Site-to-Site IPSec-××× 实验配置
原创
©著作权归作者所有:来自51CTO博客作者kindIT的原创作品,请联系作者获取转载授权,否则将追究法律责任
1.拓扑图
2.各路由器基本配置 和 静态路由配置
R1:
int f0/0
ip add 172.16.12.1 255.255.255.0
no shut
int lo0
ip add 10.10.1.1 255.255.255.0
ip route 10.10.2.0 255.255.255.0 172.16.12.2
ip route 172.16.23.0 255.255.255.0 172.16.12.2
R2:
int f0/0
ip add 172.16.12.2 255.255.255.0
no shut
int f1/0
ip add 172.16.23.2 255.255.255.0
no shut
ip route 10.10.2.0 255.255.255.0 172.16.23.3
ip route 10.10.1.0 255.255.255.0 172.16.12.1
R3:
int f0/0
ip add 172.16.23.3 255.255.255.0
no shut
int lo0
ip add 10.10.2.2 255.255.255.0
ip route 10.10.1.0 255.255.255.0 172.16.23.2
ip route 172.16.12.0 255.255.255.0 172.16.23.2
验证:
3.在R1和R3上配置IPSec-×××
R1:
crypto isakmp policy 10
encryption 3des
hash sha
authentication pre-share
group 2
crypto isakmp key ccna-ccnp add 172.16.23.3
access-list 110 permit ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
crypto map ××× 10 ipsec-isakmp
match add 110
set peer 172.16.23.3
set transform-set ccie
exit
int f0/0
crypto map ×××
R2:
crypto isakmp policy 10
encryption 3des
hash sha
authentication pre-share
group 2
crypto isakmp key ccna-ccnp add 172.16.12.1
access-list 110 permit ip 10.10.2.0 0.0.0.255 10.10.1.0 0.0.0.255
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
crypto map ××× 10 ipsec-isakmp
match add 110
set peer 172.16.12.1
set transform-set ccie
exit
int f0/0
crypto map ×××
4.在R2上以10.10.1.1为源地址ping10.10.2.2
5.show run
以R1为例:
r1# show run
Building configuration...
Current configuration : 1064 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key ccna-ccnp address 172.16.23.3
!
!
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
!
crypto map ××× 10 ipsec-isakmp
set peer 172.16.23.3
set transform-set ccie
match address 110
!
!
interface Loopback0
ip address 10.10.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.12.1 255.255.255.0
duplex auto
speed auto
crypto map ×××
!
ip http server
no ip http secure-server
ip route 10.10.2.0 255.255.255.0 172.16.12.2
ip route 172.16.23.0 255.255.255.0 172.16.12.2
!
!
access-list 110 permit ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
上一篇:CCNA OSPF特性、术语
下一篇:DMvpn配置步骤
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
IPSEC vpn详解
IPSEC VPN
ci Standard Time -
使用SDM配置Site-to-Site IPSec ×××
使用SDM配置Site
职场 休闲 使用SDM配置Site-to-Site -
CCNP(ISCW)实验:使用SDM配置Site-to-Site IPSEC VPN
使用SDM配置Site-to-Site IPSEC VPN
使用SDM配置Site-to-Site -
Site-to-Site ××× 配置详解
具体配置详见附件
职场 VPN CCNP 休闲 site-to-site -
IPsec ××× Site to Site ×××实验二
Benet S2A学员须掌握的提高实验。完整的实验手册,PDF版,带书签。
职场 休闲 IPsec_L2L_VPN