2、建好后,点击连接,提示输入用户名和密码,此为扩展认证
3、点击OK,如果成功,所有的框消失
4、在PC上查看地址,server是否分配过来了地址
C:\>ipconfig
Windows IP Configuration
Ethernet adapter 无线网络连接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 150.100.1.140
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Ethernet adapter 本地连接 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.14 à分配过来的地址
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Default Gateway . . . . . . . . . :
5、已经ping通过INTERNET到了总部内网的地址
C:\>ping 10.1.2.1
Pinging 10.1.2.1 with 32 bytes of data:
Reply from 10.1.2.1: bytes=32 time=23ms TTL=255
Reply from 10.1.2.1: bytes=32 time=14ms TTL=255
Reply from 10.1.2.1: bytes=32 time=23ms TTL=255
Reply from 10.1.2.1: bytes=32 time=13ms TTL=255
C:\>ping 10.1.1.1
Pinging 10.1.1.1 with 32 bytes of data:
Reply from 10.1.1.1: bytes=32 time=11ms TTL=255
Reply from 10.1.1.1: bytes=32 time=17ms TTL=255
Reply from 10.1.1.1: bytes=32 time=17ms TTL=255
Reply from 10.1.1.1: bytes=32 time=49ms TTL=255
C:\>route print à查看PC端的路由
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0a eb a3 47 1f ...... TL-WN210 2.2 / TL-WN250 2.2 - 数据包计划程序微型
端口
0x80004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0xa0005 ...00 05 9a 3c 78 00 ...... Cisco Systems ××× Adapter - 数据包计划程序微
型端口
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 150.100.1.182 150.100.1.140 30
10.0.0.0 255.0.0.0 10.1.1.14 10.1.1.14 10
10.1.1.0 255.255.255.0 10.1.1.14 10.1.1.14 1
10.1.1.14 255.255.255.255 127.0.0.1 127.0.0.1 10
10.1.2.0 255.255.255.0 10.1.1.14 10.1.1.14 1
10.255.255.255 255.255.255.255 10.1.1.14 10.1.1.14 10
===========================================================================
à这就是由对端组设置推送来的隧传分离列表(ACL100)
C:\>
步骤四:查看两个阶段的关联
r1#show crypto isa sa
dst src state conn-id slot
150.100.1.182 150.100.1.140 QM_IDLE 3 0
r1#show crypto ipsec sa
interface: Ethernet0/0
Crypto map tag: mymap, local addr. 150.100.1.182
protected vrf:
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (10.1.1.12/255.255.255.255/0/0)
current_peer: 150.100.1.140:500
PERMIT, flags={}
#pkts encaps: 16, #pkts encrypt: 16, #pkts digest 16
#pkts decaps: 16, #pkts decrypt: 16, #pkts verify 16
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 150.100.1.182, remote crypto endpt.: 150.100.1.140
path mtu 1500, media mtu 1500
current outbound spi: 44166F6E
inbound esp sas:
spi: 0x2C2E8126(741245222)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2000, flow_id: 1, crypto map: mymap
sa timing: remaining key lifetime (k/sec): (4435191/2917)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x44166F6E(1142321006)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2001, flow_id: 2, crypto map: mymap
sa timing: remaining key lifetime (k/sec): (4435191/2917)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
步骤五:查看server当前的配置
r1#show run
hostname r1
!
username cisco password 0 cisco
aaa new-model
!
!
aaa authentication login ccxx local
aaa authorization network easyvpn local
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group cisco
key cisco
pool ippool
acl 100
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dyn 1
set transform-set myset
reverse-route
!
!
crypto map mymap client authentication list ccxx
crypto map mymap isakmp authorization list easyvpn
crypto map mymap client configuration address respond
crypto map mymap 19 ipsec-isakmp dynamic dyn
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Loopback1
ip address 10.1.2.1 255.255.255.0
!
interface Ethernet0/0
ip address 150.100.1.182 255.255.255.0
half-duplex
crypto map mymap
!
ip local pool ippool 10.1.1.14 10.1.1.30
!
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
access-list 100 permit ip 10.1.2.0 0.0.0.255 any
!
end