Не работает VPN PPTP на Cisco 871 — какие я допустил ошибки?

Есть роутер Cisco 871 нужно настроить так что бы весть трафик из офиса уходил по VPN PPTP
Получилось настроить WAN and LAN
Но все мои попытки подключить PPTP не дают ничего((
Вот конфиг:


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname router-hma
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2657071675
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2657071675
revocation-check none
rsakeypair TP-self-signed-2657071675
!
!
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.210
!
ip dhcp pool LOCAL
network 192.168.1.0 255.255.255.0
default-router 192.168.1.100
dns-server 193.238.131.93
!
!
ip cef
ip inspect WAAS flush-timeout 10
ip domain name mydomain
!
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip 176.116.153.18
!
!
!
archive
log config
hidekeys
!
no spanning-tree vlan 1
no spanning-tree vlan 2
username ЛОГИН privilege 15 secret 5 ПАРОЛЬ
username ЛОГИН privilege 15 password 7 ПАРОЛЬ
username ЛОГИН privilege 15 password 7 ПАРОЛЬ
!
!
ip ssh version 1
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.100 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
!
interface Dialer0
mtu 1440
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string 123
dialer string inter.net
dialer vpdn
dialer-group 1
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp chap hostname ЛОГИН
ppp chap password 7 ПАРОЛЬ
no cdp enable
!
ip default-gateway 192.168.1.100
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source static tcp 192.168.0.2 3389 interface FastEthernet4 3389
ip nat inside source route-map INTERNET interface Dialer0 overload
ip nat inside source route-map LOCAL2 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.0.0 FastEthernet4
ip route 176.116.153.19 255.255.255.255 FastEthernet4 dhcp
!
ip access-list standard INSIDE_NAT
permit 192.168.1.0 0.0.0.255
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
route-map INTENET permit 10
match ip address INSDE_NAT
match interface Dialer0
!
route-map LOCAL2 permit 10
match ip address INSDE_NAT
match interface FastEthernet4
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 60 0
privilege level 15
password 7 1248524244535856
logging synchronous
login local
transport input ssh
!
scheduler max-task-time 5000
end
  • Вопрос задан
  • 5563 просмотра
Пригласить эксперта
Ответы на вопрос 3
@t3mp
Адрес pptp сервера совпадает с адресом remote peer, и при установке PPP соединения добавляется соответствующий "С" маршрут на PPP интерфейс, решение: "no peer neighbor-route" т.к данный адрес мы получаем через WAN.
Ответ написан
@whitensk Автор вопроса
Ivan: Посмотрите новый конфиг
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname router-hma
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2657071675
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2657071675
 revocation-check none
 rsakeypair TP-self-signed-2657071675
!
!
dot11 syslog
ip source-route
no ip gratuitous-arps
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.210
!
ip dhcp pool LOCAL
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.100
   dns-server 193.238.131.93
!
!
ip cef
ip inspect WAAS flush-timeout 10
ip domain name mydomain
!
!
vpdn enable
!
vpdn-group 1
 description pptp
 request-dialin
  protocol pptp
  pool-member 1
 initiate-to ip<b> 176.116.153.18</b>
!
!
!
archive
 log config
  hidekeys
!
no spanning-tree vlan 1
no spanning-tree vlan 2
username LOGIN privilege 15 secret 5 $PASS
username LOGIN privilege 15 password 7 PASS
username LOGIN privilege 15 password 7 PASS
!
!
ip ssh version 1
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ETH-WAN$
 ip address dhcp
 ip nat outside
 ip nat enable
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.1.100 255.255.255.0
 ip nat inside
 ip nat enable
 ip virtual-reassembly
!
interface Dialer0
 mtu 1450
 ip address negotiated
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer remote-name 123
 dialer idle-timeout 0
 dialer string 123
 dialer persistent
 dialer vpdn
 dialer-group 1
 ppp pfc local request
 ppp pfc remote apply
 ppp encrypt mppe auto
 ppp chap hostname LOGIN
 ppp chap password 7 PASS
 ppp ipcp dns request
 no cdp enable
!
ip default-gateway 192.168.1.100
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source route-map nonat interface FastEthernet4 overload
ip route 192.168.0.0 255.255.0.0 FastEthernet4 dhcp
ip route 176.116.153.18 255.255.255.255 FastEthernet4 dhcp
!
ip access-list standard INSIDE_NAT
 permit 192.168.1.0 0.0.0.255
!
logging origin-id hostname
logging server-arp
access-list 23 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
control-plane
!
!
line con 0
 logging synchronous
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 60 0
 privilege level 15
 password 7 PASS
 logging synchronous
 login local
 transport input ssh
!
scheduler max-task-time 5000
ntp server 67.215.65.132
ntp server 91.236.251.12
end
Ответ написан
Archangel
@Archangel
Поздновато увидел ваш вопрос к сожалению.
Хотел уточнить решили или нет, раз решили, поленюсь разбираться и попрошу готовый ответ.
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы