Chào mọi người,

hiện tai công ty e vừa chuyển về biên hòa đồng nai, bên em có thuê của vietel một đuờng FTTH. khi đấu vào modem cùa viettel thi đi internet bình thường. còn khi đấu vảo router 1800 thì ko di internet đuợc.
mô hình của e như sau: ISP -> converter -> router-> Lan

e cấu hỉnh router như sau:

!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname corpr-hocvn-vpn
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$ry2Q$t5bmwVDlzON/iA2uKUYnD.
enable password 7 061006355F4F0D140C19
!
aaa new-model
!
!
aaa authentication username-prompt "Enter your username:"
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login telnet local group tacacs+
aaa authentication login local_authen local
aaa authorization exec default local
aaa authorization exec telnet local group tacacs+
aaa authorization exec local_author local
aaa authorization network sdm_vpn_group_ml_1 local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
!
aaa session-id common
!
resource policy
!
clock timezone Bangkok 7
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.141.11.1 10.141.11.189
ip dhcp excluded-address 10.141.11.251 10.141.11.254
!
ip dhcp pool VPN
import all
network 10.141.11.0 255.255.255.0
default-router 10.141.11.1
dns-server 10.140.6.41 203.113.188.1 203.113.131.1
lease infinite
!
ip dhcp pool vpn
!
!
ip tcp synwait-time 10
no ip bootp server
ip name-server 10.141.11.5
ip name-server 10.9.7.101
ip name-server 10.140.6.41
ip name-server 203.113.188.1
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect audit-trail
!
!
crypto pki trustpoint TP-self-signed-2956206251
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2956206251
revocation-check none
rsakeypair TP-self-signed-2956206251
!
!
username edgeadmin privilege 15 password 7 15331804247B79777C
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key vietnam@shenzhen address 58.253.87.17
crypto isakmp key vietnam@shenzhen address 121.10.23.115
!
crypto isakmp client configuration group vpn-vn
key abcd123456
dns 10.141.11.5 10.141.11.1
pool SDM_POOL_1
acl 101
save-password
include-local-lan
max-users 20
crypto isakmp profile sdm-ike-profile-1
match identity group vpn-vn
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set securevpn esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile SDM_Profile1
set transform-set securevpn
set isakmp-profile sdm-ike-profile-1
!
!
crypto map ASHLEYVPN 44 ipsec-isakmp
description IPSEC VPN to corpr-shech-wan01
set peer 58.253.87.17
set transform-set securevpn
match address corpr-shech-wan01
crypto map ASHLEYVPN 45 ipsec-isakmp
description IPSEC VPN to corpr-shech-wan02
set peer 121.10.23.115
set transform-set securevpn
match address corpr-shech-wan02
!
crypto map AShleyvpn 1 ipsec-isakmp
set peer 115.78.236.94
set transform-set ESP-3DES-SHA
match address 101
!
!
!
!
interface Tunnel44
description VPN to corpr-donch-wan01
bandwidth 384
ip address 10.149.252.38 255.255.255.252
ip helper-address 10.140.6.41
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
delay 1500
tunnel source 115.78.236.94
tunnel destination 58.253.87.17
!
interface Tunnel45
description VPN to corpr-donch-wan02
bandwidth 1544
ip address 10.149.252.42 255.255.255.252
ip helper-address 10.140.6.41
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
delay 1500
tunnel source 115.78.236.94
tunnel destination 121.10.23.115
!
interface Null0
no ip unreachables
!
interface FastEthernet0
description $ETH-WAN$
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet1
description $ETH-WAN$
no ip address
shutdown
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip mask-reply
ip virtual-reassembly
ip route-cache flow
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $FW_INSIDE$
ip address 10.141.11.1 255.255.255.0
ip access-group localo1 in
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username d061_ftth_citigroup password 7 m1ngar
crypto map ASHLEYVPN
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 2
dialer-group 2
ppp authentication pap callin
ppp pap sent-username 519576_hcm@netplus password 7 061604205F4B074D06
!
router eigrp 1
passive-interface FastEthernet0
passive-interface FastEthernet1
passive-interface Dialer0
passive-interface Dialer1
network 10.0.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip local pool SDM_POOL_1 10.141.11.180 10.141.11.220
ip route 0.0.0.0 0.0.0.0 Dialer0 2 permanent
ip route 0.0.0.0 0.0.0.0 Dialer1 50 permanent
ip route 10.0.0.0 255.255.255.0 Vlan1 permanent
ip route 58.253.87.17 255.255.255.255 Dialer0
ip route 121.10.23.115 255.255.255.255 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 10.141.11.10 4489 interface Dialer0 4489
ip nat inside source static tcp 10.141.11.10 53971 interface Dialer0 53971
ip nat inside source static tcp 10.141.11.5 8000 interface Dialer0 8000
ip nat inside source static tcp 10.141.11.10 8443 interface Dialer0 8443
ip nat inside source route-map dhcp-nat interface Dialer1 overload
ip nat inside source static tcp 10.141.11.10 80 interface Dialer0 80
ip nat inside source static tcp 10.141.11.10 21 interface Dialer0 21
ip nat inside source static tcp 10.141.11.5 3389 interface Dialer0 3389
ip nat inside source static tcp 10.141.11.10 25 interface Dialer0 25
ip nat inside source static tcp 10.141.11.10 3306 interface Dialer0 3306
ip nat inside source static tcp 10.141.11.5 8080 interface Dialer0 8080
ip tacacs source-interface Vlan1
!
ip access-list standard telnet
permit 10.141.11.0 0.0.0.255
permit 10.10.0.0 0.0.1.255
permit 10.1.0.0 0.0.0.255
permit 58.251.2.0 0.0.0.255 log
permit 65.207.240.0 0.0.0.255 log
permit 209.206.220.0 0.0.0.255 log
deny any log
!
ip access-list extended corpr-shech-wan01
permit gre host 115.78.236.94 host 58.253.87.17
ip access-list extended corpr-shech-wan02
permit gre host 115.78.236.94 host 121.10.23.115
ip access-list extended local
remark SDM_ACL Category=1
permit tcp any any
ip access-list extended localo1
remark SDM_ACL Category=1
permit ip any any
!
logging trap debugging
logging facility local6
logging source-interface Vlan1
logging 10.9.99.11
access-list 26 permit 10.10.0.0 0.0.0.255
access-list 26 permit 10.9.99.0 0.0.0.255
access-list 26 deny any log
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 10.141.11.0 0.0.0.255 any
access-list 101 remark local
access-list 101 remark SDM_ACL Category=22
access-list 101 permit ip 10.141.11.0 0.0.0.255 any
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
!
!
route-map fixed-nat permit 10
match ip address 101
match interface Dialer0
!
route-map dhcp-nat permit 10
match ip address 101
match interface Dialer1
!
!
!
tacacs-server host 10.140.253.99
tacacs-server host 10.10.33.31
tacacs-server host 10.120.9.14
tacacs-server directed-request
tacacs-server key 7 030752180500
!
control-plane
!
banner motd C
************************************************** ***************************
* This system is for authorized use only. Access for any reason must be *
* specifically authorized by the owner, and may be monitored and recorded. *
* Unless you are authorized, your continued access and any other use may *
* expose you to criminal and/or civil proceedings: corpr-hocvn-vpn *
************************************************** ***************************


!
line con 0
password 7 044D02121C2048430017
login authentication local_authen
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login authentication local_authen
line vty 0 4
password 7 044D02121C2048430017
authorization exec local_author
login authentication local_authen
transport input telnet ssh
line vty 5 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17180167
ntp source Vlan1
ntp server 10.7.0.1
!



Mong moi nguoi giup do e nhe.

Hien tai e da ppp cho dieler 0 user va pass cua viettel cung cap roi ma van ko di internet duoc.