我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题! H: S( K5 m# }) [7 o9 `6 E
即:都能访问中心端的10.28.0.0网段% y+ l, `# j8 M7 _
( U' Z7 s9 g# _0 f# x% n) B! S
aaa new-model2 G8 b- i3 T( _/ d
!5 q/ `4 S2 x4 A: ^4 R
!& T) b( \2 U- ]3 R9 f# q
aaa authentication login default local* C' y8 K/ j. ]1 H$ ]
aaa authorization network vpn_group local 4 D2 @0 f8 r0 L! F: k/ S
aaa session-id common$ f1 I% D$ [9 Z8 {/ O1 Y! c6 g
ip subnet-zero
0 N8 o- o4 n0 D* H$ P4 K. o!
! d" A( R9 V9 m% t) D!8 f8 [1 i4 O( N4 i0 G1 l1 S, g
crypto isakmp policy 1
% V7 P1 Q1 }9 _ encr 3des$ v, E/ D) Y, t F/ F5 s' u' ?* U
authentication pre-share; r% F8 I' m5 ?3 K/ ^: ^; R$ H# j
group 2
3 L. m& ~: E* ~+ D$ l!
* c7 {1 g7 w+ T# h$ c/ G* Acrypto isakmp policy 2! Y$ W* l9 M( S( x. e* i" v
hash md51 r2 @$ q* i6 _$ Q3 }3 u
authentication pre-share% d8 N1 ~" `- E0 `, `$ D2 I. b, r
!
* k: | Q- U7 s( \7 f2 tcrypto isakmp policy 3
1 C6 Z- v q6 g/ F7 T& r9 l. f$ \ authentication pre-share
% h. r! |2 Q5 wcrypto isakmp key 123456 address 0.0.0.0 0.0.0.0: x3 c/ F1 x- E* J$ ?
!
% v# Z( x0 ^* s& @6 \crypto isakmp client configuration group vpn_group- H% z+ I. Q. R3 I
key abc123' v+ e- g+ T9 U" {
pool vpn_pool9 U0 `/ G0 n4 K- H$ g% C3 m
!
9 ?' L- q8 i! e+ Y8 O' z" k1 [5 dcrypto ipsec security-association lifetime seconds 86400; T9 A0 m' {! W* T2 Q1 Y; F& Q
!
" D0 p: m) P% t4 H+ q! y' W8 J( Tcrypto ipsec transform-set basic-des esp-des esp-md5-hmac
+ W% a8 p; D8 c W) v1 h5 rcrypto ipsec transform-set basic2-des esp-des esp-sha-hmac
# p" C) i/ E5 Ocrypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
+ g9 W2 h- e4 r8 S( tcrypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac
) ~5 V3 \9 r/ z* Z' t!+ W0 V7 X5 S* s
crypto dynamic-map adsl 1% j; B& b/ w4 J* J% |2 A
set transform-set basic-des
]' @7 c- B, ]7 r9 ]; `) L match address 111
; V! f1 O% U7 d% L" G/ Z; ecrypto dynamic-map adsl 23 @' {% E, |8 b
set transform-set basic-des
+ S7 K/ O d" ?: U% X$ |( t" l match address 112
W. {6 X( q) k$ V( g& m4 ^crypto dynamic-map adsl 3, ]8 v1 T2 Q* @0 F6 Z# h! d
set transform-set basic-des
5 V: v9 v* j7 o$ u+ H! n match address 113* ?' x6 s9 @5 [; v
...7 c- u7 Q2 P$ C/ q1 e1 X9 g' n
!
/ ?1 p% \" L1 a4 N7 t4 A' B7 mcrypto dynamic-map client 13 E8 n9 l2 }* J( z
set transform-set advan-3des 1 x7 N, u& j/ r% G! C' H3 J( m
!
" {: _1 X) `2 m!- p$ j! n9 ~% t
crypto map vpn isakmp authorization list vpn_group
* r0 f4 j0 P- ?$ N1 b( z' Jcrypto map vpn client configuration address respond: I+ s( z8 l6 }; v
crypto map vpn 1 ipsec-isakmp 0 A2 u3 e4 e' ?+ |9 F
set peer 195.6.174.2029 u; u) H' @* E+ N% e' T3 k$ o
set transform-set basic-des
* L( N, w1 W3 H. c9 W. l, c match address 1108 w6 j8 o' ~) o8 E1 y% Z
crypto map vpn 98 ipsec-isakmp dynamic adsl 2 E: } Q- ^+ H+ T; f$ g
crypto map vpn 99 ipsec-isakmp dynamic client
1 S+ ?: K D# s2 ~( Z- U/ |!7 M' x9 M& {) A1 k& W/ S
...., {* Z) w0 g" ^" V
interface FastEthernet0/1
5 M u1 L6 E9 `. Y# P5 q description Internet Connection5 a' J+ v7 r6 k
ip address 222.202.209.27 255.255.255.0
& C( }3 n T: l) [6 X) @$ X ip nat outside
2 Q3 @$ a+ I0 H) E6 s" v/ T duplex auto) i. {. _4 q& Y, ?: E
speed auto$ ~8 i: a) g3 y$ o* ]9 U }
no cdp enable( A! c8 q+ n6 m% C# H0 j! E4 Q3 I
crypto map vpn5 I0 @0 B( I$ E" j4 G
!
4 D: I! n9 U# e- b/ k) h) eip local pool vpn_pool 192.201.0.1 192.201.0.30
" A7 d; G, I" Mno ip http server8 s7 R. {/ P$ I; D" r* m# g
no ip http secure-server' p: o0 |: z' d' V
ip classless
0 T$ c$ f- p; u7 a, X) ^ip route 0.0.0.0 0.0.0.0 222.202.209.254. x6 [5 p q* V
!
5 `( {8 w' V/ L2 D' a!
8 A5 L& D8 m1 ?) y, Paccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15; ~# d0 b) z$ g3 e7 y, A6 E0 {
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255
+ M3 B6 a3 i; h1 L" @9 [7 Vaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.2553 A: x6 s" Y* T
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255
& e2 I* K* v% U; u& u* Raccess-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255$ T* ^. @8 w% y2 Q7 G
access-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
) r! U# L. X) m) Baccess-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255
7 b+ q; G& d" F/ u. _/ ?- x.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
