我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题( J! z( s& z1 _% Q. y
即:都能访问中心端的10.28.0.0网段% c/ l1 ~. y/ i
; H( D: i) ]) I" L1 F9 H" {. ~
aaa new-model
K7 h. ^' ]4 D!, h U! a# N* k
!
, L6 I# z2 w! {: Taaa authentication login default local8 u* N' w( v2 ]$ @
aaa authorization network vpn_group local 2 K, z/ J& |/ E& R4 u6 c3 V
aaa session-id common* p( k+ W) F- b/ Z; i8 l
ip subnet-zero% B, }. ]) \7 X8 S
!( r" F4 W9 u* q& g
!
2 X8 N( ~9 e& o1 m- t% tcrypto isakmp policy 1
1 z: L2 E9 k8 L5 _ encr 3des& g% h" e4 B+ E, N8 d
authentication pre-share
' R* T7 {" h9 Z' u% v0 e; z group 2: N! d" J5 `. f' K/ `( {* D) s# X8 S
!
, x* D5 p7 z- N7 y- G; ^crypto isakmp policy 24 Q- A0 W. y, X
hash md5
$ t' S/ R7 D! z. e authentication pre-share
0 l+ o1 ~ Z' X0 ]# z!: m2 M# I q9 d' {5 t
crypto isakmp policy 3* W* Z. Y. j; k3 r: _, L, z
authentication pre-share% R3 e0 h( g$ T0 w5 Q! u2 O# `) i! J
crypto isakmp key 123456 address 0.0.0.0 0.0.0.05 r. d6 o( A' J0 Y
!! p& o, b- j" t# a7 D
crypto isakmp client configuration group vpn_group/ C! P% x g v+ S9 [
key abc123
$ z% o; B( Y& [7 w pool vpn_pool" a( O5 M* @( L6 `5 w7 a. H$ X
!+ J. `+ @2 c, z
crypto ipsec security-association lifetime seconds 864009 [& c) H+ _6 j
!( H: j+ o# k( X$ w- a d
crypto ipsec transform-set basic-des esp-des esp-md5-hmac & Q! Z p+ K: d; X% a6 I; ~5 t Y9 q
crypto ipsec transform-set basic2-des esp-des esp-sha-hmac / O( F- A V! f }
crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
7 D: v6 F" K4 Z( R& a+ @crypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac 2 T1 u0 v% `9 `! h9 w/ ?* p0 N
!; {6 `- k% _) w- i6 u& H
crypto dynamic-map adsl 1+ B" c5 V8 O; @
set transform-set basic-des
7 q" N! b* C1 J+ P' X2 J match address 111
; E- x8 K* x" x/ M$ g; K: Vcrypto dynamic-map adsl 25 p0 l; I4 o6 }7 n3 O
set transform-set basic-des
. k+ s, [6 L- \7 e* \ match address 112; I; y) n$ i0 M! K2 P
crypto dynamic-map adsl 3, ?# m9 ?, ^2 h5 ]) j1 Z
set transform-set basic-des
4 ^8 U" A! @5 S9 @ match address 113
) x4 K+ q, t: L; I5 o/ Q6 j: A...
/ L s( r* k Z+ S% Y0 ~!- z5 Q) ]1 C, i& v; D5 {
crypto dynamic-map client 19 R9 ^& A& X1 t& g/ U2 R
set transform-set advan-3des * ?. q: V( j/ T" y
!
- ?, j. g0 U! i!
( `4 e; d$ n, R/ N- |: X* ncrypto map vpn isakmp authorization list vpn_group
0 J5 k1 j, [ Y$ T$ H5 ncrypto map vpn client configuration address respond
7 b: {7 |* y: u5 B0 j; b% u( K+ U0 scrypto map vpn 1 ipsec-isakmp 8 t# H% g% o. P
set peer 195.6.174.202- J& M7 h( i( z6 q. |/ k
set transform-set basic-des 8 b" O9 ~9 D6 b
match address 110
/ `3 k- h, s8 e; B- Ncrypto map vpn 98 ipsec-isakmp dynamic adsl 9 v2 i( V& D; ^) {4 {1 v5 _! F
crypto map vpn 99 ipsec-isakmp dynamic client
, U% k6 k R5 b- m!
7 z- Q- r1 `, j4 S' j& @: D....
9 d9 `6 K }0 U% e0 Rinterface FastEthernet0/1! l# |$ P9 O: [1 `
description Internet Connection
8 [8 x7 l* i! l3 r# B' |& `* {0 y, W ip address 222.202.209.27 255.255.255.0
$ U3 D2 r9 t2 r. Z4 y ip nat outside+ v- ?+ ]0 ]2 F. ?; V
duplex auto
! `" I0 X, B7 W- E speed auto
2 K' S' d( P# e; d% b, V2 |8 I3 H. U no cdp enable
( ?4 v: V/ `3 f V; z, w: b5 c: `3 Z crypto map vpn
' ?4 A8 ^1 H" R4 ^1 p0 u!) q% w1 C) x3 F7 p, Z
ip local pool vpn_pool 192.201.0.1 192.201.0.30" s6 ?4 J0 F" A& n0 q
no ip http server% }5 k" K# z2 z$ q B. W' T
no ip http secure-server
: l; S) q7 j) n1 K4 R' Cip classless
2 Z' w' D1 D* K$ u: U6 m' e/ {ip route 0.0.0.0 0.0.0.0 222.202.209.2543 W5 z4 _! R7 |' R
!
, E; k' H# U- B' y1 H0 w! M!
2 ]0 s- d4 ^( ~) k3 Yaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.157 {" `) v2 H* G/ E, K
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255
0 p: L# f! v3 I8 F9 b9 |access-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.255, i1 `$ E1 E3 w6 R7 C
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255
$ f1 U, ^' p! B% N | maccess-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255
8 v/ q6 S' d5 G% Oaccess-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.2558 p+ J7 @ l2 v& e v
access-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.2553 y! ], ^7 q& V5 J" ]! Y# @
.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
