1.EzVPN能拨号上但ping不通

娃哈哈啊哈哈哈

话不多说，先上拓扑

娃哈哈啊哈哈哈

R6#show run
Building configuration...

Current configuration : 2094 bytes
!
! Last configuration change at 04:12:09 EET Tue Apr 24 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
aaa new-model
!
!
aaa authentication login noau none
aaa authentication login xauth local
aaa authorization network mode local
!
!
!
!
!
aaa session-id common
clock timezone EET 2 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!         
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
username adminuser password 0 sdb123
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group EZVPN
key cisco
pool EZPOOL
acl split
save-password
crypto isakmp profile ISAKMP.RA
   match identity group EZVPN
   client authentication list xauth
   isakmp authorization list mode
   client configuration address respond
!
!
crypto ipsec transform-set TEST esp-des esp-md5-hmac
mode tunnel
!
!
!
crypto dynamic-map RAMAP 10
set transform-set TEST
set isakmp-profile ISAKMP.RA
reverse-route
!
!
crypto map RAMAP 10 ipsec-isakmp dynamic RAMAP
!
!
!
!
!
interface Ethernet0/0
ip address 68.1.1.6 255.255.255.0
ip nat outside
ip nat enable
ip virtual-reassembly in
crypto map RAMAP
!
interface Ethernet0/1
ip address 36.1.1.6 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly in
!         
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
ip local pool EZPOOL 10.1.1.1 10.1.1.254
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Ethernet0/0 overload
ip route 0.0.0.0 0.0.0.0 68.1.1.8
!
ip access-list extended split
permit ip 36.1.1.0 0.0.0.255 10.1.1.0 0.0.0.255
!
!
!
access-list 100 permit ip 36.1.1.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login authentication noau
transport input none
!
!
end

R6#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 68.1.1.8 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 68.1.1.8
      27.0.0.0/24 is subnetted, 1 subnets
S        27.1.1.0 [1/0] via 78.1.1.7
      36.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        36.1.1.0/24 is directly connected, Ethernet0/1
L        36.1.1.6/32 is directly connected, Ethernet0/1
      68.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        68.1.1.0/24 is directly connected, Ethernet0/0
L        68.1.1.6/32 is directly connected, Ethernet0/0
R6#

R7#show run
Building configuration...

Current configuration : 1620 bytes
!
! Last configuration change at 04:12:01 EET Tue Apr 24 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
clock timezone EET 2 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!         
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn sk-ezvpn
connect manual
group EZVPN key cisco
mode network-plus
peer 68.1.1.6
username adminuser password sdb123
xauth userid mode local
!         
!
!
!
!
!
interface Ethernet0/0
ip address 27.1.1.7 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly in
crypto ipsec client ezvpn sk-ezvpn inside
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Ethernet0/3
no ip address
shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip nat enable
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp pap sent-username adminuser password 0 sdb123
crypto ipsec client ezvpn sk-ezvpn
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 78.1.1.8
!
!
!         
access-list 100 permit ip 27.1.1.0 0.0.0.255 any
!
control-plane
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
transport input none
!
!
end

R7#show cry      
R7#show crypto ip
R7#show crypto ipsec cli
R7#show crypto ipsec client ez
R7#show crypto ipsec client ezvpn
Easy VPN Remote Phase: 8

Tunnel name : sk-ezvpn
Inside interface list: Ethernet0/0
Outside interface: Dialer1
Current State: IPSEC_ACTIVE
Last Event: SOCKET_DOWN
Address: 10.1.1.4 (applied on Loopback10000)
Mask: 255.255.255.255
Save Password: Allowed
Split Tunnel List: 1
       Address    : 36.1.1.0
       Mask       : 255.255.255.0
       Protocol   : 0x0
       Source Port: 0
       Dest Port  : 0
Current EzVPN Peer: 68.1.1.6

R7#show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                27.1.1.7        YES NVRAM  up                    up      
Ethernet0/1                unassigned      YES NVRAM  administratively down down   
Ethernet0/2                unassigned      YES NVRAM  up                    up      
Ethernet0/3                unassigned      YES NVRAM  administratively down down   
Dialer1                    78.1.1.7        YES IPCP   up                    up      
Loopback10000              10.1.1.4        YES TFTP   up                    up      
NVI0                       27.1.1.7        YES unset  up                    up      
Virtual-Access1            unassigned      YES unset  up                    up      
Virtual-Access2            unassigned      YES unset  up                    up      
R7#
R7#  ping 8.8.8.8 source 27.1.1.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 27.1.1.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R7#ping 36.1.1.6 sou
R7#ping 36.1.1.6 source 27.1.1.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 36.1.1.6, timeout is 2 seconds:
Packet sent with a source address of 27.1.1.7
....
Success rate is 0 percent (0/4)
R7#show ip nat tr
Pro Inside global      Inside local       Outside local      Outside global
icmp 78.1.1.7:25       27.1.1.7:25        8.8.8.8:25         8.8.8.8:25
R7#

娃哈哈啊哈哈哈

第一次玩论坛，没想到图在下面，各位大佬将就着看一下吧，
忘记附上ISP的配置了
ISP#show run
Building configuration...

Current configuration : 1295 bytes
!
! Last configuration change at 05:28:20 EET Tue Apr 24 2018
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
aaa new-model
!
!
!
!
!         
!
!
aaa session-id common
clock timezone EET 2 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!


!
!
!
!
ip cef
no ipv6 cef
!         
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
username adminuser password 0 sdb123
!
redundancy
!
!
!
!
!
!
!
!
!
!
!         
!
!
!
bba-group pppoe ADSL
virtual-template 1
!
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Ethernet0/0
ip address 68.1.1.8 255.255.255.0
!
interface Ethernet0/1
ip address 58.1.1.8 255.255.255.0
!
interface Ethernet0/2
ip address 78.1.1.8 255.255.255.0
pppoe enable group ADSL
!
interface Ethernet0/3
no ip address
shutdown
!
interface Virtual-Template1
ip unnumbered Ethernet0/2
ip mtu 1492
peer default ip address pool pppoe
ppp authentication pap
!
ip local pool pppoe 78.1.1.7
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!         
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
transport input none
!
!
end

ISP#

娃哈哈啊哈哈哈

期待各位大佬的指点

娃哈哈啊哈哈哈

心塞，两天都没人冒个泡，
问题已解决。原因为回包的时候走了NAT

碧云天

估计是只是贴个配置，弄个图提问，别人一般不大会回复，因为需要看一堆配置，最好是把配置步骤文字描述并写上配置，这样看起来也容易些。如果用eve配置测试，利用抓包工具可以让排错容易很多。

daizhiheng

00000000000

haicang01

学习辣，，，，，