我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题
5 U4 b( A7 X: V" ^即:都能访问中心端的10.28.0.0网段9 |6 u/ K7 J1 j
; n$ [/ I3 H- U8 _aaa new-model0 _5 [" I% L l2 {& B0 X; o* I1 o
!
! ~/ o M' U' l) x3 M! u i4 `1 R1 G
aaa authentication login default local! B' Y+ G! F! W% v7 x
aaa authorization network vpn_group local 5 }) I1 T6 |( H: u1 w: r4 c
aaa session-id common0 A( ~/ q$ l4 x/ E: b; z
ip subnet-zero9 z4 ?, \: s0 d
!
: {/ \5 v0 j4 P/ @1 W* ~ j!. E" X3 Z4 \: ^( Y2 y# `
crypto isakmp policy 1% Y! {" w3 X: @, O2 z! D0 R4 U- [
encr 3des
2 u) \* R% v* e7 H) {% J, P authentication pre-share
2 e2 H3 t5 c: h8 Y+ M! }% G group 2( m% l- h4 Y7 Z- Z) m2 o8 w* ?
!
4 \% ^) G, F* [+ W! \) B! h$ ~' Tcrypto isakmp policy 2
+ T& M$ A0 c N! r O- X3 @. R. T hash md55 W! P. C$ ]# y! W
authentication pre-share
, P H) I5 C! z* X. e' W5 E!
% D% W) l5 S. ~crypto isakmp policy 3
& \0 c7 h( k2 ~9 a3 @) N; Z5 |& F authentication pre-share" ]0 i% X. g: M# `. @" F
crypto isakmp key 123456 address 0.0.0.0 0.0.0.0
: R4 D1 v; x, N0 ~7 n8 u; r!* u) M& ]9 l+ G0 j& [" @6 U
crypto isakmp client configuration group vpn_group- B/ L) u& z8 [
key abc123; ?8 h2 W# \; [9 ^* @
pool vpn_pool6 J$ v. U: z- e; n% W
!6 ?. ?8 n0 ]" d: W- i
crypto ipsec security-association lifetime seconds 86400
$ g! h# L' C, P' {!
) A+ i+ Y' ]( ?' {crypto ipsec transform-set basic-des esp-des esp-md5-hmac
/ [1 a& |6 g4 y, `6 Ycrypto ipsec transform-set basic2-des esp-des esp-sha-hmac : x( v( J% l$ o
crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac ' U1 t) E3 G6 r6 r2 r
crypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac
6 l6 Y b0 v7 A( {!
$ u" L, X0 q! c; D( |% ]2 c. ~* ocrypto dynamic-map adsl 1
6 [. {, Z6 y4 \2 G) T# ` set transform-set basic-des : G+ B- A# }& Z, [9 ~% _
match address 1114 Y7 G3 O$ ]% u2 [) P! Q
crypto dynamic-map adsl 2
! f0 D. D/ j" Y* z6 j2 L set transform-set basic-des
" Z t) w* T0 c% B& c# J match address 1122 f: O9 M4 L0 l, s1 u! f' i
crypto dynamic-map adsl 3
( {' w! K0 g1 W. Q% S8 ^: r set transform-set basic-des 3 P+ _' W' w; F) t
match address 113
: d# ?% o8 a8 o4 q...0 [! W; w- d8 t9 h9 I7 \' u
!5 D+ [ ]( G/ ~* y
crypto dynamic-map client 10 B4 Z7 A( M, T# J0 [! J
set transform-set advan-3des
$ Y5 Z' @' u0 ~. o2 S4 K5 J!
( Y* y i/ B6 p; G9 w!+ V" D7 e- b: V! x5 z
crypto map vpn isakmp authorization list vpn_group
! n" T. \4 g9 b pcrypto map vpn client configuration address respond
4 G |! t# c+ t" f7 P& Acrypto map vpn 1 ipsec-isakmp
* G; J) @$ M4 T, s set peer 195.6.174.202
/ Y( Z5 l* r. L: I* I g set transform-set basic-des
7 N7 \# A- F4 p match address 110
+ \1 h/ ]8 Q$ a* a* V1 |" ?* Tcrypto map vpn 98 ipsec-isakmp dynamic adsl
8 F2 v) g) U" o! r, X& Q! {& P9 }9 N( \crypto map vpn 99 ipsec-isakmp dynamic client
! s h8 \! `* k8 q!
- F) W& j# N6 R....$ N/ r: c# i; s) F
interface FastEthernet0/16 o+ Y# t4 \0 e3 o! L
description Internet Connection, O6 K$ ]7 g) E' q- f" I
ip address 222.202.209.27 255.255.255.0
; \2 O" }; l/ b8 [8 v) P7 S/ ~ ip nat outside: A' M, {0 n1 V# |+ h3 L4 g
duplex auto: k5 w5 p$ r4 V* w1 T" k( d
speed auto, w6 n% p8 R2 H% M2 X" V0 h* y# u
no cdp enable
% h. T+ x2 H" Y crypto map vpn5 Y* c# K; _1 g4 T) E
!) h9 H3 }6 G' H. D
ip local pool vpn_pool 192.201.0.1 192.201.0.30
% m7 `% \, b' Zno ip http server A, b& r0 K: ?& `7 U/ Y
no ip http secure-server
6 _8 ~( z: u; F# c, ], q! Nip classless
* j/ q5 F4 ^8 {7 N ~& s0 S/ Iip route 0.0.0.0 0.0.0.0 222.202.209.2544 X' a ?1 i4 j* J% R' ]
!6 c+ L/ K& L0 o( x
!, t- _/ n8 ^! _! s' ^ t+ V
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15
S& {# K/ }; A0 V. B E- j Daccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.2559 e: r; w8 m5 ?. K
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.255
& K+ g/ _$ J" z& _access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255
; O+ i; Z1 k! m' j3 b+ p2 @access-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255( s! O& r2 K w: p" s: g3 d# \
access-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
. y2 f* j. V1 b$ M( J5 |access-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.2559 H7 H$ K6 t( J# B& M: |; j
.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
