实验拓扑:

 

network_hou

实验目的:远程用户可以通过***拨入内网,并访问内部的资源。

实验步骤:

基本配置:构建实验环境,内网通过NAT上网。

1.做缺省路由,实现网络互通

左边的路由器(R1):ip route 0.0.0.0 0.0.0.0 100.100.100.2

右边的路由器(R2):ip route 0.0.0.0 0.0.0.0 200.200.200.1

2.NAT地址转换,内网可以上公网

R1:

access-list 100 deny ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255 当172.16.1.0访问192.168.1.0时不做地址转换

access-list 100 permit ip any any

int f0/0

ip nat inside

int f0/1

ip nat outside

ip nat inside source list 100 interface f0/1 overload

R2:

access-list 100 deny ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255

access-list 10 permit ip  any any

int f0/0

ip nat inside

int f0/1

ip nat outside

ip nat inside source list 100 interface f0/1 overload

 IPSec的配置

R1:

aaa new-model
aaa authentication login ***authen local
aaa authorization network ***author local
username ***client password 0 123

 

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2

 

ip local pool ***pool 172.16.2.1 172.16.2.10

crypto isakmp client configuration group ***
 key 123
 pool ***pool

 

crypto ipsec transform-set ***tran esp-3des esp-md5-hmac

crypto dynamic-map ***map 10
 set transform-set ***tran
 reverse-route

 

crypto map ipsec client authentication list ***authen
crypto map ipsec isakmp authorization list ***author
crypto map ipsec client configuration address respond
crypto map ipsec 10 ipsec-isakmp dynamic ***map

interface FastEthernet0/1
crypto map ipsec

实验结果:

完成