做好锐捷的IPSECvpn设置
% t2 L- e5 G$ s7 u5 U, [0 |3 \
又做好cisco的IPSECvpn配置
7 [2 ^" S' @2 e& ~; B' {
3 b4 b+ L; w8 S" C) [$ x' U% }! g7 G3 c: q7 v8 x5 W
但是两者的VPN没法建立起来
0 O, q. w& j; m. F$ y7 \0 {
! M1 x! ~2 F5 E0 q* c! m: s' c贴上锐捷配置
% T6 `( b# W& \6 a/ ^Ruijie#
) ~+ X0 f) e+ e; TRuijie#sh run2 v( h, F9 U6 [ ~" L% {: K
- a! r7 O4 h) I! t+ DBuilding configuration...' x" c& M+ N V- _# \
Current configuration : 1016 bytes2 U! \8 t/ N* y, ~ ^8 K' i9 F
. q- [: I1 V8 W4 }0 P6 z!
* Q6 G4 f: Q1 Bversion RGOS 10.3(5b3), Release(105163)(Wed Dec 22 18:30:05 CST 2010 -ngcf67)
7 J2 Y5 l8 E4 a7 h4 Q# w!) c! ~' q1 F) V4 u+ j2 h
!
7 Q7 y( q& Q+ b5 ^6 f3 v a+ W!, d% i% W3 v1 D2 k! x
!, h, Z `: Z, D7 [) l9 [
!7 L2 w* P0 n, W/ Y
!+ h( b! |; t2 h& H7 g
no service password-encryption
, N7 G( o* d( b. A" G D8 f!0 k; q r) c& _, R
!0 ]2 Q5 g6 y& t% T
!9 A7 S% t: C% g$ X, E) P
!! v& k4 j) Q% n: T
!
- c: k# b% f/ L% c' @!! O6 p0 ?* m$ r* o% n7 S$ ^9 Q
!
& t* C5 `+ v' ~+ h!
' i% I0 n# E7 X!" _8 K4 b' h% T0 U' ^4 t
! g5 J( n4 g, ~2 T4 v# I
!, `! f, H* N5 m/ b) a3 {
! k2 f$ G1 ]4 D! V
!* b! _# `# N+ S7 T0 R2 `, c
!- H+ V0 ` R5 ^2 }# E8 j
!4 _ I; \ |) K0 I( m) M2 ~1 b- T
ip access-list extended 100
4 M8 a9 F% {* ]10 permit ip 1.1.1.0 0.0.0.255 10.0.0.0 0.255.255.255
& w9 y$ P- ]6 p20 permit ip 1.1.1.0 0.0.0.255 172.16.0.0 0.0.255.255
* f# i# @# h6 k7 x$ h4 {: y/ U!
6 j3 h/ ^) ~8 P2 r3 @+ {- c!
# v c: @1 R: B+ _. G- k5 V!
( U4 `7 e% `( |1 n X!) Z s i* r2 V6 y0 R4 T$ }
crypto isakmp policy 30. H: i4 F g; ^
authentication pre-share" z7 z# x. l# M( |
hash md5/ R* A% Q3 [( f3 I
group 2
$ O' X% s% o( Q" P0 b+ b!. `" \: A/ F! p7 S0 C" t; n
!
A8 j: _# m$ Q9 F. q0 hcrypto isakmp key 7 test address x.x.x.x
7 ^2 K' q+ o! P5 P: ~; ~+ l. A( O9 @crypto ipsec transform-set test esp-des esp-md5-hmac
* m2 r: ^% G. z( W; a% scrypto map test 1 ipsec-isakmp
/ E) t8 S- X: n: O0 }) u% sset peer x.x.x.x
: ^+ b* i5 B, e, Gset transform-set test- D0 J- K" q( f% h
match address 100
0 e: Q+ J: u' h: }/ }!
+ o& y+ C& |, ~: N! , K6 O; h8 ^( V+ J# j
!5 B& A! w4 n" M% M: ]0 U
!
. }) x& p% b. ]( _; ^$ `!: n+ x; ?2 R9 w0 `- i# n1 v) K6 x
!" U! y0 U' \7 S; i4 K
!
" y8 k0 n0 |! a- k$ Y0 S# {, [!
* H& X4 t3 P& r J; `+ a/ d- Tinterface FastEthernet 0/0
0 J0 j1 R- \ v, D* x% @( Yip address x.x.x.x 255.255.255.248+ S) L* u/ X) D, T& F1 ~" Q
crypto map test6 D/ Z4 R1 ]( ?
duplex auto- T, _; |& ]2 b: O9 D: z+ u y
speed auto" s- t* N! D B. e4 L8 u7 ^8 A, B L
!% J: @" P5 H, o Q) |8 A4 U9 {
interface FastEthernet 0/1
0 [; x2 I( f# h& Gip address 1.1.1.1 255.0.0.0) j7 [2 ]4 p8 L
duplex auto
5 V, p" ]$ v: i/ Lspeed auto
1 u0 q; C2 I) n$ E' g!# t7 U8 u) K2 @( T/ J% A, `8 c H
!
( r4 P* |. ^: g) g- t!
! @- Y7 l, Q7 a8 `. D. ^!2 F ?8 R2 a) P' s
!! d. j( x& a1 F# p' z
!
% M) Z% D8 ~- V, N( t1 O- X I0 ]% X; W!' n1 m0 q A. K7 l
! 2 |* }! l! ~- {/ h7 b) _8 L
ip route 0.0.0.0 0.0.0.0 x.x.x.x
! f9 H; _! F0 c1 L, q$ v!2 j: c9 I2 m7 P
!
1 R+ C- R8 ]6 W. i3 d& l$ U!
& d d0 v! L8 C. a L1 z!, w* G& {* `% m$ }$ [3 S
ref parameter 50 4007 W% P6 K7 o/ P6 I" z0 L7 t
line con 0
9 w. R/ C- l/ [" x8 S; }line aux 03 z0 Q* N& O; a. c1 ]" t6 E% f
line tty 1
. Q B" L, o- hline vty 0 4+ ?; o( J& k% f- H) ~
login
2 f v+ r5 \- U! f2 D& b$ E4 e!
L4 c6 N+ a4 I/ F3 E' d0 _!
% x; \' H s/ [& j2 H/ I8 a& Hend 6 a$ U6 w0 Y }* z9 U- }$ J ?
4 ?/ c3 @/ z6 W3 d3 p% ^) A' i. b0 Q
以上是锐捷的配置; [; g( G; F4 G9 Q* i
- _! L8 O5 G- L* |: x4 s( L
3 u( l# T$ C( n7 `
( @6 C1 {+ k' {& U
! {% U. |& n! ^' Y# x" N
# {9 J) L) B6 {* O5 ?: @下面贴上cisco ASA的配置
% ^2 B( `. I8 y# l& N# }# j8 |/ e+ p$ }object-group network server$ f4 o6 A" [/ i8 p: ]9 u& V8 o
network-object 10.0.0.0 255.0.0.0
+ B" d; y6 K4 w5 s6 P) t. H+ t( V- }6 |9 s1 V' }( g% P
network-object 172.16.0.0 255.255.0.0
: m- x9 D4 R5 J5 u8 _* ?5 z8 W l5 q: o% x
- Y" k: {* ?5 J) z" v
@6 z! d$ w7 {9 r6 M+ Y) U) Q% m. Z2 q5 q2 D2 J+ ~$ J+ o
' @( |, ^ ^1 K& E% Q! q" oobject-group network test
" E# } _$ s& N. Nnetwork-object 1.1.1.0 255.255.255.08 Q) _: Z. `6 f
' C) W1 H) z0 m8 R* D" s/ v7 k1 S
* g* J. p$ y ?7 | U" i1 K8 _6 I* Y! U9 b6 h% b& P
access-list test extended permit ip object-group server object-group test
$ x. c2 g6 q4 q, V
" m& W8 E# N. J" q W+ T4 i7 f4 t: _/ a9 n4 P" T8 M% x8 C
crypto ipsec transform-set test esp-des esp-md5-hmac
8 c2 I3 y# |' V4 o) y$ A4 r
. ?8 ]6 ?' I0 {# ~3 J
5 M- ^# [, ]% R# j, U, C
( K' m: B3 g+ [crypto map outside-map 90 match address test0 G/ c( A6 x6 l
crypto map outside-map 90 set peer x.x.x.x
$ I5 V; R2 R' n1 \crypto map outside-map 90 set transform-set test" E% h* i. `! k% m& B
crypto map outside-map 90 set security-association lifetime seconds 28800
$ J6 ?( n/ l$ @$ v. J zcrypto map outside-map 90 set security-association lifetime kilobytes 4608000
6 u2 B" S" a$ G) C: X# l8 h
& i5 p; ^ @6 q8 j: G# Q, Acrypto isakmp policy 302 r- @. x2 T7 J3 F
authentication pre-share
" c C; K1 @/ E$ ~- j9 N8 g; eencryption des
: p) j% E" \7 q- K8 L! G+ vhash sha
3 [/ e/ S9 i9 @4 w3 [7 u+ igroup 2
. Z7 z9 L# b; k7 flifetime 86400
" P# k3 p$ ^9 v* c% G9 H6 C8 s, x2 M$ b% Y( w
tunnel-group x.x.x.x type ipsec-l2l: H' r6 K$ P6 }* F
tunnel-group x.x.x.x ipsec-attributes9 X6 b8 x' K, T- ^
pre-shared-key test |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
