cisco路由器IPSEC VPN配置(隧道模式)

拓扑如下:

技术分享

R1配置
hostname R1
enable password cisco 
crypto isakmp policy 1        #创建IKE协商策略,编号为1
 encr 3des                       #加密算法伟3des
 authentication pre-share   #使用预共享秘钥
 group 2                          #使用D-H组2
crypto isakmp key cisco address 61.67.1.1      #设置共享秘钥和peer地址
crypto ipsec security-association lifetime seconds 86400 #设置sa生存时间
crypto ipsec transform-set vpn-set ah-sha-hmac esp-des  #设置加密映射
crypto map mymap 1 ipsec-isakmp
crypto map tobeijing 1 ipsec-isakmp
 set peer 61.67.1.1
 set transform-set vpn-set
 match address 100
interface Loopback10
 ip address 192.168.1.1 255.255.255.255
interface Ethernet0/0
 ip address 202.112.1.1 255.255.255.0
 crypto map tobeijing                          #将映射应用到接口
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 202.112.1.2
access-list 100 permit ip host 192.168.1.1 host 172.16.1.1   #定义感兴趣的数据流     
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login    
 transport input all

R2配置:
hostname R2
enable password cisco       
interface Ethernet0/0
 ip address 202.112.1.2 255.255.255.0       
interface Ethernet0/1
 ip address 61.67.1.2 255.255.255.0         
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login    
 transport input all
R3配置:

hostname R3
enable password cisco       
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2  
crypto isakmp key cisco address 202.112.1.1            
crypto ipsec security-association lifetime seconds 86400      
crypto ipsec transform-set vpn-set ah-sha-hmac esp-des       
crypto map mymap 1 ipsec-isakmp
 set peer 202.112.1.1
 set transform-set vpn-set
 match address 100        
interface Loopback10
 ip address 172.16.1.1 255.255.255.255     
interface Ethernet0/0
 ip address 61.67.1.1 255.255.255.0
 crypto map mymap
ip route 0.0.0.0 0.0.0.0 202.112.1.1
ip route 0.0.0.0 0.0.0.0 61.67.1.2       
access-list 100 permit ip host 172.16.1.1 host 192.168.1.1
 logging synchronous
line aux 0
line vty 0 4
 password cisco
 login    
 transport input all
测试结果如下:

技术分享



      
    

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。