VPN通信之一路由之间的VPN
实验拓扑图:
主要代码:
R2:
conf t
int f0/0
ip add 100.1.1.1 255.255.255.0
no sh
int f0/1
ip add 172.16.10.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 100.1.1.2
crypto isakmp policy 1
encryption 3des
hash sha
authentication pre-share
group 2
lifetime 10000
crypto isakmp key 0 dragon-key address 200.1.1.1
access-list 100 permit ip 172.16.10.0 0.0.0.255 10.10.10.0 0.0.0.255
crypto ipsec transform-set dragon-set esp-des ah-sha-hmac
mode tunnel
exit
crypto ipsec security-association lifetime seconds 1800
crypto map dragon-map 1 ipsec-isakmp
set peer 200.1.1.1
set transform-set dragon-set
match address 100
interface f0/0
crypto map dragon-map
access-list 1 deny 172.16.10.0 0.0.0.255
access-list 1 permit 172.16.0.0 0.0.255.255
ip nat inside source list 1 int f0/0 overload
int f0/0
ip nat outside
int f0/1
ip nat inside
R1:
conf t
int f0/0
ip add 100.1.1.2 255.255.255.0
no sh
int f0/1
ip add 200.1.1.2 255.255.255.0
no sh
exit
R3:
conf t
int f0/0
ip add 200.1.1.1 255.255.255.0
no sh
int f0/1
ip add 10.10.10.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 200.1.1.2
crypto isakmp policy 1
encryption 3des
hash sha
authentication pre-share
group 2
lifetime 10000
crypto isakmp key 0 dragon-key address 100.1.1.1
access-list 100 permit ip 10.10.10.0 0.0.0.255 172.16.10.0 0.0.0.255
crypto ipsec transform-set dragon-set esp-des ah-sha-hmac
mode tunnel
exit
crypto ipsec security-association lifetime seconds 1800
crypto map dragon-map 1 ipsec-isakmp
set peer 100.1.1.1
set transform-set dragon-set
match address 100
interface f0/0
crypto map dragon-map
end
vpn正常通信:
sh crypto isakmp sa
sh crypto map
本文出自 “龙爱雪琪” 博客,请务必保留此出处http://dragon123.blog.51cto.com/9152073/1568759
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
