Mainos / Advertisement:
Ero sivun ”PPTP-serveri” versioiden välillä
Siirry navigaatioon
Siirry hakuun
| Rivi 27: | Rivi 27: | ||
==== Toimiva konffiesimerkki ==== | ==== Toimiva konffiesimerkki ==== | ||
| − | <small>version 12.4 | + | <small> |
| − | + | version 12.4 | |
service config | service config | ||
| − | |||
service timestamps debug datetime msec | service timestamps debug datetime msec | ||
| − | |||
service timestamps log datetime msec | service timestamps log datetime msec | ||
| − | |||
no service password-encryption | no service password-encryption | ||
| − | |||
! | ! | ||
| − | |||
hostname Reititin | hostname Reititin | ||
| − | |||
! | ! | ||
| − | |||
boot-start-marker | boot-start-marker | ||
| − | |||
boot-end-marker | boot-end-marker | ||
| − | |||
! | ! | ||
| − | |||
no logging on | no logging on | ||
| − | |||
enable secret 5 $1$AV8X$t7MoG7yn7ZFOI.Ivfc9yX. | enable secret 5 $1$AV8X$t7MoG7yn7ZFOI.Ivfc9yX. | ||
| − | |||
! | ! | ||
| − | |||
aaa new-model | aaa new-model | ||
| − | |||
! | ! | ||
| − | |||
! | ! | ||
| − | |||
aaa authentication login default local | aaa authentication login default local | ||
| − | |||
aaa authentication ppp default local | aaa authentication ppp default local | ||
| − | |||
aaa authorization network default local | aaa authorization network default local | ||
| − | |||
! | ! | ||
| − | |||
! | ! | ||
| − | |||
aaa session-id common | aaa session-id common | ||
| − | |||
dot11 syslog | dot11 syslog | ||
| − | |||
! | ! | ||
| − | |||
! | ! | ||
| − | |||
ip cef | ip cef | ||
| − | |||
! | ! | ||
| − | |||
! | ! | ||
| − | |||
! | ! | ||
| − | |||
multilink bundle-name authenticated | multilink bundle-name authenticated | ||
| − | |||
! | ! | ||
| − | |||
vpdn enable | vpdn enable | ||
| − | |||
! | ! | ||
| − | |||
vpdn-group PPTP | vpdn-group PPTP | ||
| − | |||
! Default PPTP VPDN group | ! Default PPTP VPDN group | ||
| − | |||
description Default PPTP VPDN group | description Default PPTP VPDN group | ||
| − | |||
accept-dialin | accept-dialin | ||
| − | |||
protocol pptp | protocol pptp | ||
| − | |||
virtual-template 1 | virtual-template 1 | ||
| − | |||
l2tp tunnel receive-window 1024 | l2tp tunnel receive-window 1024 | ||
| − | |||
! | ! | ||
| − | |||
| − | |||
| − | |||
voice-card 0 | voice-card 0 | ||
| − | |||
no dspfarm | no dspfarm | ||
| − | |||
! | ! | ||
| − | |||
username johannes password 0 Qwerty1 | username johannes password 0 Qwerty1 | ||
| − | |||
archive | archive | ||
| − | |||
log config | log config | ||
| − | |||
hidekeys | hidekeys | ||
| − | |||
! | ! | ||
| − | |||
! | ! | ||
| − | |||
interface FastEthernet0/0 | interface FastEthernet0/0 | ||
| − | |||
description WAN | description WAN | ||
| − | |||
ip address 10.5.26.22 255.255.255.0 | ip address 10.5.26.22 255.255.255.0 | ||
| − | |||
ip nat outside | ip nat outside | ||
| − | |||
ip virtual-reassembly | ip virtual-reassembly | ||
| − | |||
duplex auto | duplex auto | ||
| − | |||
speed auto | speed auto | ||
| − | |||
! | ! | ||
| − | |||
interface FastEthernet0/1 | interface FastEthernet0/1 | ||
| − | |||
description LAN | description LAN | ||
| − | |||
ip address 10.0.0.1 255.255.255.0 | ip address 10.0.0.1 255.255.255.0 | ||
| − | |||
ip nat inside | ip nat inside | ||
| − | |||
ip virtual-reassembly | ip virtual-reassembly | ||
| − | |||
duplex auto | duplex auto | ||
| − | |||
speed auto | speed auto | ||
| − | |||
! | ! | ||
| − | |||
interface FastEthernet0/1.10 | interface FastEthernet0/1.10 | ||
| − | |||
description LabraLAN 10 | description LabraLAN 10 | ||
| − | |||
encapsulation dot1Q 10 | encapsulation dot1Q 10 | ||
| − | |||
ip address 10.0.1.1 255.255.255.0 | ip address 10.0.1.1 255.255.255.0 | ||
| − | |||
ip nat inside | ip nat inside | ||
| − | |||
ip virtual-reassembly | ip virtual-reassembly | ||
| − | |||
! | ! | ||
| − | |||
interface FastEthernet0/1.20 | interface FastEthernet0/1.20 | ||
| − | |||
description LabraLAN 20 | description LabraLAN 20 | ||
| − | |||
encapsulation dot1Q 20 | encapsulation dot1Q 20 | ||
| − | |||
ip address 10.0.2.1 255.255.255.0 | ip address 10.0.2.1 255.255.255.0 | ||
| − | |||
ip nat inside | ip nat inside | ||
| − | |||
ip virtual-reassembly | ip virtual-reassembly | ||
| − | |||
! | ! | ||
| − | |||
interface Virtual-Template1 | interface Virtual-Template1 | ||
| − | |||
ip unnumbered FastEthernet0/1 | ip unnumbered FastEthernet0/1 | ||
| − | |||
ip nat inside | ip nat inside | ||
| − | |||
ip virtual-reassembly | ip virtual-reassembly | ||
| − | |||
peer default ip address pool PPTPPOOL | peer default ip address pool PPTPPOOL | ||
| − | |||
compress mppc | compress mppc | ||
| − | |||
ppp encrypt mppe auto | ppp encrypt mppe auto | ||
| − | |||
ppp authentication ms-chap-v2 | ppp authentication ms-chap-v2 | ||
| − | |||
! | ! | ||
| − | |||
ip local pool PPTPPOOL 10.255.255.200 10.255.255.254 | ip local pool PPTPPOOL 10.255.255.200 10.255.255.254 | ||
| − | |||
ip forward-protocol nd | ip forward-protocol nd | ||
| − | |||
ip route 0.0.0.0 0.0.0.0 10.5.26.1 | ip route 0.0.0.0 0.0.0.0 10.5.26.1 | ||
| − | |||
! | ! | ||
| − | |||
! | ! | ||
| − | |||
ip http server | ip http server | ||
| − | |||
no ip http secure-server | no ip http secure-server | ||
| − | |||
ip nat inside source list NAT interface FastEthernet0/0 overload | ip nat inside source list NAT interface FastEthernet0/0 overload | ||
| − | |||
! | ! | ||
| − | |||
ip access-list extended FW_IN | ip access-list extended FW_IN | ||
| − | |||
permit tcp any host 10.5.26.22 eq 22 | permit tcp any host 10.5.26.22 eq 22 | ||
| − | |||
permit tcp any host 10.5.26.22 eq 1723 | permit tcp any host 10.5.26.22 eq 1723 | ||
| − | |||
permit udp any host 10.5.26.22 eq isakmp | permit udp any host 10.5.26.22 eq isakmp | ||
| − | |||
permit esp any host 10.5.26.22 | permit esp any host 10.5.26.22 | ||
| − | |||
permit gre any host 10.5.26.22 | permit gre any host 10.5.26.22 | ||
| − | |||
evaluate FW_TRAFFIC | evaluate FW_TRAFFIC | ||
| − | |||
permit icmp any host 10.5.26.22 | permit icmp any host 10.5.26.22 | ||
| − | |||
ip access-list extended FW_OUT | ip access-list extended FW_OUT | ||
| − | |||
ip access-list extended NAT | ip access-list extended NAT | ||
| − | |||
deny ip 10.0.0.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.0.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.1.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.1.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.2.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.2.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.3.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.3.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.4.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.4.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.5.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.5.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.6.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.6.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.7.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.7.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.8.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.8.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.9.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.9.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 10.0.100.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 10.0.100.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
deny ip 172.16.1.0 0.0.0.255 10.255.255.0 0.0.0.255 | deny ip 172.16.1.0 0.0.0.255 10.255.255.0 0.0.0.255 | ||
| − | |||
permit ip 10.255.255.0 0.0.0.255 any | permit ip 10.255.255.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.1.0 0.0.0.255 any | permit ip 10.0.1.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.0.0 0.0.0.255 any | permit ip 10.0.0.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.2.0 0.0.0.255 any | permit ip 10.0.2.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.3.0 0.0.0.255 any | permit ip 10.0.3.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.4.0 0.0.0.255 any | permit ip 10.0.4.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.5.0 0.0.0.255 any | permit ip 10.0.5.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.6.0 0.0.0.255 any | permit ip 10.0.6.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.7.0 0.0.0.255 any | permit ip 10.0.7.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.8.0 0.0.0.255 any | permit ip 10.0.8.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.9.0 0.0.0.255 any | permit ip 10.0.9.0 0.0.0.255 any | ||
| − | |||
permit ip 10.0.100.0 0.0.0.255 any | permit ip 10.0.100.0 0.0.0.255 any | ||
| − | |||
permit ip 172.16.1.0 0.0.0.255 any | permit ip 172.16.1.0 0.0.0.255 any | ||
| − | |||
permit ip 172.16.10.0 0.0.0.255 any | permit ip 172.16.10.0 0.0.0.255 any | ||
| − | |||
! | ! | ||
| − | |||
no logging trap | no logging trap | ||
| − | |||
access-list 1 permit any | access-list 1 permit any | ||
| − | |||
control-plane | control-plane | ||
| − | |||
! | ! | ||
| − | |||
! | ! | ||
| − | |||
line con 0 | line con 0 | ||
| − | |||
line aux 0 | line aux 0 | ||
| − | |||
line vty 5 15 | line vty 5 15 | ||
| − | |||
! | ! | ||
| − | |||
scheduler allocate 20000 1000 | scheduler allocate 20000 1000 | ||
| − | |||
| − | |||
| − | |||
end | end | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
</small> | </small> | ||
Versio 17. marraskuuta 2014 kello 10.09
Konffataan!!!!! jej pptp mppe ja ms-chap
vpdn enable vpdn-group 1 accept-dialin protocol pptp virtual-template 1 exit
Määritellään että hyväksytään sisääntulevat pptp protokollaa käyttävät vpn yhteydenotot ja ohjataan ne Virtual-Template 1.
Määritellään Virtual-template 1 interfacen esimerkiksi salausja ip pooli
interface Virtual-template 1 encapsulation ppp ip unnumbered FastEthernet 0/0 peer default ip address pool PPTP no keepalive ppp encryp mppe auto required ppp authentication ms-chap
ip local pool PPTP 192.168.100.10 192.168.100.20
username johannes password Qwerty1
Toimiva konffiesimerkki
version 12.4 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Reititin ! boot-start-marker boot-end-marker ! no logging on enable secret 5 $1$AV8X$t7MoG7yn7ZFOI.Ivfc9yX. ! aaa new-model ! ! aaa authentication login default local aaa authentication ppp default local aaa authorization network default local ! ! aaa session-id common dot11 syslog ! ! ip cef ! ! ! multilink bundle-name authenticated ! vpdn enable ! vpdn-group PPTP ! Default PPTP VPDN group description Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 l2tp tunnel receive-window 1024 ! voice-card 0 no dspfarm ! username johannes password 0 Qwerty1 archive log config hidekeys ! ! interface FastEthernet0/0 description WAN ip address 10.5.26.22 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 description LAN ip address 10.0.0.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1.10 description LabraLAN 10 encapsulation dot1Q 10 ip address 10.0.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/1.20 description LabraLAN 20 encapsulation dot1Q 20 ip address 10.0.2.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Virtual-Template1 ip unnumbered FastEthernet0/1 ip nat inside ip virtual-reassembly peer default ip address pool PPTPPOOL compress mppc ppp encrypt mppe auto ppp authentication ms-chap-v2 ! ip local pool PPTPPOOL 10.255.255.200 10.255.255.254 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.5.26.1 ! ! ip http server no ip http secure-server ip nat inside source list NAT interface FastEthernet0/0 overload ! ip access-list extended FW_IN permit tcp any host 10.5.26.22 eq 22 permit tcp any host 10.5.26.22 eq 1723 permit udp any host 10.5.26.22 eq isakmp permit esp any host 10.5.26.22 permit gre any host 10.5.26.22 evaluate FW_TRAFFIC permit icmp any host 10.5.26.22 ip access-list extended FW_OUT ip access-list extended NAT deny ip 10.0.0.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.1.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.2.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.3.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.4.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.5.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.6.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.7.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.8.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.9.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 10.0.100.0 0.0.0.255 10.255.255.0 0.0.0.255 deny ip 172.16.1.0 0.0.0.255 10.255.255.0 0.0.0.255 permit ip 10.255.255.0 0.0.0.255 any permit ip 10.0.1.0 0.0.0.255 any permit ip 10.0.0.0 0.0.0.255 any permit ip 10.0.2.0 0.0.0.255 any permit ip 10.0.3.0 0.0.0.255 any permit ip 10.0.4.0 0.0.0.255 any permit ip 10.0.5.0 0.0.0.255 any permit ip 10.0.6.0 0.0.0.255 any permit ip 10.0.7.0 0.0.0.255 any permit ip 10.0.8.0 0.0.0.255 any permit ip 10.0.9.0 0.0.0.255 any permit ip 10.0.100.0 0.0.0.255 any permit ip 172.16.1.0 0.0.0.255 any permit ip 172.16.10.0 0.0.0.255 any ! no logging trap access-list 1 permit any control-plane ! ! line con 0 line aux 0 line vty 5 15 ! scheduler allocate 20000 1000 end
Mainos / Advertisement:
