我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题
% l% y$ `$ f! w4 k* m! C即:都能访问中心端的10.28.0.0网段/ g) I+ a& o# R- R" p0 M8 ?' L
! z _7 C4 N9 G$ C
aaa new-model
" B) B2 n' d; S% W1 u9 I!
4 x. A" Q& R0 o V' w!: @; [( D- o( M% v* A: K+ J
aaa authentication login default local9 E' E0 C* r( P" L3 C9 z y d
aaa authorization network vpn_group local
* v1 b) ^2 U6 `# I) Faaa session-id common! {% c! W9 O9 c) Q5 B
ip subnet-zero9 ^1 Q$ }3 Z7 h, H, _" u
!. Z- L. H4 o e# ?+ Q
!3 o7 M- B, Y' }+ E; z E! `
crypto isakmp policy 1$ _4 `" J- ?4 X
encr 3des2 P+ c9 u) ?0 u
authentication pre-share2 M+ I' T, U' q, w9 S9 @
group 2
2 g: C6 M! @) b' H# r!
2 B' B0 h* B- ]+ ]crypto isakmp policy 2
1 k2 U! ]1 F! J6 w hash md56 L% p- C( P8 ]5 k. S
authentication pre-share
, \1 l! e/ \7 U, e" O% F!
c1 ?" m4 r% Y. ?# @; P9 Ncrypto isakmp policy 3
, Q6 Z' o0 b/ P7 Y) \3 a authentication pre-share
, }1 B7 ?3 W; y* q2 s wcrypto isakmp key 123456 address 0.0.0.0 0.0.0.0
. J6 \5 I$ @' i+ Y* t6 z0 x!
% R4 K5 K- Q* {crypto isakmp client configuration group vpn_group
; s* W5 p$ a. H! A0 Y key abc1237 w' }+ `5 h9 s! P5 f. \
pool vpn_pool
# k7 N3 s5 H0 G! S!
k5 `; X. ~) ~0 ]4 R. pcrypto ipsec security-association lifetime seconds 864008 l: N+ j" \3 `2 e+ y+ l
!
* j. p8 v% k# A; K" Scrypto ipsec transform-set basic-des esp-des esp-md5-hmac % Z% c# N x [' f1 ~: A
crypto ipsec transform-set basic2-des esp-des esp-sha-hmac
* @0 |3 n, K! X& Zcrypto ipsec transform-set advan-3des esp-3des esp-md5-hmac . l$ q: Y& n! K0 F5 S% R) R8 _/ ]
crypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac 3 S: R4 T" j4 ~& F& L& H* m
!
& q6 {3 n [) c+ u9 l* Z% }% Lcrypto dynamic-map adsl 1
+ h: I9 U% M. u. E4 m set transform-set basic-des 0 I# I! O3 w7 A
match address 111
+ A8 e8 |3 D( U# ncrypto dynamic-map adsl 2
0 r+ n$ _$ f/ ~, g set transform-set basic-des
6 N1 b6 x8 d" M. q q match address 112
; z7 C" e B% F* U/ x6 y8 Q7 _. ?crypto dynamic-map adsl 3& B9 n" }. m8 U- Y& N7 i2 f
set transform-set basic-des 4 a& x* i% W/ c; _: ?
match address 113
9 g0 u6 `' D) C; ]...! J+ H( t% z7 b7 }2 `, o& I# Y$ S
!
& o, I9 d# k3 M$ }crypto dynamic-map client 17 I0 {9 u7 k6 c& c2 M% [
set transform-set advan-3des % x! A0 F: _ Z# X
!+ E- Z E. P+ |# i! A6 U$ _
!2 P. G/ {3 P9 R0 `+ i
crypto map vpn isakmp authorization list vpn_group
* j% S0 \; g8 y& I7 f& L1 Q* e0 {4 f3 ?crypto map vpn client configuration address respond8 v3 X: i$ J' r3 V9 ~$ C0 D: K6 g
crypto map vpn 1 ipsec-isakmp 5 w1 |& ^3 L5 ^* j: I5 a+ {$ A* w
set peer 195.6.174.202
8 h, f/ w# h9 m1 t set transform-set basic-des / |# A; [6 x% N8 s- n
match address 110
) W& U1 J% e" v1 mcrypto map vpn 98 ipsec-isakmp dynamic adsl " J" i! Q- z: y
crypto map vpn 99 ipsec-isakmp dynamic client ' r1 N2 i! U% B" |
!( `9 n( G- Z* b7 w3 q/ J
..... I0 t; h; J; N5 H4 x& Z: b
interface FastEthernet0/1
, d$ h0 z4 V3 p+ b; h description Internet Connection* {/ P3 B) I1 f9 U: J2 l
ip address 222.202.209.27 255.255.255.0+ c" P3 t% R1 q; `4 x1 @% s
ip nat outside$ n; F+ L" P' ]4 c; i
duplex auto7 g, p) W9 c S$ i! x5 \) c
speed auto
' t7 s6 ?8 V# n) _& z no cdp enable' a/ K/ a7 [- k, @
crypto map vpn" t/ r1 C$ |# k1 O- _. M/ L
!
. f; N7 X% e |1 Pip local pool vpn_pool 192.201.0.1 192.201.0.30# P; p2 h) z" |: e7 n7 _
no ip http server
# Q# m. n @. G% Mno ip http secure-server1 {" O5 A3 C2 J, U9 s
ip classless
7 A7 ~5 [7 N [ip route 0.0.0.0 0.0.0.0 222.202.209.2549 g; M6 u# u; p9 N
!
. q6 g+ Y- q* t8 d: t!+ V5 e0 e5 c7 \3 |1 p1 y6 H
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15) B4 E6 a o8 u
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255
' X* \) x+ U( [" s( E; zaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.2558 f" X/ s: a! b0 |2 U
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255 P9 Y. K3 a& R2 Q. i+ Z
access-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255( Z$ ] [+ j' ^0 ?' I
access-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.2551 C3 n: V9 o& O8 b8 I- U# F
access-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255
, J$ N e ]) ?: ~.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
