我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题8 I# _ Y0 M, ?
即:都能访问中心端的10.28.0.0网段/ M7 ?) a" V" S3 B- ?
& N' ~, l3 `; P3 E6 b4 Taaa new-model. ^9 J2 |& P. s" W& B+ V1 x
!0 U( d. K# [$ P+ r" j! k
!
( @1 c( F" \5 @* haaa authentication login default local* {) F, {2 C1 Q* W3 {
aaa authorization network vpn_group local
& G. R4 c; A6 p9 N- C+ ]aaa session-id common
5 G( h; {7 a' Y# Dip subnet-zero4 j; ~' V) h& ^* A. Q- s
!; B' O5 L/ }- }- K% w: t
!' n/ V/ t6 R' t# h/ N6 K
crypto isakmp policy 1. d @& p$ ]3 W" c3 V( W
encr 3des7 Y, M X$ N) e) b$ w) B
authentication pre-share
8 r9 T% K3 J C/ k4 K0 P# _2 I group 2% c+ d, ^+ c. ^6 W) {/ C3 z% O+ t
!5 z" D: Y. _: R2 k; f0 {) t3 s2 v
crypto isakmp policy 2
3 F: y" X& G& W _6 d8 N hash md5
7 x! W8 w g6 w. G2 X authentication pre-share8 z6 b/ F' M J, F# t
!
- ~: y! z: I) b8 w8 U7 Y+ Q. ?crypto isakmp policy 32 V) O) C& \6 ]. ?
authentication pre-share
3 Y) f' r7 c8 e( V: U" w0 u$ ?crypto isakmp key 123456 address 0.0.0.0 0.0.0.0
6 A" B ~2 I5 t!
7 P, `: e f/ }# Q- G2 a8 M3 Dcrypto isakmp client configuration group vpn_group
0 K! O) o% [4 b) `, h0 H) {* X9 X# g key abc123
0 p1 y" ?! P% E9 d9 ~ pool vpn_pool. P! A: X7 {/ X4 h. T
!5 _* o4 z' q% Y$ K3 q. K v
crypto ipsec security-association lifetime seconds 86400# D. h) r" X# h* j* K. p& g
!
8 D6 v* X) _$ Z% O7 E6 [9 O, xcrypto ipsec transform-set basic-des esp-des esp-md5-hmac
- p T' l8 d, v/ M8 ?6 S! q5 V2 ?crypto ipsec transform-set basic2-des esp-des esp-sha-hmac
. y& g4 \* E' gcrypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
9 V* C7 S; X, g7 J+ h! ccrypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac 6 j' D G4 e& n" x
!9 n; k, o6 n7 U# f
crypto dynamic-map adsl 1
; i( Q/ ~" g3 I; a" ^) ` t set transform-set basic-des : a/ f* ]) j. q& u! K6 J# l
match address 111
% B! F, w$ ~0 T( i) w* dcrypto dynamic-map adsl 2
- j( V! o* h# {: l set transform-set basic-des , I9 b H; E1 s' g
match address 112
( ?6 d( {7 S+ |crypto dynamic-map adsl 31 v( w" x1 B! S( V% R1 J
set transform-set basic-des
; y& Z; P+ L; j& F match address 113
4 L3 \" Z: F. r" ~/ N6 _. H2 _...9 ?* t# O% A5 t
!
- \0 L- F6 [2 q8 Ccrypto dynamic-map client 1 f+ Z! e: W, G" L& y& M
set transform-set advan-3des
$ f: p7 Z; j- [( ^7 C3 g& D' W!
, K/ { V4 h! I: N5 b U!
7 J( ~* E' L% C5 w. e0 q% ncrypto map vpn isakmp authorization list vpn_group
' D3 R2 Z' |4 Mcrypto map vpn client configuration address respond
6 s4 V Y0 `% ccrypto map vpn 1 ipsec-isakmp
0 F* D, _) x; _ f2 F set peer 195.6.174.202' c2 y9 M/ }) n! a, O
set transform-set basic-des
a$ o6 T, y1 G8 N/ \$ s2 A match address 110& D" w4 W) {7 m- S* e. Q) M4 s! U* O6 [
crypto map vpn 98 ipsec-isakmp dynamic adsl 5 A! w1 e0 G4 s( b) k
crypto map vpn 99 ipsec-isakmp dynamic client ' T( m) D7 l F
!* _$ V* o: a3 X0 i5 F- p
....* n" T; K) C, A* U2 U. ~
interface FastEthernet0/1$ o1 _! e1 R" N6 q; T
description Internet Connection
' S# v; v! I p ip address 222.202.209.27 255.255.255.0
9 T4 k+ v+ i, |7 u* ^2 ~ ip nat outside
e9 v( T9 ~: {" p" i- \ duplex auto
1 K$ B2 r) `: q speed auto" V3 A1 ]( h0 i! S+ n6 ^) k5 i
no cdp enable. \1 v5 H8 Z2 k, ~3 P1 V
crypto map vpn
5 ]* a3 R* h) k5 p! Y8 V6 L!
; H7 J% _. T( L6 Y0 Sip local pool vpn_pool 192.201.0.1 192.201.0.30
# F! [; v+ b" W- P4 A/ L8 \no ip http server
( [4 o! Y1 H7 jno ip http secure-server
% q+ H9 e% B, U2 {ip classless0 g$ X i H4 G' ?/ [6 K6 c
ip route 0.0.0.0 0.0.0.0 222.202.209.254' m, B; D+ \- z0 W1 `0 X
!6 Q4 U T$ G9 f
!
! X0 H/ M' j. k8 G* t0 |access-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15
& c4 [/ w3 J8 v* V" U% caccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.2555 r m3 e5 ^, S! D, s$ A
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.255
4 V' m/ m+ I( B) `0 |8 O: H8 Aaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255% G" ?6 E) \$ g
access-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255! Q5 i" H$ g" P
access-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
% f! f2 p$ q) s2 v- T# _4 I. Jaccess-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.2559 o( d. Y5 b+ U8 g# `9 f
.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
