原来才用的是access *** 远程客户端通过pptp接入。由于业务需要,购置了一批cdma路由器(泰亚东方TCR2000),它支持pptp,l2tp以及ipsec。原来的的pptp是在防火墙上起的一个服务器,如果是pc接进来,获取一个内网ip,能正常访问内网,但是cdma路由器作为一个路由网关接入,就不能正常访问内网,因为在防火墙上不好加路由。而且cdma路由器每次拨号上线后获取的地址是不固定的。于是打算用cisco2600做***接入服务,让cdma路由器进行l2tp的二次拨号,拨进我们的内网。同时cdma路由器支持指定上线地址,这样只要在路由器上加上相应的路由就行了。
具体的拓扑如下:
***鎺ュ叆鎷撴墤
 
 
 
下面对cisco2600最l2tp的配置
sh runn                                                                        
Building configuration...                                                      
Current configuration : 1335 bytes                                             
!                                                                              
version 12.1                                                                   
no service single-slot-reload-enable                                           
service timestamps debug uptime                                                
service timestamps log uptime                                                  
no service password-encryption                                                 
!                                                                              
hostname Router                                                                
!                                                                              
aaa new-model                                                                  
aaa authentication ppp default local                                           
aaa authorization network default local                                        
aaa accounting delay-start                                                     
enable password cisco                                                           
!                                                                              
username cisco password 0 cisco  //***
的用户名和密码
username cisco1 password 0 cisco1                                                
username cisco2 password 0 cisco2                                               
!                                                                              
!                                                                              
!                                                                              
!                                                                              
ip subnet-zero                                                                 
!                                                                              
vpdn enable                                                                    
!                                                                              
vpdn-group VPDN                                                                
! Default L2TP VPDN group      //创建默认vpdn组                                                
 accept-dialin                                                                 
  protocol l2tp                   //启用l2tp协议                                             
  virtual-template 1                                                           
 lcp renegotiation always                                                      
 l2tp tunnel hello 0                                                           
 l2tp tunnel password 7 00100A02020A5855       //通道密码,默认是没有密码的。                                
!                                                                              
!                                                                              
controller E1 1/0                                                              
!                                                                              
!                                                                              
!                                                                              
interface Loopback1                                                            
 ip address 192.168.80.254 255.255.255.255              //***服务器地址,即l2tp拨号上线后,服务器地址就是这个                       
!                                                                              
interface FastEthernet0/0                                                      
 ip address 192.168.254.1 255.255.255.248     //通过防火墙映射到外网的地址                                   
 duplex auto                                                                   
 speed auto                                                                    
!                                                                              
interface FastEthernet0/1                                                      
 ip address 192.168.255.1 255.255.255.252         //与交换机互联的地址                               
 duplex auto                                                                   
 speed auto                                                                    
!                                                                              
interface Virtual-Template1                                                    
 ip unnumbered Loopback1                                                       
 no keepalive                                                                  
 peer default ip address pool pool1                                            
 ppp authentication pap chap              //启用chap验证                                     
!                                                                              
ip local pool pool1 192.168.80.1 192.168.80.50       //定义地址池,用户拨号上线后获取该地址池内的地址                         
ip classless                                                                   
ip route 0.0.0.0 0.0.0.0 192.168.254.2    //到***地址路由                                     
ip route 10.0.0.0 255.0.0.0 192.168.255.2   //到核心交换路由                                    
ip route 192.168.8.0 255.255.255.0 192.168.80.2   //到泰亚东方TCR2000路由,192.168.80.2为  TCR2000路由指定的上线ip                            
no ip http server                                                              
!                                                                              
!                                                                              
line con 0                                                                     
line aux 0                                                                     
line vty 0 4                                                                   
!                                                                              
end                                                                            
Router#exit                                                                    
同时,在核心交换上加上一条到泰亚东方TCR2000路由:ip route 192.168.8.0 255.255.255.0 192.168.255.2,这样从服务器到pc,从pc到服务器都能互通。还有一个好处就是对端不需要有固定的ip,这样能节省一笔开销!