××× Client通过公司GW连接连接internet

拓扑：

GW:

aaa new-model
!
aaa authentication login noacs line none
aaa authentication login hr_authen local
aaa authorization network ht_author local
!
username cisco password 0 cisco
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group hrgroup
key cisco
pool hr_pool
crypto isakmp profile isakmap_profile
match identity group hrgroup
client authentication list hr_authen
isakmp authorization list ht_author
client configuration address respond
virtual-template 100//关联virtual-template 100
!
!
crypto ipsec transform-set hr_trans esp-des esp-md5-hmac
!
crypto ipsec profile hr_ipsec_profile
set transform-set hr_trans
set isakmp-profile isakmap_profile
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial0/0
ip address 12.1.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
serial restart-delay 0
!
interface Serial0/1
ip address 23.1.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
serial restart-delay 0
!
interface FastEthernet1/0
ip address 192.168.10.254 255.255.255.0
duplex auto
speed auto
!
interface Virtual-Template100 type tunnel
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly
tunnel source FastEthernet1/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile hr_ipsec_profile
!
ip local pool hr_pool 10.1.1.10 10.1.1.20
！
ip route 3.3.3.0 255.255.255.0 23.1.1.3
!
ip nat inside source list nat interface Serial0/0 overload
!
ip access-list extended nat
deny ip 3.3.3.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 3.3.3.0 0.0.0.255 any
permit ip 10.1.1.0 0.0.0.255 any
R1配置：

interface Serial0/0
ip address 12.1.1.1 255.255.255.0
line vty 0 4
no login
line vty 5 871
no login

R2配置：

interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial0/1
ip address 23.1.1.3 255.255.255.0
serial restart-delay 0

ip route 0.0.0.0 0.0.0.0 23.1.1.2

 

验证：

 

 

转载于:https://blog.51cto.com/692344/1119809