拓扑

简介

　　办公网使用专线接入，拥有固定IP地址，网络出口使用防火墙做NAT，下联交换机接入服务器，办公电脑等，旁挂思科路由器做L2TP LNS

　　家庭宽带使用ADSL线路，华为路由器做拨号设备与DHCP服务器，下联无线路由器，下挂终端

需求

　　家庭终端访问办公网流量走L2tp隧道使用内网地址访问，互联网流量走互联网，特定终端流量全走办公网出

配置

　　思科

办公网组网配置略

vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
l2tp tunnel password 7 000012140F5818

interface Virtual-Template1
ip address 192.168.33.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map l2tp
peer default ip address pool dark
ppp authentication chap
ppp ipcp dns 8.8.8.8 8.8.4.4

ip local pool dark 192.168.33.10 192.168.33.20

　　华为

l2tp enable
acl number 2000
rule 10 permit source 172.18.0.183 0
acl number 2001
rule 5 permit source 172.18.0.0 0.0.0.255
acl number 2002
rule 5 permit source 172.18.0.0 0.0.0.255

ip pool dark
gateway-list 172.18.0.1
network 172.18.0.0 mask 255.255.255.0
dns-list 114.114.114.114 8.8.8.8

interface Dialer1
link-protocol ppp
ppp chap user 0011000000
ppp chap password simple 00000
tcp adjust-mss 1200
ip address ppp-negotiate
dialer user 0011000000
dialer bundle 1
nat outbound 2001

interface Virtual-Template1
ppp chap user dark-l2
ppp chap password cipher %^%#!VG4=c>p<$2G25B
ip address ppp-negotiate
nat outbound 2002
l2tp-auto-client enable

interface GigabitEthernet0/0/1
undo portswitch
ip address 172.18.0.1 255.255.255.0
traffic-policy dark-vpn inbound
dhcp select global

interface GigabitEthernet0/0/4
pppoe-client dial-bundle-number 1

l2tp-group 1
tunnel password cipher %^%#i]FR(<RDB5=BD!%IMx$1!nT]$a0#
start l2tp ip 1.1.1.1 fullusername dark-l2

ip route-static 0.0.0.0 0.0.0.0 Dialer1
ip route-static 10.0.0.0 255.255.255.255 Virtual-Template1

traffic classifier dark-vpn operator or
if-match acl 2000

traffic behavior dark-vpn
redirect ip-nexthop 192.168.33.1

traffic policy dark-vpn
classifier dark-vpn behavior dark-vpn precedence 5