此工程案例是借用电信网(教育专用网不可上网哦)做×××借线上网。
A:
基本配置 ip-address-+-(61.54.226.47/27,eth2)-ok ip-address-+-(172.22.125.50/26,eth3)-ok ip-address-+-(192.168.1.1/24,eth1)-ok ip-routes-+-(0.0.0.0/0,61.54.226.62)-ok ip-routes-+-(172.22.119.128/26,172.22.125.1)-ok 如果在D路由器上做过源地址伪装,就不要添加如下路由 ip-routes-+-(192.168.5.0/24,172.22.125.1)-ok1.dhcp
ip-pool-+(dhcp,192.168.1.2-192.168.1.100)-ok ip-dhcp server-dhcp-+-(dhcps,ether1,dhcp)-ok ip-dhcp server-networks-+-(192.168.1.0/24,192.168.1.1,24,61.54.226.62)-ok2.snat
ip-firewall-nat-+-general(srcnat)-advanced(SRC:192.168.1.0/24)-action(masquerade)-ok3.l2tp server
ppp-pptpserver-enabled-pap-chap-ok ppp-+-pptp server(***)-ok-secrets-+-(aaa,aaabbb,pptp,default-encryption,192.168.2.1,192.168.2.2)-ok-profiles-default-encryption-(192.168.2.1,192.168.2.2,61.54.226.62-limits-only one:yes)-ok 4.fwB,C略
D:
基本配置 ip-address-+-(172.22.119.180/26,eth2)-ok ip-address-+-(192.168.5.1/24,eth1)-ok1.dhcp
ip-pool-+(dhcp,192.168.5.2-192.168.5.100)-ok ip-dhcp server-dhcp-+-(dhcps,ether1,dhcp)-ok ip-dhcp server-networks-+-(192.168.5.0/24,192.168.5.1,24,61.54.226.62)-ok2.l2tp client
ppp-+-pptp client-general(***c)-dial out(172.22.125.50,aaa,aaabbb,default-encryption,add default route)-ok-profiles-default-encryption-(192.168.2.2,192.168.2.1,61.54.226.62-limits-only one:yes)-okip-routes-+-(0.0.0.0/0,61.54.226.62)-ok
3.snat ip-firewall-nat-+-general(srcnat)-advanced(SRC:192.168.5.0/24)-action(masquerade)-ok 4.fw