CISCO 路由器 配置成 *** 服务器遇到问题,可连接,PING 不通!
配置CISCO 1811W ROUTER 作为*** 服务器,客户端用 CISCO *** CLIENT Ver 5.0.04.0300 遇到问题 配置完成后,*** CLIENT 可以连通,但是连通后无法ping 内部的任何地址包括路由器VLAN 10 地址 10.0.0.254客户机获得了分配的IP 172.16.0.3, 查看客户机本机路由表 也没有问题, 能看到 10.0.0.0 指向 172.16.0.3
C:\Documents and Settings\support>route print
10.0.0.0 255.255.255.0 172.16.0.3 172.16.0.3 1
客户端连通后的截图见附件。
问题到底在哪里呢?还需要配NAT吗?分配给*** CLIENT的地址是要和内部VLAN 一样还是不一样呢?
我查过了确定配置里面没有ACCESS LIST 会造成此问题
我是参考附件Configure ESAY *** SERVER WITH XAUTH.pdf 文档来配的,里面似乎提到配上NAT后就可以FORWORD了。我的路由器实际有发布服务器的NAT,和客户访问外围的NAT配置,都工作正常,可我不明白在这种***情况下NAT要如何配。请高手帮忙,这个问题困惑我很久了。
和***相关的配置如下:
aaa new-model
!
!
aaa authentication login ***-authen local
aaa authentication ppp default local
aaa authorization network ***-author local
!
!
aaa session-id common
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp xauth timeout 20
!
crypto isakmp client configuration group ***-author
key velino
pool ***-pool
!
!
crypto ipsec transform-set ***-set esp-3des esp-md5-hmac
!
!
crypto dynamic-map ***-dyn 1
set transform-set ***-set
!
!
!
crypto map cisco client authentication list ***-authen
crypto map cisco isakmp authorization list ***-author
crypto map cisco client configuration address respond
crypto map cisco 1 ipsec-isakmp dynamic ***-dyn
!
!
!
username cisco privilege 15 password 0 cisco
archive
log config
hidekeys
!
!
!
bridge irb
!
!
!
interface FastEthernet0
bandwidth 1544
ip address 2**.**.***.* 255.255.255.248
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
crypto map cisco
!
interface FastEthernet1
bandwidth 1000
bandwidth receive 10000
ip address 65.*.*.* 255.255.255.248
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
switchport access vlan 10
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
switchport access vlan 192
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
!
interface Vlan1
no ip address
!
interface Vlan192
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map director
!
interface Vlan10
ip address 10.0.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map director
!
interface Async1
no ip address
encapsulation slip
!
!
ip local pool ***-pool 172.16.0.1 172.16.0.3
ip route 0.0.0.0 0.0.0.0 2*.*.*.*
ip route 10.0.0.0 255.255.255.0 Vlan10
!
!
ip http server
ip nat inside source static tcp 192.168.1.171 25 2*.*.*.* 25 extendable
ip nat inside source static tcp 192.168.1.171 110 2*.*.*.* 110 extendable
.
.
.
ip nat inside source static udp 192.168.1.6 32001 216.13.164.194 32001 extendable
ip http authentication local
ip http secure-server
ip http timeout-policy>
页:
[1]