
crypto isakmp policy 106 x4 B+ ^7 p' o% A
encr 3des4 z1 W% O5 b: I* ?* S# R$ [
authentication pre-share
2 J5 A9 `) O4 _& ogroup 2
* T8 Y8 ^; S5 X# r2 Ocrypto isakmp key cisco address 10.1.12.2 255.255.255.06 r) k1 H$ d* u' J3 ^# T
!
6 m/ a' u- K1 o! p5 t t!$ s) w8 Z( M8 g w( W F4 Y& ]6 J
crypto ipsec transform-set vpn esp-3des esp-sha-hmac 3 ^# `" n6 ~7 q4 ?! g4 m& G+ m
mode transport
6 n2 l# w1 Q _, D2 C E!
" i% k. Q( M- G2 L, bcrypto map vpntest 1 ipsec-isakmp
4 g, M7 j2 |6 [set peer 10.1.12.2
& R9 m# |) j: D8 ~/ k; n |+ Wset transform-set vpn 6 D! R! k! a/ Y& x* h
match address 1006 B, K1 s$ P6 ^
!5 D0 _' j1 B$ J
!' i9 z+ z1 I/ O, f' u
!# _; |! E' W6 v7 k8 p7 Z5 {
!
( f8 O; j% `6 Z6 B8 |interface Loopback03 L$ {5 k8 \7 ]7 S; a
ip address 1.1.1.1 255.255.255.0
$ ~+ T: h6 ^$ J( P!
# _$ s1 {: f$ u8 rinterface Ethernet0/0
8 V3 |. P1 B' f5 _9 sip address 10.1.12.1 255.255.255.0
* }' \" w4 ^, z8 p# n2 \$ E4 G( _6 Whalf-duplex& Z0 m7 p J8 r$ y# x: w5 L7 O
crypto map vpntest* `9 e% e% k# T: l
- f% z# S8 X9 z& d9 ]/ W# i+ a
access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
6 j+ k; t& Z" g
9 o1 S8 `2 f6 e, a$ s$ q/ f+ e5 AR2的配置大部分相同,以下几条不同:
4 O( U) G% C/ y7 M9 x$ ]# L' o/ F) jaccess-list 100 permit ip host 2.2.2.2 host 1.1.1.1/ V. n& C7 Y2 n. [9 [
& ~! o9 y, G) O% W* O8 N# Ucrypto isakmp key cisco address 10.1.12.1 255.255.255.0 \+ @2 N1 t1 K/ G% T( C" C
0 ]2 T8 t4 v2 j( U/ r
crypto map vpntest 1 ipsec-isakmp
, z8 d* L) ]3 Yset peer 10.1.12.1
2 A: S f1 D. M3 d3 H: R) `set transform-set vpn
7 m( T% W: r' k, Fmatch address 100( i# x0 Q Q5 A$ x7 ^
; m3 Y" S) I0 u/ C2 x; e$ T4 A
这么做不能通信,请问是什么原因导致.
4 l: [ R! k) t4 \8 K. W( l bsh cry isa sa
' W9 m f% K z, p, L发现什么都建立不起来 |
|