2、建好后,点击连接,提示输入用户名和密码,此为扩展认证
3、点击OK,如果成功,所有的框消失
4、在PC上查看地址,server是否分配过来了地址
C:\>ipconfig
Windows IP Configuration
Ethernet adapter 无线网络连接:
Connection-specific
DNS Suffix . :
IP
Address. . . . . . . . . . . . : 150.100.1.140
Subnet
Mask . . . . . . . . . . . : 255.255.255.255
Default
Gateway . . . . . . . . . :
Ethernet adapter 本地连接 2:
Connection-specific
DNS Suffix . :
IP
Address. . . . . . . . . . . . : 10.1.1.14 à分配过来的地址
Subnet
Mask . . . . . . . . . . . : 255.0.0.0
Default
Gateway . . . . . . . . . :
5、已经ping通过INTERNET到了总部内网的地址
C:\>ping
10.1.2.1
Pinging 10.1.2.1
with 32 bytes of data:
Reply from 10.1.2.1: bytes=32 time=23ms TTL=255
Reply from 10.1.2.1: bytes=32 time=14ms TTL=255
Reply from 10.1.2.1: bytes=32 time=23ms TTL=255
Reply from 10.1.2.1: bytes=32 time=13ms TTL=255
C:\>ping
10.1.1.1
Pinging 10.1.1.1
with 32 bytes of data:
Reply from 10.1.1.1: bytes=32 time=11ms TTL=255
Reply from 10.1.1.1: bytes=32 time=17ms TTL=255
Reply from 10.1.1.1: bytes=32 time=17ms TTL=255
Reply from 10.1.1.1: bytes=32 time=49ms TTL=255
C:\>route
print à查看PC端的路由
===========================================================================
Interface List
0x1 ........................... MS
TCP Loopback interface
0x2 ...00 0a eb a3 47 1f ......
TL-WN210 2.2 / TL-WN250 2.2 - 数据包计划程序微型
端口
0x80004 ...00 53 45 00 00 00
...... WAN (PPP/SLIP) Interface
0xa0005 ...00 05 9a 3c 78 00
...... Cisco Systems ××× Adapter - 数据包计划程序微
型端口
===========================================================================
===========================================================================
Active Routes:
Network Destination
Netmask Gateway
Interface Metric
0.0.0.0 0.0.0.0 150.100.1.182 150.100.1.140 30
10.0.0.0 255.0.0.0 10.1.1.14 10.1.1.14 10
10.1.1.0 255.255.255.0 10.1.1.14 10.1.1.14 1
10.1.1.14 255.255.255.255 127.0.0.1 127.0.0.1 10
10.1.2.0 255.255.255.0 10.1.1.14 10.1.1.14 1
10.255.255.255 255.255.255.255 10.1.1.14 10.1.1.14 10
===========================================================================
à这就是由对端组设置推送来的隧传分
离列表(ACL100)
C:\>
步骤四:查看两个阶段的关联
r1#show
crypto isa sa
dst src state conn-id
slot
150.100.1.182 150.100.1.140 QM_IDLE 3 0
r1#show
crypto ipsec sa
interface: Ethernet0/0
Crypto
map tag: mymap, local addr. 150.100.1.182
protected
vrf:
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote
ident (addr/mask/prot/port): (10.1.1.12/255.255.255.255/0/0)
current_peer:
150.100.1.140:500
PERMIT,
flags={}
#pkts encaps: 16, #pkts encrypt: 16, #pkts digest 16
#pkts decaps: 16, #pkts decrypt: 16, #pkts verify 16
#pkts
compressed: 0, #pkts decompressed: 0
#pkts
not compressed: 0, #pkts compr. failed: 0
#pkts
not decompressed: 0, #pkts decompress failed: 0
#send
errors 0, #recv errors 0
local
crypto endpt.: 150.100.1.182, remote crypto endpt.: 150.100.1.140
path
mtu 1500, media mtu 1500
current
outbound spi: 44166F6E
inbound
esp sas:
spi:
0x2C2E8126(741245222)
transform:
esp-3des esp-md5-hmac ,
in
use settings ={Tunnel, }
slot:
0, conn id: 2000, flow_id: 1, crypto map: mymap
sa timing: remaining key lifetime (k/sec):
(4435191/2917)
IV
size: 8 bytes
replay
detection support: Y
inbound
ah sas:
inbound
pcp sas:
outbound
esp sas:
spi:
0x44166F6E(1142321006)
transform:
esp-3des esp-md5-hmac ,
in
use settings ={Tunnel, }
slot:
0, conn id: 2001, flow_id: 2, crypto map: mymap
sa
timing: remaining key lifetime (k/sec): (4435191/2917)
IV
size: 8 bytes
replay
detection support: Y
outbound
ah sas:
outbound
pcp sas:
步骤五:查看server当前的配置
r1#show run
hostname r1
!
username cisco
password 0 cisco
aaa new-model
!
!
aaa authentication
login ccxx local
aaa authorization
network easyvpn local
!
crypto isakmp policy
10
encr
3des
hash
md5
authentication
pre-share
group
2
!
crypto isakmp client
configuration group cisco
key
cisco
pool
ippool
acl
100
!
!
crypto ipsec
transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dyn
1
set
transform-set myset
reverse-route
!
!
crypto map mymap
client authentication list ccxx
crypto map mymap
isakmp authorization list easyvpn
crypto map mymap
client configuration address respond
crypto map mymap 19
ipsec-isakmp dynamic dyn
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Loopback1
ip address 10.1.2.1 255.255.255.0
!
interface Ethernet0/0
ip address
150.100.1.182 255.255.255.0
half-duplex
crypto map mymap
!
ip local pool ippool 10.1.1.14 10.1.1.30
!
access-list 100 permit
ip 10.1.1.0 0.0.0.255
any
access-list 100 permit
ip 10.1.2.0 0.0.0.255
any
!
end
本文出自:http://dnsdhcp.blog.51cto.com
/1280638/287125