Tweet
[Help] Cấu hình VPN Lan-to-Lan giữa Vigor2920Fv với Router Cisco878...!
Chào cả nhà,
- Mình cấu hình vpn Lan-to-Lan giữa Draytek Vigor2920FV với Cisco878 nhưng không chạy,.
- Ip lan của Draytek:192.168.101.1, Ip wan: 113.161.85.5
- Mình muốn ip lan của Draytek thấy ip 192.168.106.1 của cisco878.
- Mình cấu hình vigor 2920fv làm Dial-in.
- Còn cisco878 mình cấu hình như vầy không biết có đúng không.
.....
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.6.1
ip dhcp excluded-address 192.168.106.1
!
ip dhcp pool AnhHuy-KT
network 192.168.6.0 255.255.255.0
default-router 192.168.6.1
dns-server 192.168.15.19
lease 7
!
ip dhcp pool AnhHuy-Internet
network 192.168.106.0 255.255.255.0
default-router 192.168.106.1
dns-server 8.8.8.8
domain-name hoanlong.com
lease 7
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username hoanlong password 7 0706355F5B19090A0506
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
lifetime 36000
crypto isakmp key itsupport address 113.161.85.5
crypto isakmp key HoanLong-VPN address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set VPN-TS1 esp-aes esp-md5-hmac
crypto ipsec transform-set VPN-TS2 esp-3des esp-md5-hmac
crypto ipsec transform-set VPN-TS3 esp-3des esp-sha-hmac
!
crypto ipsec profile vpn-dmvpn-prof
set transform-set VPN-TS1
set pfs group2
!
!
crypto map cm-cryptomap local-address Vlan2
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 113.161.85.5
match address 100
!
archive
log config
hidekeys
!
!
controller DSL 0
!
!
!
!
interface Tunnel1
description mGRE Tunnel for Internet Mega WAN
ip address 172.16.100.6 255.255.255.0
no ip redirects
ip nhrp authentication HL-NHRP
ip nhrp map multicast 113.161.85.37
ip nhrp map 172.16.100.100 113.161.85.37
ip nhrp network-id 100
ip nhrp holdtime 360
ip nhrp nhs 172.16.100.100
ip tcp adjust-mss 1300
keepalive 10 3
tunnel source Vlan3
tunnel mode gre multipoint
tunnel key 100
tunnel path-mtu-discovery
tunnel protection ipsec profile vpn-dmvpn-prof
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
duplex half
speed 100
!
interface FastEthernet3
switchport access vlan 3
!
interface Vlan1
description Ke Toan LAN
ip address 192.168.6.1 255.255.255.0
ip access-group KeToan in
ip virtual-reassembly
!
interface Vlan2
description Internet-User LAN
ip address 192.168.106.1 255.255.255.0
ip access-group Internet-VoIP in
ip nat inside
ip virtual-reassembly
!
interface Vlan3
description WAN
ip address 192.168.80.2 255.255.255.0
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.80.1
ip route 192.168.2.0 255.255.255.0 172.16.100.100
ip route 192.168.15.0 255.255.255.0 172.16.100.100
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Vlan3 overload
!
ip access-list extended Internet-VoIP
deny ip 192.168.106.0 0.0.0.255 192.168.15.0 0.0.0.255
permit ip any any
ip access-list extended KeToan-LanOut
permit udp any any eq bootpc
permit udp any any eq bootps
permit ip 192.168.6.0 0.0.0.255 192.168.15.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 host 192.168.6.1
!
access-list 1 permit any
access-list 100 permit ip 192.168.106.0 0.0.0.255 192.168.101.0 0.0.0.255
!
!
- Mong các bạn xem giúp mình.
- Cảm ơn các bạn rất nhiều.
- Mình cấu hình vpn Lan-to-Lan giữa Draytek Vigor2920FV với Cisco878 nhưng không chạy,.
- Ip lan của Draytek:192.168.101.1, Ip wan: 113.161.85.5
- Mình muốn ip lan của Draytek thấy ip 192.168.106.1 của cisco878.
- Mình cấu hình vigor 2920fv làm Dial-in.
- Còn cisco878 mình cấu hình như vầy không biết có đúng không.
.....
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.6.1
ip dhcp excluded-address 192.168.106.1
!
ip dhcp pool AnhHuy-KT
network 192.168.6.0 255.255.255.0
default-router 192.168.6.1
dns-server 192.168.15.19
lease 7
!
ip dhcp pool AnhHuy-Internet
network 192.168.106.0 255.255.255.0
default-router 192.168.106.1
dns-server 8.8.8.8
domain-name hoanlong.com
lease 7
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username hoanlong password 7 0706355F5B19090A0506
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
lifetime 36000
crypto isakmp key itsupport address 113.161.85.5
crypto isakmp key HoanLong-VPN address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set VPN-TS1 esp-aes esp-md5-hmac
crypto ipsec transform-set VPN-TS2 esp-3des esp-md5-hmac
crypto ipsec transform-set VPN-TS3 esp-3des esp-sha-hmac
!
crypto ipsec profile vpn-dmvpn-prof
set transform-set VPN-TS1
set pfs group2
!
!
crypto map cm-cryptomap local-address Vlan2
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 113.161.85.5
match address 100
!
archive
log config
hidekeys
!
!
controller DSL 0
!
!
!
!
interface Tunnel1
description mGRE Tunnel for Internet Mega WAN
ip address 172.16.100.6 255.255.255.0
no ip redirects
ip nhrp authentication HL-NHRP
ip nhrp map multicast 113.161.85.37
ip nhrp map 172.16.100.100 113.161.85.37
ip nhrp network-id 100
ip nhrp holdtime 360
ip nhrp nhs 172.16.100.100
ip tcp adjust-mss 1300
keepalive 10 3
tunnel source Vlan3
tunnel mode gre multipoint
tunnel key 100
tunnel path-mtu-discovery
tunnel protection ipsec profile vpn-dmvpn-prof
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
duplex half
speed 100
!
interface FastEthernet3
switchport access vlan 3
!
interface Vlan1
description Ke Toan LAN
ip address 192.168.6.1 255.255.255.0
ip access-group KeToan in
ip virtual-reassembly
!
interface Vlan2
description Internet-User LAN
ip address 192.168.106.1 255.255.255.0
ip access-group Internet-VoIP in
ip nat inside
ip virtual-reassembly
!
interface Vlan3
description WAN
ip address 192.168.80.2 255.255.255.0
ip nat outside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.80.1
ip route 192.168.2.0 255.255.255.0 172.16.100.100
ip route 192.168.15.0 255.255.255.0 172.16.100.100
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Vlan3 overload
!
ip access-list extended Internet-VoIP
deny ip 192.168.106.0 0.0.0.255 192.168.15.0 0.0.0.255
permit ip any any
ip access-list extended KeToan-LanOut
permit udp any any eq bootpc
permit udp any any eq bootps
permit ip 192.168.6.0 0.0.0.255 192.168.15.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 host 192.168.6.1
!
access-list 1 permit any
access-list 100 permit ip 192.168.106.0 0.0.0.255 192.168.101.0 0.0.0.255
!
!
- Mong các bạn xem giúp mình.
- Cảm ơn các bạn rất nhiều.
Comment