我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题
% Q8 g, c/ B% {3 I+ B- Z2 c- v即:都能访问中心端的10.28.0.0网段! g3 _3 E& g- L, r# ?
/ T( ^1 A1 z3 |) U, Kaaa new-model* _( n! c- V3 Z: v2 `! Q5 X
!4 n) v! Q0 z$ S1 w
!
. P5 L+ K% U/ r/ ^* laaa authentication login default local
" Y/ `9 u7 H% ^8 M. l+ r) e8 Qaaa authorization network vpn_group local . ]2 [% z3 @, O- o
aaa session-id common8 v; h& p2 Y5 a0 v9 ]2 \1 ^7 d
ip subnet-zero
3 U7 P2 b* N7 D4 p6 C!
5 S& a" x8 [9 N8 Y1 |!
8 W- o! Y/ j1 v f! Lcrypto isakmp policy 18 q, Z6 i( v# `' {4 l+ k/ g! i/ i
encr 3des
! i7 V! b9 {; W: k% f0 t2 D authentication pre-share) @. I! j- e+ [6 K
group 2
1 \6 _. w& P0 u; q7 \& U!
) e( a; [1 V6 Zcrypto isakmp policy 2
" |; \0 [' P9 S. N# E9 O9 W hash md5
! K8 h2 ] X! [* A authentication pre-share, B3 Q/ U% ~* Z0 W3 y
!% }5 o8 i x Q% P$ u
crypto isakmp policy 31 `# j* x- g( q
authentication pre-share
, p0 ?' {$ t) g& a3 ~" I$ Ecrypto isakmp key 123456 address 0.0.0.0 0.0.0.0
3 T5 e [. u: Z1 O/ o7 O( T!8 o. n. M2 y! k p5 H* r- V/ k
crypto isakmp client configuration group vpn_group: |3 I# U( \5 `) r
key abc1232 N z1 N+ P0 _. C
pool vpn_pool
9 ^% T' F; X3 V) \$ {!
8 ]) P0 M/ }9 B3 A/ Q( ~crypto ipsec security-association lifetime seconds 86400
' w, s$ w& T9 Z. e3 f! T!. ^& _; I& H4 i0 c8 `) {
crypto ipsec transform-set basic-des esp-des esp-md5-hmac
( m* \6 \- d" |& Q5 hcrypto ipsec transform-set basic2-des esp-des esp-sha-hmac + M. |9 R F* ]7 z# b& ]
crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
$ j& t4 j, C, F1 t- mcrypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac
* ~1 @) O' J3 [5 ?2 Y d" K!
, Y& X1 [. ~. p* `7 hcrypto dynamic-map adsl 17 N- Z6 i! h5 @4 D
set transform-set basic-des
! A) A5 m; i: ]' x match address 1111 c# g5 t/ ?7 m7 X+ B- _9 Y9 A
crypto dynamic-map adsl 2& U0 v/ e6 ?& C5 v, W* }0 R
set transform-set basic-des
/ Q0 M3 J; ], I$ `9 c( } l match address 1123 |* ~6 M5 i d2 W5 C1 G
crypto dynamic-map adsl 31 B0 E C/ Y' a& k( n0 K" U
set transform-set basic-des 2 T2 Q! h4 e+ d; ]% ?/ H- o
match address 113* l% e5 m) M5 O3 J% A% U( d& a1 }
...' o1 Z5 A9 S* Z1 J* E
!/ s8 t! \, K3 N6 N. F. }
crypto dynamic-map client 1
# D. Z& u; ~+ [+ h9 x3 k set transform-set advan-3des . \% W( r n ^% S, d& m
!
\& x- V, c1 i!
1 ]- \9 d' B+ j/ Mcrypto map vpn isakmp authorization list vpn_group& O' ]2 {! }( ^3 j0 A9 x5 w# n& I
crypto map vpn client configuration address respond- S" v5 r3 V, W8 T4 z' y6 W
crypto map vpn 1 ipsec-isakmp $ M2 {( W t8 e6 w- d7 X4 ~
set peer 195.6.174.202: h8 h# _* l0 I) v( t5 A" K9 Q
set transform-set basic-des
8 w; V/ u9 s6 d1 H! r" A) [, Y match address 110
% g. u9 s; Q5 H5 H8 `# s4 Zcrypto map vpn 98 ipsec-isakmp dynamic adsl 8 ?* A4 B$ v/ j; q( z
crypto map vpn 99 ipsec-isakmp dynamic client
( U/ f1 ]$ }) H A" H2 w1 _!* e- \( W+ R+ C; F. B
....' n! [0 X, t. u/ f+ x+ H
interface FastEthernet0/1
: I1 l' q' i6 D/ B- V& T/ G! h L description Internet Connection5 r' G' z3 d1 K3 [ `) G0 g& O
ip address 222.202.209.27 255.255.255.0
0 m+ a' G/ F' }* T" ?) b- i ip nat outside) `) G5 H; W3 g/ d
duplex auto4 n! L/ w) \6 v3 r4 Q
speed auto L7 B6 b4 v9 t4 `! I* C) T
no cdp enable* z2 u. U/ \9 b3 t( _2 p! }2 H% V
crypto map vpn
8 s4 Q6 U: F0 D0 T* H( D!
' Q+ J- e A4 F% [ M4 ]& s% h# G: @ip local pool vpn_pool 192.201.0.1 192.201.0.30
" x! L5 x `3 B1 sno ip http server
" o9 U! ^" |- M6 t# Pno ip http secure-server" I9 T, i! E1 b+ l: _: h
ip classless5 X3 M' i- l( k
ip route 0.0.0.0 0.0.0.0 222.202.209.254& o* C0 ^( j! M4 i6 U' U
!
* k/ g+ i8 ^) x" O/ J+ x!
9 W9 i8 Z$ X& k) y* e3 I0 O4 Oaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15& X5 u- H. U; E5 a
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255% g( q2 g# t: d& u
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.255& H/ d4 W+ q+ K# ^9 V
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255, B# H! i: R+ N- g; d
access-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255
8 h3 K3 @% f* F& x+ S0 xaccess-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
$ z4 |2 U1 t" ^1 [$ I! A' i! Haccess-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255
r0 `' A( d, h8 M.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
