Cisco-vpn — различия между версиями

Материал из Wiki
Перейти к: навигация, поиск
(Новая: =Настройка VPN роутреа на cisco 1841== Данная стстья не притендует на оригинальность, в интеренте полно тако...)
 
(Настройка VPN роутреа на cisco 1841=)
Строка 11: Строка 11:
 
191K bytes of NVRAM.
 
191K bytes of NVRAM.
 
62720K bytes of ATA CompactFlash (Read/Write)
 
62720K bytes of ATA CompactFlash (Read/Write)
 +
</PRE>
 +
Для работы VPN нужно
 +
 +
<PRE>
 +
aaa new-model
 +
</PRE>
 +
Описать радиус-сервер
 +
<PRE>
 +
aaa group server radius MISERY
 +
server 192.168.1.1 auth-port 1812 acct-port 1813
 +
ip radius source-interface FastEthernet0/0
 +
attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
 +
deadtime 10
 +
!
 +
</PRE>
 +
 +
 +
<PRE>
 +
aaa authentication ppp RADIUS-MISERY group MISERY
 +
aaa authorization network default group MISERY
 +
</PRE>
 +
 +
<PRE>
 +
aaa accounting delay-start
 +
aaa accounting update newinfo periodic 1
 +
aaa accounting network RADIUS-MISERY start-stop group MISERY
 +
aaa accounting system default start-stop group MISERY
 +
</PRE>
 +
 +
 +
</PRE>
 +
vpdn enable
 +
vpdn aaa attribute nas-ip-address vpdn-nas
 +
vpdn aaa attribute nas-port vpdn-nas
 +
vpdn session-limit 5000
 +
!
 +
<PRE>
 +
vpdn-group VPN1
 +
! Default PPTP VPDN group
 +
accept-dialin
 +
  protocol pptp
 +
  virtual-template 1
 +
session-limit 32767
 +
pptp tunnel echo 0
 +
pptp flow-control static-rtt 5000
 +
l2tp tunnel receive-window 1024
 +
</PRE>
 +
 +
Адрес используется в качестве конца тунеля.
 +
</PRE>
 +
interface Loopback0
 +
ip address XX.XX.128.0 255.255.255.255
 +
</PRE>
 +
!
 +
interface FastEthernet0/0
 +
ip address 172.16.29.109 255.255.255.248
 +
duplex auto
 +
speed auto
 +
!
 +
interface FastEthernet0/1
 +
ip address 172.16.254.1 255.255.255.0
 +
duplex auto
 +
speed auto
 +
!
 +
interface Virtual-Template1
 +
description "VPN server"
 +
ip unnumbered Loopback0
 +
ip verify unicast reverse-path
 +
no ip redirects
 +
no ip unreachables
 +
no ip proxy-arp
 +
peer default ip address pool DIAL-IN
 +
ppp mtu adaptive
 +
ppp authentication pap ms-chap-v2 RADIUS-MISERY
 +
ppp accounting RADIUS-MISERY
 +
ppp ipcp dns 193.33.48.33 193.33.19.160
 +
hold-queue 4096 in
 +
hold-queue 4096 out
 +
!
 +
ip local pool DIAL-IN 172.16.2.21 172.16.2.25
 +
ip forward-protocol nd
 +
ip route 0.0.0.0 0.0.0.0 172.16.29.108
 +
ip route 95.69.128.16 255.255.255.240 Null0
 +
!
 +
!
 +
no ip http server
 +
no ip http secure-server
 +
!
 +
!
 +
!
 +
!
 +
!
 +
!
 +
radius-server attribute 44 include-in-access-req
 +
radius-server attribute 6 on-for-login-auth
 +
radius-server attribute 8 include-in-access-req
 +
radius-server attribute 32 include-in-access-req
 +
radius-server attribute 32 include-in-accounting-req
 +
radius-server attribute 55 include-in-acct-req
 +
radius-server attribute 55 access-request include
 +
radius-server host 192.168.20.1 auth-port 1812 acct-port 1813 key 7 06080E32
 +
radius-server vsa send cisco-nas-port
 +
radius-server vsa send accounting
 +
radius-server vsa send authentication
 +
!
 +
control-plane
 +
!
 +
!
 +
!
 +
line con 0
 +
line aux 0
 +
line vty 0 4
 +
exec-timeout 0 0
 +
exec prompt timestamp
 +
history size 256
 +
full-help
 +
transport preferred none
 +
transport input ssh
 +
line vty 5 807
 +
exec-timeout 0 0
 +
exec prompt timestamp
 +
history size 256
 +
full-help
 +
transport preferred none
 +
transport input ssh
 +
!
 +
scheduler allocate 20000 1000
 +
ntp clock-period 17180301
 +
end
 
</PRE>
 
</PRE>

Версия 11:24, 15 января 2010

Настройка VPN роутреа на cisco 1841=

Данная стстья не притендует на оригинальность, в интеренте полно такой информации. это просто краткие заметки для себя, что б не забыть =)

Есть роутер (2 Fa):

Cisco 1841 (revision 7.0) with 236544K/25600K bytes of memory.
Processor board ID XXXXXXXX
2 FastEthernet interfaces
2 Virtual Private Network (VPN) Modules
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

Для работы VPN нужно

aaa new-model

Описать радиус-сервер

aaa group server radius MISERY
 server 192.168.1.1 auth-port 1812 acct-port 1813
 ip radius source-interface FastEthernet0/0
 attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
 deadtime 10
!


aaa authentication ppp RADIUS-MISERY group MISERY
aaa authorization network default group MISERY
aaa accounting delay-start
aaa accounting update newinfo periodic 1
aaa accounting network RADIUS-MISERY start-stop group MISERY
aaa accounting system default start-stop group MISERY


</PRE> vpdn enable vpdn aaa attribute nas-ip-address vpdn-nas vpdn aaa attribute nas-port vpdn-nas vpdn session-limit 5000 !

vpdn-group VPN1
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
 session-limit 32767
 pptp tunnel echo 0
 pptp flow-control static-rtt 5000
 l2tp tunnel receive-window 1024

Адрес используется в качестве конца тунеля. </PRE> interface Loopback0

ip address XX.XX.128.0 255.255.255.255

</PRE> ! interface FastEthernet0/0

ip address 172.16.29.109 255.255.255.248
duplex auto
speed auto

! interface FastEthernet0/1

ip address 172.16.254.1 255.255.255.0
duplex auto
speed auto

! interface Virtual-Template1

description "VPN server"
ip unnumbered Loopback0
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
peer default ip address pool DIAL-IN
ppp mtu adaptive
ppp authentication pap ms-chap-v2 RADIUS-MISERY
ppp accounting RADIUS-MISERY
ppp ipcp dns 193.33.48.33 193.33.19.160
hold-queue 4096 in
hold-queue 4096 out

! ip local pool DIAL-IN 172.16.2.21 172.16.2.25 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 172.16.29.108 ip route 95.69.128.16 255.255.255.240 Null0 ! ! no ip http server no ip http secure-server ! ! ! ! ! ! radius-server attribute 44 include-in-access-req radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 include-in-acct-req radius-server attribute 55 access-request include radius-server host 192.168.20.1 auth-port 1812 acct-port 1813 key 7 06080E32 radius-server vsa send cisco-nas-port radius-server vsa send accounting radius-server vsa send authentication ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4

exec-timeout 0 0
exec prompt timestamp
history size 256
full-help
transport preferred none
transport input ssh

line vty 5 807

exec-timeout 0 0
exec prompt timestamp
history size 256
full-help
transport preferred none
transport input ssh

! scheduler allocate 20000 1000 ntp clock-period 17180301 end </PRE>