该配置可实现内网用户PAT访问internet;远程用户可通过PPTP接入内网并可通过内网访问internet .

以下配置是我最近在实际中遇到的问题,在技术求助中也发过帖,但没找到解决方法,最近利用空闲分析了问题原因,最终还是解决掉了并已验证过没有问题。在实际中很多人会用windows2000 server来解决这个问题,这样比较简单,但是如果用单个路由器来解决的话,可能也会碰到类似问题,所以拿出来分享。

!
version 12.3

!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5
username xxxx password 7
memory-size iomem 15
no network-clock-participate aim 0
no network-clock-participate aim 1
ip subnet-zero
ip cef

ip vrf test
!
no ip domain lookup
ip ips po max-events 100
vpdn enable
vpdn authen-before-forward
vpdn session-limit 10

!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
interface Loopback0
ip address 172.18.19.1 255.255.255.0
ip nat inside
ip virtual-reassembly

!
interface FastEthernet0/0
no ip address
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 172.18.17.1 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 172.18.18.207 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.7
encapsulation dot1Q 7
ip address 172.18.20.1 255.255.255.0
no cdp enable
!
interface FastEthernet0/1
ip address x.x.x.x 255.255.255.0
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed 10

!
interface Virtual-Template1
mtu 1300
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly
peer default ip address pool ever
ppp encrypt mppe 128
ppp authentication chap ms-chap
!
ip local pool ever 172.18.19.2 172.18.19.200
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
no ip http server
no ip http secure-server
ip nat pool mypool x.x.x.x x.x.x.x netmask 255.255.255.0
ip nat inside source list 1 pool mypool overload


access-list 1 permit 172.18.18.0 0.0.0.255
access-list 1 permit 172.18.19.0 0.0.0.255
access-list 1 permit 172.18.20.0 0.0.0.255