公司网络环境:最简单的拓扑,(无防火墙)电信带固定IP光纤接入-CISCO2911路由器-CISCO交换机-30台电脑和2台服务器。现在因为服务器上装了一个物资系统的服务端,需要外面的项目连接这个服务器,因此,处于安全我想在路由器上做个VPN。请教该怎么做?
目前的配置:
sciplc#show conf
Using 1587 out of 262136 bytes
!
! Last configuration change at 06:03:25 UTCSat Jun 29 2013
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sciplc
!
boot-start-marker
boot-end-marker
!
!
enable secret 4xN.lwPgdUWrfsIlaCrTgQbF0RRIe8/EdwMkoT4zQOs.
!
no aaa new-model
!
no ipv6 cef
!
!
!
ip dhcp excluded-address 10.138.20.254
!
ip dhcp pool lan
network 10.138.20.0 255.255.255.0
default-router 10.138.20.254
dns-server202.96.209.133 202.96.209.5
lease 7
!
!
ip cef
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2911/K9 sn FGL1645132X
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
noip address
shutdown
!
interface GigabitEthernet0/0
ipaddress 180.177.118.70 255.255.255.252
ipnat outside
ipvirtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ipaddress 10.138.20.254 255.255.255.0
ipnat inside
ipvirtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
noip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interfaceGigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0
180.177.118.69
!
access-list 1 permit any
!
!
!
control-plane
!
!
!
line con 0
password 123456
login
line aux 0
line 2
noactivation-**acter
noexec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mopudptn v120 ssh
stopbits 1
line vty 0 4
password telnet
login
transport input all
!
scheduler allocate 20000 1000
!
end