H3C VPN问题
来源:互联网 发布:淘宝的二手市场在哪里 编辑:程序博客网 时间:2024/05/14 12:31
简述:
总部通过一台AR46-40作VPN接入服务器与8个分点进行连接,其中总部是光纤接入具有固定的IP地址,分部是ADSL接入无固定IP。而用不论总部还是分部,内网的所有用户具要可以同时上网,又要可以同时使用VPN网。
问题:
1、分部可以PING通总部的AR46-40的内网接口地址,但是PING不到内网任何客户机的IP地址(内网计算机设置正确);
2、现在只要总部内网用户使用互联网,分部这边就PING不到AR46-40的内网接口地址了,反之当AR46-40重启后分部先PING入可以看到建立VPN通道,但此时总部用户又不可以使用互联网了。
请各位朋友帮忙看下我的配置,如有不正确的地方请您指正,我在此先谢过了。
原配置:
#
FTP server enable
#
l2tp domain suffix-separator @
#
ike local-name center
#
radius scheme system
#
domain system
#
local-user admin
password cipher 3(:F<#W#[PCQ=^Q`MAF4<<"TX$_S#6.NM(0=0)*5WWQ=^Q`MAF4<<"TX$_S#6.
N
service-type telnet terminal
level 3
service-type ftp
#
ike peer 1
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name jx
nat traversal
#
ike peer 2
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name md
nat traversal
#
ike peer 3
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name ms
nat traversal
#
ike peer 4
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name sj
nat traversal
#
ike peer 5
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name gm
nat traversal
#
ike peer 6
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name hq
nat traversal
#
ike peer 7
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name ns
nat traversal
#
ike peer 8
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name xx
nat traversal
#
ipsec proposal 1
#
ipsec policy-template temp 1
ike-peer 1
proposal 1
#
ipsec policy-template temp 2
ike-peer 2
proposal 1
#
ipsec policy-template temp 3
ike-peer 3
proposal 1
#
ipsec policy-template temp 4
ike-peer 4
proposal 1
#
ipsec policy-template temp 5
ike-peer 5
proposal 1
#
ipsec policy-template temp 6
ike-peer 6
proposal 1
#
ipsec policy-template temp 7
ike-peer 7
proposal 1
#
ipsec policy-template temp 8
ike-peer 8
proposal 1
#
#
interface Aux0
async mode flow
#
interface Ethernet0/0/0
ip address x.x.x.x 255.255.255.128
nat outbound 3001
ipsec policy center
#
interface Ethernet0/0/1
ip address 10.53.1.1 255.255.255.0
#
interface NULL0
#
acl number 3001
rule deny ip source 10.53.1.0 0.0.0.255 destination 10.53.2.0 0.0.0.255
rule deny ip source 10.53.1.0 0.0.0.255 destination 10.53.3.0 0.0.0.255
rule deny ip source 10.53.1.0 0.0.0.255 destination 10.53.4.0 0.0.0.255
rule deny ip source 10.53.1.0 0.0.0.255 destination 10.53.5.0 0.0.0.255
rule deny ip source 10.53.1.0 0.0.0.255 destination 10.53.6.0 0.0.0.255
rule deny ip source 10.53.1.0 0.0.0.255 destination 10.53.7.0 0.0.0.255
rule deny ip source 10.53.1.0 0.0.0.255 destination 10.53.8.0 0.0.0.255
rule deny ip source 10.53.1.0 0.0.0.255 destination 10.53.9.0 0.0.0.255
rule permit ip source 10.53.1.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 x.x.x.x preference 60
[branch1]dis cu
#
sysname Quidway
#
FTP server enable
#
l2tp domain suffix-separator @
#
ike local-name jx
#
dns server dns
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<<"TX$_S#6.NM(0=0)*5WWQ=^Q`MAF4<<"TX$_S#6.N
service-type telnet terminal
level 3
service-type ftp
#
ike peer 1
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name center
remote-address x.x.x.x
nat traversal
#
ipsec proposal 1
#
ipsec policy jx 1 isakmp
security acl 3000
ike-peer 1
proposal 1
#
interface Aux0
async mode flow
#
interface Dialer0
link-protocol ppp
ppp chap user username
ppp chap password cipher password
mtu 1450
tcp mss 1024
ip address ppp-negotiate
dialer user username
dialer-group 1
dialer bundle 1
ipsec policy jx
nat outbound 3001
#
interface Ethernet0/0
pppoe-client dial-bundle-number 1
ip address dhcp-alloc
#
interface Ethernet0/1
ip address 10.53.2.1 255.255.255.0
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address ppp-negotiate
#
interface NULL0
#
acl number 3000
rule 0 permit ip source 10.53.2.0 0.0.0.255 destination 10.53.1.0 0.0.0.255
rule 1 deny ip
#
acl number 3001
rule 0 deny ip source 10.53.2.0 0.0.0.255 destination 10.53.1.0 0.0.0.255
rule 1 permit ip source 10.53.2.0 0.0.0.255
rule 2 deny ip
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 0 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
修改后配置:
[center]dis cu
#
sysname center
#
#
FTP server enable
#
l2tp domain suffix-separator @
#
ike local-name center
#
radius scheme system
#
domain system
#
local-user admin
password simple xxxxxxxxxxxxxxxx
service-type telnet terminal
level 3
service-type ftp
#
ike proposal 1
#
ike peer 1
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name jx
nat traversal
#
ike peer 2
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name md
nat traversal
#
ike peer 3
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name ms
nat traversal
#
ike peer 4
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name sj
nat traversal
#
ike peer 5
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name gm
nat traversal
#
ike peer 6
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name hq
nat traversal
#
ike peer 7
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name ns
nat traversal
#
ike peer 8
exchange-mode aggressive
pre-shared-key huawei
id-type name
remote-name my
nat traversal
#
ipsec proposal 1
#
ipsec policy-template temp 1
security acl 3001
ike-peer 1
proposal 1
#
ipsec policy-template temp 2
security acl 3002
ike-peer 2
proposal 1
#
ipsec policy-template temp 3
security acl 3003
ike-peer 3
proposal 1
#
ipsec policy-template temp 4
security acl 3004
ike-peer 4
proposal 1
#
ipsec policy-template temp 5
security acl 3005
ike-peer 5
proposal 1
#
ipsec policy-template temp 6
security acl 3006
ike-peer 6
proposal 1
#
ipsec policy-template temp 7
security acl 3007
ike-peer 7
proposal 1
#
ipsec policy-template temp 8
security acl 3008
ike-peer 8
proposal 1
#
ipsec policy center 1 isakmp template temp
#
interface Aux0
async mode flow
#
interface Ethernet0/0/0
ip address x.x.x.x x.x.x.x
nat outbound 3000
ipsec policy center
#
interface Ethernet0/0/1
ip address 10.53.1.1 255.255.255.0
#
interface NULL0
#
acl number 3000
rule 0 deny ip source 10.53.1.0 0.0.0.255 destination 10.53.2.0 0.0.0.255
rule 1 deny ip source 10.53.1.0 0.0.0.255 destination 10.53.3.0 0.0.0.255
rule 2 deny ip source 10.53.1.0 0.0.0.255 destination 10.53.4.0 0.0.0.255
rule 3 deny ip source 10.53.1.0 0.0.0.255 destination 10.53.5.0 0.0.0.255
rule 4 deny ip source 10.53.1.0 0.0.0.255 destination 10.53.6.0 0.0.0.255
rule 5 deny ip source 10.53.1.0 0.0.0.255 destination 10.53.7.0 0.0.0.255
rule 6 deny ip source 10.53.1.0 0.0.0.255 destination 10.53.8.0 0.0.0.255
rule 7 deny ip source 10.53.1.0 0.0.0.255 destination 10.53.9.0 0.0.0.255
rule 8 permit ip source 10.53.0.0 0.0.255.255
rule 9 deny ip
acl number 3001
rule 0 permit ip source 10.53.1.0 0.0.0.255 destination 10.53.2.0 0.0.0.255
rule 1 deny ip
acl number 3002
rule 0 permit ip source 10.53.1.0 0.0.0.255 destination 10.53.3.0 0.0.0.255
rule 1 deny ip
acl number 3003
rule 0 permit ip source 10.53.1.0 0.0.0.255 destination 10.53.4.0 0.0.0.255
rule 1 deny ip
acl number 3004
rule 0 permit ip source 10.53.1.0 0.0.0.255 destination 10.53.5.0 0.0.0.255
rule 1 deny ip
acl number 3005
rule 0 permit ip source 10.53.1.0 0.0.0.255 destination 10.53.6.0 0.0.0.255
rule 1 deny ip
acl number 3006
rule 0 permit ip source 10.53.1.0 0.0.0.255 destination 10.53.7.0 0.0.0.255
rule 1 deny ip
acl number 3007
rule 0 permit ip source 10.53.1.0 0.0.0.255 destination 10.53.8.0 0.0.0.255
rule 1 deny ip
acl number 3008
rule 0 permit ip source 10.53.1.0 0.0.0.255 destination 10.53.9.0 0.0.0.255
rule 1 deny ip
#
dhcp server forbidden-ip 10.53.1.1 10.53.1.150
#
ip route-static 0.0.0.0 0.0.0.0 x.x.x.x preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
[center]
- H3C VPN问题
- OS X H3C L2TP VPN
- Mac OS H3C VPN(L2TP)
- H3C路由器做vpn配置详解
- H3C MSR 20-20 IPsec VPN 配置
- H3C MSR20系列路由器 IPSEC VPN 设置
- H3C 低端防火墙L2TP VPN配置
- H3C ER3108G路由器配置L2TP VPN
- H3C和CISCO设备之间的ipsec vpn 配置实例
- 使用CentOS 6.0 VPN 客户端连接H3C路由器
- Cisco和H3C的两种不同动态VPN解决方案
- Cisco和H3C的两种不同动态VPN解决方案
- H3C MPLS BGP VPN 跨AS配置实验
- H3C MSR 3016 与Cisco 5510 ipsec vpn互联
- 华三H3C E5200与E2100组建IPSEC VPN
- Cisco和H3C的两种不同动态VPN解决方案
- H3C SecPath F100-C-SI L2TP VPN配置
- H3C 与Azure进行连接VPN连接的命令!
- 数据库连接池技术中dbcp、c3p0、jndi三者的联系
- Android的Notification实例介绍
- JDBC编程
- VB 中的文件系统
- Hibernate学习文档_02_一些配置选项和接口
- H3C VPN问题
- ASP.NET批量插入数据
- ASP.NET中七种页面跳转的方法
- 全文检索、数据挖掘、推荐引擎系列3---全文内容推荐引擎之中文分词
- .NET深复制与浅复制
- Html,XMl,Css,Web技术的入门总结
- Facebook api 相关链接资源
- “野指针”(Dangling pointer)的问题
- android的文件、目录操作