网络工程 - IPSec 隧道已启动，但没有与终端系统通信？ - 吾爱随笔录

我需要有关 IPSec 隧道的帮助。目前，我正在做一个小任务，在我的笔记本电脑和办公室路由器之间创建远程访问，以便访问办公室 LAN 网络。IPSec 隧道工作正常，但 LAN 到 LAN 通信无法正常工作（我无法访问办公室中的任何 LAN 网络）。虽然我可以 ping 通在同一路由器上配置的 LAN 网关，但我无法访问在同一接口上连接到路由器的服务器。在服务器端，有一个默认网关是 192.168.1.1，我用环回地址 ping 服务器 IP (192.168.1.137)，它不是来自同一个子网，它工作正常。有人可以帮我吗？

我的配置详细信息如下所述。

--> IPSEc 形成后，从 Home 到 GW 的 Ping 工作正常
--> 来自环回的临时 IP 的 Ping 工作正常，这意味着终端系统配置了默认网关。
--> 这是配置好的拓扑

服务器 ----> 交换机 ----> 路由器 |||||_____Internet_____||||| （家庭桌面系统）

HR-1#show running-config 
Building configuration...

Current configuration : 3789 bytes
!
! Last configuration change at 08:26:23 ACST Thu Feb 28 2019 by user34
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HR-1
!
boot-start-marker
boot-end-marker
!

ip cef
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.199 192.168.1.254
!
ip dhcp pool Server_Form
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 dns-server 8.8.8.8 8.8.4.4
 option 66 ascii 
 lease infinite
!
!
!
ip domain name HR-1.com.bh

no ipv6 cef
!
!
multilink bundle-name authenticated
! 
!
!
!
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp keepalive 30 20 periodic
!
crypto isakmp client configuration group HomeVPN
 key XXXXXXXX
 pool vpn-client
 acl 108
crypto isakmp profile vpnclient
   match identity group HomeVPN
   client authentication list userauthen
   isakmp authorization list groupauthor
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set myset3 esp-3des esp-md5-hmac 
 mode tunnel
!
crypto ipsec profile HomeVPN
 set transform-set myset3 
 set isakmp-profile vpnclient
!
!
!
!
!
!
!
interface Loopback100
 ip address 10.192.168.1 255.255.255.0
!
interface GigabitEthernet0/0
 description -----WAN LINK ----
 ip address 37.131.254.1 255.255.255.252
 ip access-group InternetOut out
 ip nat outside
 ip flow ingress
 ip tcp adjust-mss 1200
 media-type rj45
 speed auto
 duplex full
 no negotiation auto
!
interface GigabitEthernet0/1
 description ------Connection Server Form --------
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip flow ingress
 media-type rj45
 speed auto
 duplex full
 no negotiation auto

!
interface Virtual-Template1 type tunnel
 ip unnumbered GigabitEthernet0/1
 no ip redirects
 ip nat inside
 ip flow ingress
 ip tcp adjust-mss 1280
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile HomeVPN
!
ip local pool vpn-client 10.10.10.10 10.10.10.20
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 37.131.254.1
ip route 10.10.10.0 255.255.255.0 Null0
!
ip access-list extended InternetOut
 permit ip host 37.131.94.35 any
 permit ip host 10.10.10.17 any
 permit ip any any reflect Internet timeout 300
ip access-list extended NAT
 permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended encrypt-to-vpn-clients
 permit ip 192.168.1.0 0.0.0.255 any
!
access-list 108 permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
!
snmp-server community public RO
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 transport input all
!
!
end

HR-1#