---------------------------------------
R1配置信息:
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shutdown
interface Serial0/1/0
ip address 12.1.1.1 255.255.255.0
ip nat outside
no shutdown
ip nat inside source list 1 interface Serial0/1/0 overload
ip route 0.0.0.0 0.0.0.0 12.1.1.2
access-list 1 permit 192.168.1.0 0.0.0.255
------------------------------------------------------------------------------
R2配置信息:
interface Serial0/1/0
ip address 12.1.1.2 255.255.255.0
clock rate 64000
no shutdown
interface Serial0/2/0
ip address 23.1.1.2 255.255.255.0
clock rate 64000
no shutdown
------------------------------------------------------------------------------
R3配置信息:
aaa new-model
aaa authentication login ***-a local
aaa authorization network ***-n local
username cisco password 0 cisco123
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group ***-group
key password123
pool ***pool
crypto ipsec transform-set test esp-3des esp-md5-hmac
crypto dynamic-map ***map 10
set transform-set test
reverse-route
crypto map map1 client authentication list ***-a
crypto map map1 isakmp authorization list ***-n
crypto map map1 client configuration address respond
crypto map map1 10 ipsec-isakmp dynamic ***map
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
no shutdown
interface Serial0/3/0
ip address 23.1.1.3 255.255.255.0
no shutdown
crypto map map1
ip local pool ***pool 172.16.0.100 172.16.0.200
ip route 0.0.0.0 0.0.0.0 23.1.1.2
----------------------------------------------------------------------------
实验结果:
1、通过***软件拨入访问远端服务器
2、已经成功通过***拨入到远端内网并获得IP地址
3、通过***拨入式成功访问远端内网服务器
-------------------------------------
最后说一句,使用Cisco Packet Tracer 5.3.2配置完成后可能出现客户端***拨号不成功,需要保存配置后重新打开Packet Tracer保存文件再试一次,Cisco Packet Tracer实验保存文件已上传,但需要重命名文件为pkt格式即可。
