[Cisco] VPN拨通后访问不了内网,只到路由器内网口通

设备cisco 2851


VPN拨通后访问不了内网,只到路由器内网口通,到内网的其它VLAN,包括内网直连的地址都不通.


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GuoJiShangCheng
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login ezvpn-authentication local
aaa authorization network ezvpn-authorization local
!
!
aaa session-id common
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
ip domain name yourdomain.com
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
vpdn enable
vpdn authen-before-forward
vpdn session-limit 10
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
l2tp tunnel receive-window 1024  这一条删不掉,自动存在
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username juxin password 0 juxin
username cisco password 0 cisco
archive
log config
  hidekeys
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group ciscogroup
key ciscogroup
pool vpn-pool
acl 101
save-password
!
!
crypto ipsec transform-set tran-set esp-3des esp-sha-hmac
!
crypto dynamic-map dynamic-map 1
set transform-set tran-set
reverse-route
!
!
crypto map cisco client authentication list ezvpn-authentication
crypto map cisco isakmp authorization list ezvpn-authorization
crypto map cisco client configuration address respond
crypto map cisco 1 ipsec-isakmp dynamic dynamic-map
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.199.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 221.224.25.18 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex half
speed auto
crypto map cisco
!
interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip nat inside
ip virtual-reassembly
duplex full
speed 1000
no routing dynamic
!
interface Virtual-Template1
mtu 1300
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly
peer default ip address pool ever
no keepalive
ppp encrypt mppe 128
ppp authentication chap ms-chap
!
ip local pool vpn-pool 172.16.1.1 172.16.1.100
ip local pool test 192.168.1.1 192.168.1.250
ip local pool ever 10.0.199.2 10.0.199.200
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 221.224.25.17
ip route 10.0.11.0 255.255.255.0 10.0.0.254
ip route 10.0.12.0 255.255.255.0 10.0.0.254
ip route 10.0.13.0 255.255.255.0 10.0.0.254
ip route 10.0.17.0 255.255.255.0 10.0.0.254
ip route 10.0.18.0 255.255.255.0 10.0.0.254
ip route 10.0.100.0 255.255.255.0 10.0.0.254
ip route 10.0.101.0 255.255.255.0 10.0.0.254
ip route 192.168.0.0 255.255.255.0 10.0.0.254
!
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list Go_to_Internet interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.0.0.1 1723 221.224.25.18 1723 extendable
!
ip access-list standard Go_to_Internet
permit 192.168.0.0
permit 192.168.0.0 0.0.0.255
permit 10.0.0.0 0.255.255.255
permit any
!
access-list 101 permit ip any any
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login 
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------

!
line con 0
line aux 0
line vty 0 4
privilege level 15
password XXXXXXXX
transport input telnet
line vty 5 15
privilege level 15
transport input telnet
line vty 16 24
!
scheduler allocate 20000 1000
!
end