Рабочий конфиг ниже.
!
service internal !скрытая команда, которая включает PPTP клиента
!
no ip gratuitous-arps ! recommended
!
ip multicast-routing
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pptp
rotary-group 0
initiate-to ip 207.204.224.21 !target PPTP server addres
!
interface FastEthernet0/0
description -= Inside =-
ip address 172.16.x.x 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description -= Outside =-
ip address 77.91.xxx.xxx 255.255.255.240
ip access-group INPUT_ACL in
duplex auto
speed auto
no cdp enable
!
interface Dialer0
description -=PPTP client =-
mtu 1450
ip address negotiated
ip flow ingress
ip pim dense-mode
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip igmp query-interval 125
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
no peer neighbor-route
no cdp enable
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp eap refuse
ppp chap hostname my_vpnlogin
ppp chap password 0 my_vpnpassword
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 207.204.224.21 255.255.255.255 77.91.xxx.xxx ! на шлюз провайдера
!
!Натим все, что попадает под route-map в ИП адрес интерфейса Dialer0
ip nat inside source route-map map_PPTP interface Dialer0 overload
!
!Разрешаем вх. трафик только от VPN сервера
ip access-list extended INPUT_ACL
permit ip host 207.204.224.21 host 77.91.xxx.xxx ! доступ к interface FastEthernet0/1
deny ip any any log
!
ip access-list extended VPN_PPTP
permit ip host 172.16.0.0 any! описываем хосты с маской которых будем натить.
!
dialer-list 1 protocol ip permit
!
route-map map_PPTP permit 10
match ip address VPN_PPTP
match interface Dialer0
!
No comments:
Post a Comment