做好锐捷的IPSECvpn设置
6 C1 ?2 d+ o+ Z) ]. W# G
( j+ T6 [ _/ L9 e& I; z' N又做好cisco的IPSECvpn配置
; Z* Z4 a4 _) m5 t% e4 {4 e: O& x0 G$ ]7 b
. ?9 ]& S' ?1 H+ l8 K# k2 s! L
但是两者的VPN没法建立起来
$ y2 c# ?5 W9 U/ o. k' {; p; K1 P Q8 S# m" R
贴上锐捷配置2 n9 z9 z! k# a g. ]" S% I- u
Ruijie#
3 a4 Z y4 ?0 B) {2 CRuijie#sh run
5 O: Z+ q( [( ^3 \3 Z+ W
7 I* ~; \% D; [, q+ C2 C0 FBuilding configuration...
( k7 {5 R0 I) Y# GCurrent configuration : 1016 bytes
* v. f7 t; ]1 J
) K* F/ F K& D8 A9 P3 x!7 a# _* ]0 J$ M! D/ q) `
version RGOS 10.3(5b3), Release(105163)(Wed Dec 22 18:30:05 CST 2010 -ngcf67)
% S( x5 S% u0 v3 ], n/ N!* C; ~- G) U, q$ u7 {" X/ V5 `
!
* Q, J7 U- O" d# D" W5 ]!7 r# O: Y* [7 w4 P+ ^
!3 c: @4 ]/ e/ s
!) Z: z/ c& K, G
!
3 @& A9 ]8 N& Bno service password-encryption
+ c: h1 i+ {7 u8 |) B9 r* B!3 v% U! F1 r0 G2 q( t
!1 f3 b: R! r+ M7 B+ y/ o/ n
!
6 [! z) R0 o- k% d!1 o, p" h" H# x6 L& ~7 G
!+ P$ U+ c. ^' h- o4 W
!
. Q, V+ Y* x/ X! n2 N+ `2 H!
. C, a, K! ]0 T- N2 Z7 U* c!7 ]1 Z3 K! ^! d
!2 h( [2 C4 d, C
!
7 C5 M9 [. V( l" P!
# y% t4 Z( o! x- M0 T! ) U4 ?" L2 n. o ~7 ~
!
. a$ @0 C8 U2 v' L% I!6 }9 z5 Y( F) {/ `
!! o3 b( i: T2 O7 v& a5 ^5 k- K6 N
ip access-list extended 100
* V* [, O! }; K' B10 permit ip 1.1.1.0 0.0.0.255 10.0.0.0 0.255.255.255
1 ]8 C! l$ n( E& ?6 ^" E20 permit ip 1.1.1.0 0.0.0.255 172.16.0.0 0.0.255.255 . {0 @( t; ?8 Z
!
/ q3 \$ V, k- S/ A9 k!
4 q3 k) K$ w3 G) L+ n!
/ ~+ n. e! g5 B: O!2 j' |2 K0 l0 i
crypto isakmp policy 30" p( x ~/ D6 }# F, A
authentication pre-share
6 D6 L4 w% ~5 f9 qhash md5
I; e4 \4 n# b$ D& m/ d3 ^3 @group 2% c" Q Z" V; N& I5 z; _! g% _
!1 O- e0 p9 W! ]% i# M
!
* B$ K4 E* |, f+ s7 W$ x( Tcrypto isakmp key 7 test address x.x.x.x
& U2 C6 Q- `2 ]/ p: Y2 ccrypto ipsec transform-set test esp-des esp-md5-hmac
8 Y* K( m- g# j' @crypto map test 1 ipsec-isakmp
k2 v9 s1 o- K9 ~* pset peer x.x.x.x) u1 f; c+ J: c2 j$ K* g
set transform-set test7 M' g; e" P5 e$ \
match address 100, g) P1 \; J# D0 e- T8 d1 T& O
!8 f* r! }- K O2 A: P5 v/ d
!
0 l: m9 t0 A2 f6 f!
! Z Q' Y; E y8 W% i5 M!
7 u6 |$ w: }) D; i: X6 t$ x* ?!1 C& K, ~3 G; s2 k
!% c+ s5 W- k! E
!
3 `# H5 ~ W% ?4 p!
; H! K: ~0 S9 I* O ~interface FastEthernet 0/0* T) ]5 z$ n5 ~; F. n
ip address x.x.x.x 255.255.255.248
$ g& j J+ x0 {% ]$ mcrypto map test
s; E( `' m4 U; z7 _& jduplex auto8 y0 J* s. Y( {9 K4 M6 m. a/ \
speed auto. H( r9 d4 U7 b3 }7 D% o. }8 j
!
9 V# k- }- V( ^$ @8 hinterface FastEthernet 0/1/ W7 m1 E" V' v- C$ s
ip address 1.1.1.1 255.0.0.0
& R$ }5 r/ P; |duplex auto
N! X; m9 d) b- i+ g7 Aspeed auto, }) }! T6 L* y
!
& K' y4 ^) D3 n+ }4 M* Q% [!
5 F) j- ~$ B0 n. L1 R+ x!" P$ |3 F( d& x( F% o
!
; w3 F7 e) p, ]2 N% R3 C!' O- a$ z4 N4 ?. ~ w3 U" I+ S
!
% v- v8 R3 s- X8 [! P2 P; i" h- q+ b( X9 M
!
# @1 A: p4 V& b7 r: r( Iip route 0.0.0.0 0.0.0.0 x.x.x.x9 G$ O2 B% r) {6 t! \! Y8 l% `
!- H$ U* t: o. b7 H! L0 i- @7 I2 B* c
!
( A2 h1 V, Y( C9 k0 E!
, ~$ C) I0 f( q! a' E+ A: n/ c!$ P' C! O" l, |
ref parameter 50 400& {5 `/ F" y# ^: _" ^- W9 {1 k0 u
line con 0
8 r% x/ i7 ~( b. i P) W$ c2 qline aux 01 \9 M! N, B& I2 L+ \
line tty 1
( ^' p, b- d$ d* h9 U5 O) I# G/ Sline vty 0 44 O) v2 q5 Y# k: I- `) _) f
login* \/ @) N1 K0 S" U; P ^6 W
!/ x/ A2 R O; @/ ~- d& z
!7 A) H$ @+ T7 P2 L2 M. r- k( @+ P
end 7 [: K1 x1 K6 j- B5 h) [1 {/ X
7 u/ A& k- T/ d! t
, _- g) X/ v( E# C5 k6 L `9 J
以上是锐捷的配置
7 P. r+ d& |, {7 a; _. A0 p2 X) N! Z1 _8 l
9 p) j+ `" K h6 ^! x2 T: ^( U0 O" u2 H* }% U* D
$ D' d7 j& {) U0 h5 I5 }* Y% B+ _% X
+ b- ~5 l& P" O' G1 J* L下面贴上cisco ASA的配置 ; d3 c2 [6 e# u I7 c
object-group network server4 P C: H/ r6 k' p( z/ w
network-object 10.0.0.0 255.0.0.0
9 I8 M( G7 B, v( P! {8 _! V% \3 ?
network-object 172.16.0.0 255.255.0.0$ c. S- n$ S, h5 }' Q' F$ x
& p8 D% J) g6 |, a3 F* a/ |( u
2 d$ Z6 l+ R [" k. c
$ t: T3 u" W, p4 i0 q) s& r
) E6 u; c* z" I) I+ p, Z, h" X
& H) w) L- f+ q7 a) gobject-group network test
$ C, l3 A: k, d- c% n7 }network-object 1.1.1.0 255.255.255.0* U W; L( c) n/ S* L. N& q, l
! E/ a/ e# L" N- m" q" ]" ]4 F( m2 V2 n7 u, V; C
1 t* H% F/ b8 Q0 @
access-list test extended permit ip object-group server object-group test . g$ E2 w/ U3 I2 O
, J' R# I# o0 L: ?$ o9 @
( `1 U' U W* l$ J0 M( d/ X. i
crypto ipsec transform-set test esp-des esp-md5-hmac
# N# U0 j: l. ~& x: x+ l
8 j( i$ W7 Z; F4 J+ q! d% R2 Z0 Q
. I* M: O0 M6 x1 Acrypto map outside-map 90 match address test# m) H& a6 l5 n5 i: N0 }
crypto map outside-map 90 set peer x.x.x.x
9 {1 J! I9 ]9 G* i/ Acrypto map outside-map 90 set transform-set test
7 l8 \$ f& }1 N! R% Ncrypto map outside-map 90 set security-association lifetime seconds 28800$ s: w/ k/ ^( E8 _: z8 r
crypto map outside-map 90 set security-association lifetime kilobytes 4608000
q0 c b; L' I0 I3 K; u3 ]* d/ S# X/ l9 a) v' {
crypto isakmp policy 30
/ f" V5 y, a( p0 p9 s5 `authentication pre-share8 }. N# m9 e; |3 F8 t3 f
encryption des
- n" g" b) F5 @( z5 W3 f' {2 n2 U0 Ehash sha3 P% T" u. ^& I7 k% v/ g! s
group 2% q# M, I0 I' A5 r
lifetime 86400) i3 H8 ?+ f& }* @3 R
6 S. i: f8 O8 R$ s8 q6 n: i' s8 I6 v
tunnel-group x.x.x.x type ipsec-l2l
# ]; E3 U- X& ^ btunnel-group x.x.x.x ipsec-attributes) R# S0 ~1 Q! y# Z( x
pre-shared-key test |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
