拓撲圖：

測試：

R1:

98.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C???????98.66.78.66/32 is directly connected, Serial1/0

C???????98.66.78.64/26 is directly connected, Serial1/0

172.16.0.0/24 is subnetted, 1 subnets

O IA????172.16.100.0 [110/3] via 10.1.1.1, 02:21:07, FastEthernet0/0

10.0.0.0/30 is subnetted, 4 subnets

O IA????10.1.1.8 [110/2] via 10.1.1.1, 02:21:07, FastEthernet0/0

O IA????10.1.1.12 [110/2] via 10.1.1.1, 02:21:07, FastEthernet0/0

C???????10.1.1.0 is directly connected, FastEthernet0/0

O IA????10.1.1.4 [110/2] via 10.1.1.1, 02:07:10, FastEthernet0/0

192.168.16.0/26 is subnetted, 4 subnets

O IA????192.168.16.64 [110/3] via 10.1.1.1, 02:21:07, FastEthernet0/0

O IA????192.168.16.0 [110/3] via 10.1.1.1, 02:21:07, FastEthernet0/0

O IA????192.168.16.192 [110/3] via 10.1.1.1, 02:21:08, FastEthernet0/0

O IA????192.168.16.128 [110/3] via 10.1.1.1, 02:21:08, FastEthernet0/0

O IA 192.168.100.0/24 [110/3] via 10.1.1.1, 02:21:08, FastEthernet0/0

S*???0.0.0.0/0 is directly connected, Serial1/0

r1#

r1#SH CRY IS SA?注意：因為有NAT，所以不能配置AH參數！！！

dst?????????????src?????????????state??????????conn-id slot

98.66.78.66?????98.66.78.65?????QM_IDLE??????????????1????0

r1#

R2:

96.0.0.0/29 is subnetted, 1 subnets

C???????96.86.68.16 is directly connected, Serial1/0

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

C???????172.16.16.10/32 is directly connected, Virtual-Access2.1

O IA????172.16.100.0/24 [110/3] via 10.1.1.5, 02:08:19, FastEthernet0/0

10.0.0.0/30 is subnetted, 4 subnets

O IA????10.1.1.8 [110/2] via 10.1.1.5, 02:08:19, FastEthernet0/0

O IA????10.1.1.12 [110/2] via 10.1.1.5, 02:08:19, FastEthernet0/0

O IA????10.1.1.0 [110/2] via 10.1.1.5, 02:08:19, FastEthernet0/0

C???????10.1.1.4 is directly connected, FastEthernet0/0

192.168.16.0/26 is subnetted, 4 subnets

O IA????192.168.16.64 [110/3] via 10.1.1.5, 02:08:19, FastEthernet0/0

O IA????192.168.16.0 [110/3] via 10.1.1.5, 02:08:19, FastEthernet0/0

O IA????192.168.16.192 [110/3] via 10.1.1.5, 02:08:20, FastEthernet0/0

O IA????192.168.16.128 [110/3] via 10.1.1.5, 02:08:20, FastEthernet0/0

O IA 192.168.100.0/24 [110/3] via 10.1.1.5, 02:08:20, FastEthernet0/0

S*???0.0.0.0/0 is directly connected, FastEthernet0/0

r2#

r2#SH IP INT B

Interface??????????????????IP-Address??????OK? Method Status????????????????Protocol

FastEthernet0/0????????????10.1.1.6????????YES manual up????????????????????up?????

Serial1/0??????????????????96.86.68.17?????YES manual up????????????????????up?????

Serial1/1??????????????????unassigned??????YES unset??administratively down down???

Serial1/2??????????????????unassigned??????YES unset??administratively down down???

Serial1/3??????????????????unassigned??????YES unset??administratively down down???

Virtual-Access1????????????unassigned??????YES unset??down??????????????????down???

Virtual-Template1??????????10.1.1.6????????YES TFTP???down??????????????????down???

Virtual-Access2????????????unassigned??????YES unset??up????????????????????up?????

Virtual-Access2.1??????????10.1.1.6????????YES TFTP???up????????????????????up?????

r2#

r2#sh vpdn

%No active L2F tunnels

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocID RemID Remote Name???State??Remote Address??Port??Sessions L2TP Class/

VPDN Group

56280 18757 r3????????????est????96.86.68.18?????1701??1????????l2tp??????????

LocID??????RemID??????TunID??????Username, Intf/??????State??Last Chg Uniq ID??

Vcid, Circuit?????????????????????????????????

2??????????2??????????56280??????l2tp, Vi2.1??????????est????00:46:15 1?????

%No active PPTP tunnels

外網用戶撥入測試：

R3:

98.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C???????98.66.78.64/26 is directly connected, Serial1/0

C???????98.66.78.65/32 is directly connected, Serial1/0

96.0.0.0/28 is subnetted, 1 subnets

C???????96.86.68.16 is directly connected, Serial1/1

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

C???????172.16.16.10/32 is directly connected, Virtual-PPP1

C???????172.16.1.0/24 is directly connected, FastEthernet0/0

C???????172.16.2.0/24 is directly connected, FastEthernet2/0

10.0.0.0/32 is subnetted, 1 subnets

C???????10.1.1.6 is directly connected, Virtual-PPP1

C????192.168.1.0/24 is directly connected, FastEthernet3/0

r3#sh ip int b

Interface??????????????????IP-Address??????OK? Method Status????????????????Protocol

FastEthernet0/0????????????172.16.1.1??????YES NVRAM??up????????????????????up?????

Serial1/0??????????????????98.66.78.66?????YES NVRAM??up????????????????????up?????

Serial1/1??????????????????96.86.68.18?????YES NVRAM??up????????????????????up?????

Serial1/2??????????????????unassigned??????YES NVRAM??administratively down down???

Serial1/3??????????????????unassigned??????YES NVRAM??administratively down down???

FastEthernet2/0????????????172.16.2.1??????YES NVRAM??up????????????????????up?????

FastEthernet3/0????????????192.168.1.2?????YES manual up????????????????????up?????

Virtual-PPP1???????????????172.16.16.10????YES IPCP???up????????????????????up?????

r3#r3#SH CRY IS SA

dst?????????????src?????????????state??????????conn-id slot

98.66.78.66?????98.66.78.65?????QM_IDLE??????????????1????0

r3#

r3#SH IP INT B

Interface??????????????????IP-Address??????OK? Method Status????????????????Protocol

FastEthernet0/0????????????172.16.1.1??????YES manual up????????????????????up?????

Serial1/0??????????????????98.66.78.66?????YES manual up????????????????????up?????

Serial1/1??????????????????96.86.68.18?????YES manual up????????????????????up?????

Serial1/2??????????????????unassigned??????YES unset??administratively down down???

Serial1/3??????????????????unassigned??????YES unset??administratively down down???

FastEthernet2/0????????????172.16.2.1??????YES manual up????????????????????up?????

Virtual-PPP1???????????????172.16.16.10????YES IPCP???up????????????????????up?????

r3#

R4:

172.16.0.0/24 is subnetted, 1 subnets

O???????172.16.100.0 [110/2] via 10.1.1.10, 02:24:34, FastEthernet2/0

10.0.0.0/30 is subnetted, 4 subnets

C???????10.1.1.8 is directly connected, FastEthernet2/0

C???????10.1.1.12 is directly connected, FastEthernet3/0

C???????10.1.1.0 is directly connected, FastEthernet0/0

C???????10.1.1.4 is directly connected, FastEthernet1/0

192.168.16.0/26 is subnetted, 4 subnets

O???????192.168.16.64 [110/2] via 10.1.1.10, 02:24:34, FastEthernet2/0

O???????192.168.16.0 [110/2] via 10.1.1.10, 02:24:34, FastEthernet2/0

O???????192.168.16.192 [110/2] via 10.1.1.10, 02:24:34, FastEthernet2/0

O???????192.168.16.128 [110/2] via 10.1.1.10, 02:24:34, FastEthernet2/0

O????192.168.100.0/24 [110/2] via 10.1.1.14, 02:24:34, FastEthernet3/0

O*E2 0.0.0.0/0 [110/1] via 10.1.1.6, 02:09:18, FastEthernet1/0

[110/1] via 10.1.1.2, 02:09:18, FastEthernet0/0

r4#

R5:

172.16.0.0/24 is subnetted, 1 subnets

C???????172.16.100.0 is directly connected, Vlan100

10.0.0.0/30 is subnetted, 4 subnets

C???????10.1.1.8 is directly connected, FastEthernet0/0

O IA????10.1.1.12 [110/2] via 10.1.1.9, 02:24:42, FastEthernet0/0

O IA????10.1.1.0 [110/2] via 10.1.1.9, 02:23:36, FastEthernet0/0

O IA????10.1.1.4 [110/2] via 10.1.1.9, 02:09:35, FastEthernet0/0

192.168.16.0/26 is subnetted, 4 subnets

C???????192.168.16.64 is directly connected, Vlan20

C???????192.168.16.0 is directly connected, Vlan10

C???????192.168.16.192 is directly connected, Vlan40

C???????192.168.16.128 is directly connected, Vlan30

O IA 192.168.100.0/24 [110/3] via 10.1.1.9, 02:24:47, FastEthernet0/0

O*E2 0.0.0.0/0 [110/1] via 10.1.1.9, 02:09:26, FastEthernet0/0

r5#

R6:

172.16.0.0/24 is subnetted, 1 subnets

O IA????172.16.100.0 [110/3] via 10.1.1.13, 02:25:00, FastEthernet0/0

10.0.0.0/30 is subnetted, 4 subnets

O IA????10.1.1.8 [110/2] via 10.1.1.13, 02:25:00, FastEthernet0/0

C???????10.1.1.12 is directly connected, FastEthernet0/0

O IA????10.1.1.0 [110/2] via 10.1.1.13, 02:23:54, FastEthernet0/0

O IA????10.1.1.4 [110/2] via 10.1.1.13, 02:09:54, FastEthernet0/0

192.168.16.0/26 is subnetted, 4 subnets

O IA????192.168.16.64 [110/3] via 10.1.1.13, 02:25:00, FastEthernet0/0

O IA????192.168.16.0 [110/3] via 10.1.1.13, 02:25:00, FastEthernet0/0

O IA????192.168.16.192 [110/3] via 10.1.1.13, 02:25:00, FastEthernet0/0

O IA????192.168.16.128 [110/3] via 10.1.1.13, 02:25:00, FastEthernet0/0

C????192.168.100.0/24 is directly connected, Vlan50

O*E2 0.0.0.0/0 [110/1] via 10.1.1.13, 02:09:44, FastEthernet0/0

r6#

VPC:

NAT：

注意：在配置NAT轉換時，因為R1和R2分別了配置ipsec vpn/l2tp vpn，所以在匹配ACL時，要先把去VPN的流量deny掉，再配置允許的流量！！！

R1:

access-list 151 deny???ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 151 permit ip 192.168.16.0 0.0.0.127 any

access-list 152 deny???ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 152 permit ip 192.168.16.64 0.0.0.63 any

access-list 152 permit ip 192.168.16.128 0.0.0.63 any

ip nat pool 1 98.66.78.67 98.66.78.76 netmask 255.255.255.192

ip nat pool 2 98.66.78.78 98.66.78.87 netmask 255.255.255.192

ip nat inside source list 151 pool 1

ip nat inside source list 152 pool 2

ip nat inside source static tcp 192.168.100.10 21 98.66.78.88 2121 extendable

ip nat inside source static tcp 192.168.100.10 80 98.66.78.89 8080 extendable

interface FastEthernet0/0

ip nat inside

interface Serial1/0

ip nat outside

R2：
access-list 151 deny???ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 151 permit ip 192.168.16.0 0.0.0.127 any

access-list 152 deny???ip 192.168.16.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 152 permit ip 192.168.0.0 0.0.0.63 any

access-list 152 permit ip 192.168.0.128 0.0.0.63 any

ip nat pool 1 96.86.68.19 96.86.68.22 netmask 255.255.255.240

ip nat pool 2 96.86.68.23 96.86.68.28 netmask 255.255.255.240

ip nat inside source list 151 pool 1

ip nat inside source list 152 pool 2

ip nat inside source static tcp 192.168.100.10 21 96.86.68.29 2121 extendable

ip nat inside source static tcp 192.168.100.10 80 96.86.68.30 8080 extendable

interface FastEthernet0/0

ip nat inside

interface Serial1/0

ip nat outside

R1路由器的NAT測試：

如上兩個NAT地址池分別對應不同的內網網段！下面是R2路由器的NAT測試，因為配置了PBR（策略路由）所以在測試R2路由器的NAT時，要先把連著R1路由器的接口先關掉！

如上，R2的路由器的2個地址池也對應不同的內網網段，映射成功！

總公司服務器映射到外網測試：

通過R1映射：

外網的主機192.168.1.4可以通過瀏覽器訪問內網的WWW服務！

通過R2映射：

外網主機也可以通過R2的映射訪問總公司的WWW服務！

分公司服務器測試：

可以看到分公司的服務也配置成功了！

如下是分公司服務器的配置：

現在測試分公司處的策略路由：

r3(config)#acc 161 per ip 172.16.0.0 0.0.255.255 192.168.16.0 0.0.0.127

r3(config)#acc 162 per ip 172.16.0.0 0.0.255.255 192.168.16.128 0.0.0.127

r3(config)#route-ma pbr

r3(config-route-map)#ma ip add 161

r3(config-route-map)#se ip nex 98.66.78.65

r3(config-route-map)#route-ma pbr 20?????

r3(config-route-map)#ma ip add 162

r3(config-route-map)#se ip nex 96.86.68.17

r3(config)#int f0/0

r3(config-if)#ip po rou

r3(config-if)#ip po route-map pbr

r3(config-if)#int f2/0

r3(config-if)#ip po route-map pbr

r3(config-if)#end

總公司的策略路由測試：

hostname r4

interface FastEthernet3/0

ip policy route-map pbr

access-list 100 permit ip 192.168.16.0 0.0.0.127 any

access-list 110 permit ip 192.168.16.128 0.0.0.127 any

access-list 130 permit ip 192.168.16.64 0.0.0.63 any

route-map pbr permit 10

match ip address 100

set ip next-hop 10.1.1.2

!

route-map pbr permit 20

match ip address 130

match length 1000 1500

set ip next-hop 10.1.1.6

!

route-map pbr permit 30

match ip address 110

set ip next-hop 10.1.1.6

如上配置成功,要先把R4的走R1的接口關掉，再tracert,如上的***是走L2TP隧道！。

VPN測試：

配置ipsec時，如果題目就有指定流量，就配置permit ip any any就好。

? ? ? 本文轉自810105851 51CTO博客，原文鏈接：http://blog.51cto.com/4708948/1133750，如需轉載請自行聯系原作者

總結

以上是生活随笔為你收集整理的网络设备配置的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。