Site to Site VPN

原创

kidling 2018-05-12 23:50:58 博主文章分类：网络类 ©著作权

©著作权归作者所有：来自51CTO博客作者kidling的原创作品，请联系作者获取转载授权，否则将追究法律责任

拓扑如下 HQ LAN<——>HQ Router<——>INTERNET Router<——>BR Router<——>BR LAN

配置如下

总部HQ! ip access-list extended S2S permit ip 192.168.11.0 0.0.0.255 192.168.12.0 0.0.0.255 ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 crypto isakmp key cisco address 202.202.202.1 ! ! crypto ipsec transform-set MYTRAN esp-3des esp-md5-hmac ! crypto map MYMAP 10 ipsec-isakmp set peer 202.202.202.1 set transform-set MYTRAN match address S2S reverse-route static !

ip nat inside source list NAT interface Serial1/0 overload ! ip access-list extended NAT deny ip 192.168.11.0 0.0.0.255 192.168.12.0 0.0.0.255 permit ip 192.168.11.0 0.0.0.255 any

分支BR ip access-list extended S2S permit ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255 ! ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 5 crypto isakmp key cisco address 101.101.101.1 ! ! crypto ipsec transform-set MYTRAN esp-3des esp-md5-hmac ! crypto map MYMAP 10 ipsec-isakmp set peer 101.101.101.1 set transform-set MYTRAN match address S2S reverse-route static !

ip nat inside source list NAT interface Serial1/0 overload ! ip access-list extended NAT deny ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255 permit ip 192.168.12.0 0.0.0.255 any