在一些小企业,PPPOE 拨号上网是最常见的上网方式,ASA 作为安全网关出口,配置PPPoE 也是非常常见的配置之一,这里我总结一下ASA 8.3前后版本 的PPPoE 配置:
新版本pppoe配置
hostname(config)# vpdn group group_name request dialout pppoe
hostname(config)# vpdn group group_name ppp authentication {chap | mschap | pap}
hostname(config)# vpdn group group_name localname username
hostname(config)# vpdn username username password password [store-local]
Step 1
Enable the PPPoE client by entering the following command from interface configuration mode:
hostname(config-if)# ip address pppoe [setroute]
hostname(config)# interface gigabitethernet 0/0
hostname(config-if)# ip address pppoe
Step 2
Specify a VPDN group for the PPPoE client to use with the following command from interface configuration mode (optional):
hostname(config-if)# pppoe client vpdn group grpname
8.25 前版本的PPPoE 配置:
interface Vlan1 //默认VLAN1 里的接口都是内网接口
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2 //在这里VLAN2 为外网接口
nameif outside
security-level 0
ip address pppoe setroute ////启动拨号,如果没有配默认路由,则必须加上
mtu outside 1400
global (outside) 1 interface //NAT地址转换
nat (inside) 1 0.0.0.0 0.0.0.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group adsl
ip address pppoe setroute
vpdn enable
vpdn group adsl request dialout pppoe
vpdn group adsl localname fsLAN58236333
vpdn group adsl ppp authentication pap
vpdn username fsLAN58236333 password *****
dhcpd dns 202.96.128.166 202.96.128.86
!
dhcpd address 192.168.20.50-192.168.20.200 inside
dhcpd dns 221.228.255.1
dhcpd enable inside