Tweet
Hi all,
Mình đang làm bài lab SSL VPN, client đã kết nối thành công, nhận dc IP, ping dc interface LAN (192.168.10.1) của Router nhưng ko ping dc các client trong LAN (192.168.10.10).
Mình sử dụng IOS: c7200-adventerprisek9-mz124-20. (Ko bít có phải do lỗi IOS ko)
Đây là mô hình lab của mình:
Thông tin khi client quay VPN:
Đây là cấu hình của mình:
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login webvpn local
!
!
aaa session-id common
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4279256517
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4279256517
revocation-check none
rsakeypair TP-self-signed-4279256517
!
!
crypto pki certificate chain TP-self-signed-4279256517
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323739 32353635 3137301E 170D3133 31313133 30393239
34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932
35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100933A FE4D7D38 CED2292A 8451C71D C8B78593 4A5020B3 0962642E 41CEB426
84C6977E 46D3D925 504B90CF 2747AFC8 E46526F0 E721115C 4DDB90EE 0E488944
87572562 7A5380E0 36B4EB44 B7308C25 7602115F 050CAF49 9B8F2287 C625787A
05B8BE5C F5260286 6CA8E7C4 9E62A689 85448EE4 86804BA5 3432283C 4CE91940
BB150203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603
551D1104 06300482 02523130 1F060355 1D230418 30168014 3BFEA854 EE67B165
6075BBA4 0B215D11 8D518B7B 301D0603 551D0E04 1604143B FEA854EE 67B16560
75BBA40B 215D118D 518B7B30 0D06092A 864886F7 0D010104 05000381 8100540F
450E933D 4783805C 4C494D29 02C43BFA E020C195 62107A41 58805C79 3E8EDD44
E2A37DCB 32BDE1D6 F43604B5 5C4697AD B9BF4AD1 2E28706B 10D8FE5A 8B9343E0
793235A9 D656817F 2BAD223A 841681B5 75AE94CE 8F33E56E EBB753A3 E9845663
39EB65FD A73F4E71 FCE9574D EED720BC ECCA0EAF 66D7DE38 E31AAFA3 5A20
quit
username u1 password 0 123
archive
log config
hidekeys
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 50.0.0.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 100.0.0.1 255.255.255.0
serial restart-delay 0
clock rate 64000
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
ip address 192.168.10.1 255.255.255.0
duplex half
!
ip local pool webvpn_pool 50.0.0.2 50.0.0.5
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 100.0.0.2
ip http server
ip http secure-server
!
control-plane
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
!
!
webvpn gateway webvpn_gateway
ip address 100.0.0.1 port 443
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn install svc disk0:/webvpn/svc_1.pkg sequence 1
!
webvpn context webvpn_context
ssl authenticate verify all
!
policy group CLIENT
functions svc-enabled
svc address-pool "webvpn_pool"
svc keep-client-installed
svc split include 192.168.10.0 255.255.255.0
default-group-policy CLIENT
aaa authentication list webvpn
gateway webvpn_gateway
inservice
!
end
Mong các bạn/các thầy hướng dẫn giùm em.
Thanks!
Mình đang làm bài lab SSL VPN, client đã kết nối thành công, nhận dc IP, ping dc interface LAN (192.168.10.1) của Router nhưng ko ping dc các client trong LAN (192.168.10.10).
Mình sử dụng IOS: c7200-adventerprisek9-mz124-20. (Ko bít có phải do lỗi IOS ko)
Đây là mô hình lab của mình:
Đây là cấu hình của mình:
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login webvpn local
!
!
aaa session-id common
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4279256517
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4279256517
revocation-check none
rsakeypair TP-self-signed-4279256517
!
!
crypto pki certificate chain TP-self-signed-4279256517
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323739 32353635 3137301E 170D3133 31313133 30393239
34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932
35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100933A FE4D7D38 CED2292A 8451C71D C8B78593 4A5020B3 0962642E 41CEB426
84C6977E 46D3D925 504B90CF 2747AFC8 E46526F0 E721115C 4DDB90EE 0E488944
87572562 7A5380E0 36B4EB44 B7308C25 7602115F 050CAF49 9B8F2287 C625787A
05B8BE5C F5260286 6CA8E7C4 9E62A689 85448EE4 86804BA5 3432283C 4CE91940
BB150203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603
551D1104 06300482 02523130 1F060355 1D230418 30168014 3BFEA854 EE67B165
6075BBA4 0B215D11 8D518B7B 301D0603 551D0E04 1604143B FEA854EE 67B16560
75BBA40B 215D118D 518B7B30 0D06092A 864886F7 0D010104 05000381 8100540F
450E933D 4783805C 4C494D29 02C43BFA E020C195 62107A41 58805C79 3E8EDD44
E2A37DCB 32BDE1D6 F43604B5 5C4697AD B9BF4AD1 2E28706B 10D8FE5A 8B9343E0
793235A9 D656817F 2BAD223A 841681B5 75AE94CE 8F33E56E EBB753A3 E9845663
39EB65FD A73F4E71 FCE9574D EED720BC ECCA0EAF 66D7DE38 E31AAFA3 5A20
quit
username u1 password 0 123
archive
log config
hidekeys
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 50.0.0.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 100.0.0.1 255.255.255.0
serial restart-delay 0
clock rate 64000
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
ip address 192.168.10.1 255.255.255.0
duplex half
!
ip local pool webvpn_pool 50.0.0.2 50.0.0.5
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 100.0.0.2
ip http server
ip http secure-server
!
control-plane
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
!
!
webvpn gateway webvpn_gateway
ip address 100.0.0.1 port 443
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn install svc disk0:/webvpn/svc_1.pkg sequence 1
!
webvpn context webvpn_context
ssl authenticate verify all
!
policy group CLIENT
functions svc-enabled
svc address-pool "webvpn_pool"
svc keep-client-installed
svc split include 192.168.10.0 255.255.255.0
default-group-policy CLIENT
aaa authentication list webvpn
gateway webvpn_gateway
inservice
!
end
Mong các bạn/các thầy hướng dẫn giùm em.
Thanks!
Comment