Mainos / Advertisement:

Ero sivun ”PPTP-serveri” versioiden välillä

Kohteesta Taisto
Siirry navigaatioon Siirry hakuun
(Ak: Uusi sivu: Konffataan!!!!! jej pptp mppe ja ms-chap vpdn enable vpdn-group 1 accept-dialin protocol pptp virtual-template 1 exit Määritellään että hyväksytään sisään...)
 
Rivi 23: Rivi 23:
  
 
  username johannes password Qwerty1
 
  username johannes password Qwerty1
 +
 +
 +
==== Toimiva konffiesimerkki ====
 +
 +
<small>version 12.4
 +
 +
service config
 +
 +
service timestamps debug datetime msec
 +
 +
service timestamps log datetime msec
 +
 +
no service password-encryption
 +
 +
!
 +
 +
hostname Reititin
 +
 +
!
 +
 +
boot-start-marker
 +
 +
boot-end-marker
 +
 +
!
 +
 +
no logging on
 +
 +
enable secret 5 $1$AV8X$t7MoG7yn7ZFOI.Ivfc9yX.
 +
 +
!
 +
 +
aaa new-model
 +
 +
!
 +
 +
!
 +
 +
aaa authentication login default local
 +
 +
aaa authentication ppp default local
 +
 +
aaa authorization network default local
 +
 +
!
 +
 +
!
 +
 +
aaa session-id common
 +
 +
dot11 syslog
 +
 +
!
 +
 +
!
 +
 +
ip cef
 +
 +
!
 +
 +
!
 +
 +
!
 +
 +
multilink bundle-name authenticated
 +
 +
!
 +
 +
vpdn enable
 +
 +
!
 +
 +
vpdn-group PPTP
 +
 +
! Default PPTP VPDN group
 +
 +
description Default PPTP VPDN group
 +
 +
accept-dialin
 +
 +
  protocol pptp
 +
 +
  virtual-template 1
 +
 +
l2tp tunnel receive-window 1024
 +
 +
!
 +
 +
!
 +
 +
voice-card 0
 +
 +
no dspfarm
 +
 +
!
 +
 +
username johannes password 0 Qwerty1
 +
 +
archive
 +
 +
log config
 +
 +
  hidekeys
 +
 +
!
 +
 +
!
 +
 +
interface FastEthernet0/0
 +
 +
description WAN
 +
 +
ip address 10.5.26.22 255.255.255.0
 +
 +
ip nat outside
 +
 +
ip virtual-reassembly
 +
 +
duplex auto
 +
 +
speed auto
 +
 +
!
 +
 +
interface FastEthernet0/1
 +
 +
description LAN
 +
 +
ip address 10.0.0.1 255.255.255.0
 +
 +
ip nat inside
 +
 +
ip virtual-reassembly
 +
 +
duplex auto
 +
 +
speed auto
 +
 +
!
 +
 +
interface FastEthernet0/1.10
 +
 +
description LabraLAN 10
 +
 +
encapsulation dot1Q 10
 +
 +
ip address 10.0.1.1 255.255.255.0
 +
 +
ip nat inside
 +
 +
ip virtual-reassembly
 +
 +
!
 +
 +
interface FastEthernet0/1.20
 +
 +
description LabraLAN 20
 +
 +
encapsulation dot1Q 20
 +
 +
ip address 10.0.2.1 255.255.255.0
 +
 +
ip nat inside
 +
 +
ip virtual-reassembly
 +
 +
!
 +
 +
interface Virtual-Template1
 +
 +
ip unnumbered FastEthernet0/1
 +
 +
ip nat inside
 +
 +
ip virtual-reassembly
 +
 +
peer default ip address pool PPTPPOOL
 +
 +
compress mppc
 +
 +
ppp encrypt mppe auto
 +
 +
ppp authentication ms-chap-v2
 +
 +
!
 +
 +
ip local pool PPTPPOOL 10.255.255.200 10.255.255.254
 +
 +
ip forward-protocol nd
 +
 +
ip route 0.0.0.0 0.0.0.0 10.5.26.1
 +
 +
!
 +
 +
!
 +
 +
ip http server
 +
 +
no ip http secure-server
 +
 +
ip nat inside source list NAT interface FastEthernet0/0 overload
 +
 +
!
 +
 +
ip access-list extended FW_IN
 +
 +
permit tcp any host 10.5.26.22 eq 22
 +
 +
permit tcp any host 10.5.26.22 eq 1723
 +
 +
permit udp any host 10.5.26.22 eq isakmp
 +
 +
permit esp any host 10.5.26.22
 +
 +
permit gre any host 10.5.26.22
 +
 +
evaluate FW_TRAFFIC
 +
 +
permit icmp any host 10.5.26.22
 +
 +
ip access-list extended FW_OUT
 +
 +
ip access-list extended NAT
 +
 +
deny  ip 10.0.0.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.1.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.2.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.3.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.4.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.5.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.6.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.7.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.8.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.9.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 10.0.100.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
deny  ip 172.16.1.0 0.0.0.255 10.255.255.0 0.0.0.255
 +
 +
permit ip 10.255.255.0 0.0.0.255 any
 +
 +
permit ip 10.0.1.0 0.0.0.255 any
 +
 +
permit ip 10.0.0.0 0.0.0.255 any
 +
 +
permit ip 10.0.2.0 0.0.0.255 any
 +
 +
permit ip 10.0.3.0 0.0.0.255 any
 +
 +
permit ip 10.0.4.0 0.0.0.255 any
 +
 +
permit ip 10.0.5.0 0.0.0.255 any
 +
 +
permit ip 10.0.6.0 0.0.0.255 any
 +
 +
permit ip 10.0.7.0 0.0.0.255 any
 +
 +
permit ip 10.0.8.0 0.0.0.255 any
 +
 +
permit ip 10.0.9.0 0.0.0.255 any
 +
 +
permit ip 10.0.100.0 0.0.0.255 any
 +
 +
permit ip 172.16.1.0 0.0.0.255 any
 +
 +
permit ip 172.16.10.0 0.0.0.255 any
 +
 +
!
 +
 +
no logging trap
 +
 +
access-list 1 permit any
 +
 +
control-plane
 +
 +
!
 +
 +
!
 +
 +
line con 0
 +
 +
line aux 0
 +
 +
line vty 5 15
 +
 +
!
 +
 +
scheduler allocate 20000 1000
 +
 +
!
 +
 +
end
 +
 +
 +
 +
 +
 +
 +
</small>

Versio 17. marraskuuta 2014 kello 10.06

Konffataan!!!!! jej pptp mppe ja ms-chap 

vpdn enable
vpdn-group 1
 accept-dialin
  protocol pptp
  virtual-template 1
  exit

Määritellään että hyväksytään sisääntulevat pptp protokollaa käyttävät vpn yhteydenotot ja ohjataan ne Virtual-Template 1.

Määritellään Virtual-template 1 interfacen esimerkiksi salausja ip pooli 

interface Virtual-template 1
 encapsulation ppp
 ip unnumbered FastEthernet 0/0
 peer default ip address pool PPTP
 no keepalive
 ppp encryp mppe auto required
 ppp authentication ms-chap

ip local pool PPTP 192.168.100.10 192.168.100.20

username johannes password Qwerty1


Toimiva konffiesimerkki

version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Reititin

!

boot-start-marker

boot-end-marker

!

no logging on

enable secret 5 $1$AV8X$t7MoG7yn7ZFOI.Ivfc9yX.

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication ppp default local

aaa authorization network default local

!

!

aaa session-id common

dot11 syslog

!

!

ip cef

!

!

!

multilink bundle-name authenticated

!

vpdn enable

!

vpdn-group PPTP

! Default PPTP VPDN group

description Default PPTP VPDN group

accept-dialin

 protocol pptp

 virtual-template 1

l2tp tunnel receive-window 1024

!

!

voice-card 0

no dspfarm

!

username johannes password 0 Qwerty1

archive

log config

 hidekeys

!

!

interface FastEthernet0/0

description WAN

ip address 10.5.26.22 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description LAN

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1.10

description LabraLAN 10

encapsulation dot1Q 10

ip address 10.0.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.20

description LabraLAN 20

encapsulation dot1Q 20

ip address 10.0.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Virtual-Template1

ip unnumbered FastEthernet0/1

ip nat inside

ip virtual-reassembly

peer default ip address pool PPTPPOOL

compress mppc

ppp encrypt mppe auto

ppp authentication ms-chap-v2

!

ip local pool PPTPPOOL 10.255.255.200 10.255.255.254

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.5.26.1

! 

!

ip http server

no ip http secure-server

ip nat inside source list NAT interface FastEthernet0/0 overload

!

ip access-list extended FW_IN

permit tcp any host 10.5.26.22 eq 22

permit tcp any host 10.5.26.22 eq 1723

permit udp any host 10.5.26.22 eq isakmp

permit esp any host 10.5.26.22

permit gre any host 10.5.26.22

evaluate FW_TRAFFIC

permit icmp any host 10.5.26.22

ip access-list extended FW_OUT

ip access-list extended NAT

deny   ip 10.0.0.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.1.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.2.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.3.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.4.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.5.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.6.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.7.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.8.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.9.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 10.0.100.0 0.0.0.255 10.255.255.0 0.0.0.255

deny   ip 172.16.1.0 0.0.0.255 10.255.255.0 0.0.0.255

permit ip 10.255.255.0 0.0.0.255 any

permit ip 10.0.1.0 0.0.0.255 any

permit ip 10.0.0.0 0.0.0.255 any

permit ip 10.0.2.0 0.0.0.255 any

permit ip 10.0.3.0 0.0.0.255 any

permit ip 10.0.4.0 0.0.0.255 any

permit ip 10.0.5.0 0.0.0.255 any

permit ip 10.0.6.0 0.0.0.255 any

permit ip 10.0.7.0 0.0.0.255 any

permit ip 10.0.8.0 0.0.0.255 any

permit ip 10.0.9.0 0.0.0.255 any

permit ip 10.0.100.0 0.0.0.255 any

permit ip 172.16.1.0 0.0.0.255 any

permit ip 172.16.10.0 0.0.0.255 any

!

no logging trap

access-list 1 permit any

control-plane

!

!

line con 0

line aux 0

line vty 5 15

!

scheduler allocate 20000 1000

!

end




Noudettu kohteesta ”https://taisto.org/index.php?title=PPTP-serveri&oldid=2391
Mainos / Advertisement: