Chào bạn,

Bạn tham khảo cấu hình bên dưới.

giả sử port gi0/0 nối đến SW LAN – (IP LAN = 10.4.1.1/24)
port gi0/1 nối đến converter

int gi0/0
descr Ket noi den LAN
ip add 10.4.1.1 255.255.255.0
ip nat inside

int gi0/1
description To_FTTH_FPT
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 3
no cdp enable

interface Dialer3
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 3
dialer-group 3
ppp pap sent-username Hnfdl-080909-872 password fd00872

ip route 0.0.0.0 0.0.0.0 Dialer3

ip nat inside source list 101 interface dialer3 overload

access-list 101 permit ip 10.4.1.0 0.0.0.255 any

Đây là cấu hình sample khi dùng FTTH của FPT.
Chúc bạn thành công

Thắng.

cam on anh Thang

ah em cau hinh tung cai thi chay. Nhung em muon chay cu`ng 1 luc 2 duong: 1 la adsl, 1 la ftth

Chào bạn,
Vấn đề này nằm ở chỗ bạn có 2 đường ra Internet nên có 2 default-gateway.
Bạn tham khảo bài viết này, kết hợp vào để loadbalance luôn.

cam on anh Tuan. De em xem thu link tham khao. Thannks

anh Tuan,
em da cau hinh cho 2 duong internet deu chay duoc het. Nhung e lai gap van de khac la, VPN server e configure, thi ko chay duoc nua. Neu e shutdown 1 duong (ma` e ko configure lam vpn) , thi e chay vpn ok. Neu e no shut no di thi lai chay ko duoc

Chào bạn,

VPN bạn dùng trên router hay trên server. Nếu được bạn có thể đưa mô hình lên không.

192.168.1.0 -----[SW3]------192.168.100.0--------[ROUTER]-----------ATM0/0/0 (ADSL Line)
192.168.2.0 -----(................................................. .........)-----------GI0/0 (FTTH Line)

Configure file:

aaa new-model
!
!
aaa authentication login VPNAUTH local
aaa authorization exec default local
aaa authorization network VPNAUTHOR local
!
username thienan.tran privilege 15 password 7 040B525658771A1D5F4850
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group vpntest
key 123456789
dns 203.162.4.190
pool vpnpool
acl 101
include-local-lan
crypto isakmp profile sdm-ike-profile-1
match identity group vpntest
client authentication list VPNAUTH
isakmp authorization list VPNAUTHOR
client configuration address initiate
client configuration address respond
virtual-template 3
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
interface GigabitEthernet0/0
description $ETH-WAN$
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 2
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.100.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
ip policy route-map internet
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.2 point-to-point
pvc 8/35
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface Virtual-Template3 type tunnel
ip unnumbered GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Dialer2
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username aaapharma password 7 140617091B573C2C2B
!
interface Dialer3
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication pap callin
ppp pap sent-username ctyduocphamaaa password 7 05060308205A400748
!
ip local pool vpnpool 192.168.2.11 192.168.2.20
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 222.254.175.1
ip route 0.0.0.0 0.0.0.0 123.21.136.1
ip route 192.168.10.0 255.255.255.0 192.168.100.254
ip route 192.168.20.0 255.255.255.0 192.168.100.254
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map adsl interface Dialer2 overload
ip nat inside source route-map ftth interface Dialer3 overload
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 100 deny ip 192.168.100.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 deny ip 192.168.10.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 deny ip 192.168.20.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip 192.168.100.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
!
!
route-map ftth permit 10
match ip address 100
match interface Dialer3
!
route-map adsl permit 10
match ip address 100
match interface Dialer2
!
route-map internet permit 10
match ip address 100
set ip next-hop verify-availability 123.21.136.1 100 track 200
!
route-map internet permit 20
match ip address 100
set ip next-hop verify-availability 222.254.175.1 100 track 300
!


Please help me. Khi em chay VPN, em chi co the ping 192.168.100.0 Nhung em khong ping toi mang 192.168.1.0 or 192.168.2.0

Chào bạn,

Sửa lại thành

đúng không.

Bạn show ip route trên switch layer3 và router (lúc client đã quay VPN vào)cho mình xem thử.

Bạn cấu hình VPN như trên dựa vào tài liệu nào, bạn share để mình xem.

hi anh,
day la ip route tren con router,
R2851#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 123.21.136.1 to network 0.0.0.0

113.0.0.0/32 is subnetted, 1 subnets
C 113.161.86.1 is directly connected, Dialer3
192.168.100.0/24 is subnetted, 2 subnets
C 192.168.100.0 is directly connected, GigabitEthernet0/1
S 192.168.10.0 [1/0] via 192.168.100.254
S 192.168.20.0 [1/0] via 192.168.100.254
123.0.0.0/32 is subnetted, 1 subnets
C 123.21.136.1 is directly connected, Dialer3
192.168.2.0/32 is subnetted, 2 subnets
S 192.168.2.15 [200/0] via 0.0.0.0, Virtual-Access6
S 192.168.2.13 [1/0] via 0.0.0.0, Virtual-Access5
S* 0.0.0.0/0 [1/0] via 123.21.136.1

Ve cach cau hinh em dua tren SDM ma lam. Nen ko co tai lieu nao ah.

sau khi vpn vao router,ban phải xác định interesting traffic,lớp mạng vpn client và local lan phải ko Nat,

bạn tham khảo ở đây!