pptp vpn server на cisco 2650xm

Настраиваю pptp vpn сервер на роутере cisco 2650xm.


ip dhcp pool jelezd-users-172
network 172.16.240.0 255.255.255.192
default-router 172.16.240.1
dns-server 195.14.50.1 195.14.50.21
lease 2
!
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
ip pmtu
ip mtu adjust
!
!
username awe password 0 awe # это имя пользователя vpn
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0.10
description inet
encapsulation dot1Q 10
ip address x.x.x.x 255.255.255.240
ip access-group ext-if in
no ip redirects
no ip proxy-arp
ip nat outside
no ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/0.20
description lan
encapsulation dot1Q 20
ip address 172.16.240.1 255.255.255.192
ip access-group int-if in
no ip redirects
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
no ip virtual-reassembly
no snmp trap link-status
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0.20
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1400
no logging event link-status
peer default ip address dhcp-pool jelezd-users-172
ppp authentication chap eap ms-chap ms-chap-v2
ppp encrypt mppe auto
!
ip nat inside source list 103 interface FastEthernet0/0.10 overload
!
ip access-list extended int-if
permit tcp any any established
permit tcp 172.16.240.0 0.0.0.63 any eq www
permit tcp 172.16.240.0 0.0.0.63 any eq pop3
permit tcp 172.16.240.0 0.0.0.63 any eq smtp
permit tcp 172.16.240.0 0.0.0.63 any eq 5190
permit tcp 172.16.240.0 0.0.0.63 any eq ftp
permit tcp 172.16.240.0 0.0.0.63 any eq ftp-data
permit tcp 172.16.240.0 0.0.0.63 any eq telnet
permit tcp 172.16.240.0 0.0.0.63 any eq 22
permit icmp 172.16.240.0 0.0.0.63 any
permit udp 172.16.240.0 0.0.0.63 any eq domain
permit tcp 172.16.240.0 0.0.0.63 any eq domain
permit tcp 172.16.240.0 0.0.0.63 any eq 443
permit tcp 172.16.240.0 0.0.0.63 any eq 3306
permit udp host 0.0.0.0 eq bootpc host 172.16.240.1 eq bootps
permit udp 172.16.240.0 0.0.0.63 eq bootpc host 172.16.240.1 eq bootps
permit udp any eq bootpc host 255.255.255.255 eq bootps
permit tcp 172.16.240.0 0.0.0.63 any eq 5002
permit tcp 172.16.240.0 0.0.0.63 any eq 5060
permit udp 172.16.240.0 0.0.0.63 any eq 5060
permit ip 172.16.240.0 0.0.0.63 192.168.240.0 0.0.15.255
permit tcp 172.16.240.0 0.0.0.63 any eq 995
permit tcp 172.16.240.0 0.0.0.63 any eq 465
permit ip host 172.16.240.40 any
permit ip host 172.16.240.21 any
permit ip host 172.16.240.2 any
permit ip host 172.16.240.32 host 83.102.254.244
permit ip host 172.16.240.34 any
deny ip any any
!
access-list 100 permit ip 172.16.0.0 0.0.255.255 any
access-list 103 deny ip 172.16.240.0 0.0.0.63 192.168.240.0 0.0.15.255
access-list 103 permit ip 172.16.240.0 0.0.0.63 any
access-list 103 permit gre 172.16.240.0 0.0.0.63 any

Advertisements

One thought on “pptp vpn server на cisco 2650xm

  1. Неплохо было бы с каментами, в ключевых и интересных местах.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s