em cấu hình VPN với NAT, em không biết sai ở đâu mà không thể ping 2 site với nhau. Ở đây em muốn dùng packet với những gì packet hỗ trợ NAT. Em xin cám ơn mọi người ạ.

file cấu hình của em ạ



đây là sơ đồ của em



trên con ISP

Building configuration...


Current configuration : 657 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname ISP
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 13.0.0.5 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 13.0.0.1 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.0.0.2 255.255.255.252
clock rate 2000000
!
interface Serial0/0/1
ip address 11.0.0.2 255.255.255.252
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
//////////////////////////////////////////////////////////

trên con R.HANOI

Current configuration : 1193 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R.HANOI
!
!
!
!
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp key cisco address 11.0.0.1
!
!
crypto ipsec transform-set HANOI esp-des
!
crypto map HANOI-MAP 10 ipsec-isakmp
set peer 11.0.0.1
set transform-set HANOI
match address 115
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 10.0.0.1 255.255.255.252
ip nat outside
crypto map HANOI-MAP
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 110 interface Serial0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
!
access-list 115 permit tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 permit ip any any
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
///////////////////////////////////////////////////////

trên con R.HCM

Building configuration...


Current configuration : 1183 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R.HCM
!
!
!
!
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp key cisco address 10.0.0.1
!
!
crypto ipsec transform-set HCM esp-des
!
crypto map HCM-MAP 10 ipsec-isakmp
set peer 10.0.0.1
set transform-set HCM
match address 115
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 11.0.0.1 255.255.255.252
ip nat outside
crypto map HCM-MAP
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 110 interface Serial0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
!
access-list 115 permit tcp 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip any any
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
//////////////////////////////////////