拓朴图
实验说明:
1、总部路由器为固定IP,分公司路由器为ADSL动态IP,现在分公司要与总部建立起IPSEC×××实现192.168.1.0/24与172.16.1.0/24两个网络的互通。
2、R4 S1/0接口为了实验方便就直接配了一个IP 2.2.2.2,实际当中应该为pppOE拨号。
上配置:
R2:
interface Serial1/0
ip address 192.168.1.1 255.255.255.0
no sh
!
interface Serial1/1
ip address 1.1.1.1 255.255.255.0
no sh
crypto map mymap
exit
ip route 0.0.0.0 0.0.0.0 Serial1/1
ip access-list extended ipsecvpn
permit ip 192.168.1.0 0.0.0.255 any
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dymap 10
set transform-set myset
match address ipsecvpn
crypto map mymap 10 ipsec-isakmp dynamic dymap
R3
interface Serial1/0
ip address 2.2.2.2 255.255.255.0
serial restart-delay 0
crypto map mymap
no sh
!
interface Serial1/2
ip address 172.16.1.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 Serial1/0
ip access-list extended ipsecvpn
permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 1.1.1.1
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set myset
match address ipsecvpn
我们可以看到,总部那边×××视图配置有点不同(红色显示部分),使用了动态视图。
实验结果:
pc2#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/56/76 ms
实验 成功
