1
ip address 172.16.0.1 255.255.255.0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 ........
#
info-center security-logfile enable
#
dhcp server forbidden-ip 192.168.254.2 192.168.254.26
#
dhcp enable
#
ip flow-ordering stat-interval 60
#

梁朝伟 · 发表于 2014-10-13 10:57:42

962456310@qq.co 发表于 2014-10-12 23:26
你的L2TP VPN是怎么配置的？按理拔上去是可以正常访问的。你看一下你的返回流量是怎么样

2楼你看看

makewonder · 发表于 2014-10-13 16:55:22

华为和h3c的有些型号的路由器做了是有这种问题，我以前在内网的设备上写路由解决

梁朝伟 · 发表于 2014-10-15 13:54:24

哪位大神看看啊，有配置{:soso_e136:}

binw · 发表于 2015-1-13 17:44:42

是不是内网三层交换机没有做返回路由指向l2tp LNS.

账号		自动登录	找回密码
密码			论坛注册

[求助] L2TP VPN问题请教

最佳答案

浏览过的版块

客服中心

投诉建议