我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题5 e* }( D1 R$ j" G1 t2 M
即:都能访问中心端的10.28.0.0网段
/ G3 K% ?) a5 F$ k; u; j: p/ `% K. f* G$ N! x
aaa new-model
1 c' ~. U: }% K!
* [- ~4 S" i& K( _; c3 u, z9 I5 O!6 o7 b3 H2 D, w2 h# D
aaa authentication login default local* @% ]1 @+ D& Y$ z3 s
aaa authorization network vpn_group local , h$ R9 b. y8 U! i6 ]
aaa session-id common1 E: e* r1 q0 ?/ m; v
ip subnet-zero5 f Q. c5 w& v6 u% Q
!
/ x1 t: K [/ b1 D, F; Y" \1 K n3 I!+ H- z i2 y \0 J4 n8 ~( |- y J
crypto isakmp policy 1+ J$ L" O+ J1 c7 x5 T; }1 {8 ^0 H
encr 3des8 T. x1 `: ?) v! y/ Z
authentication pre-share
1 u: ?1 }: o+ Q+ K, Y. u" U group 2
5 ]7 R% s1 C) N) ]1 @+ l0 F$ `0 b!
$ J' J8 ]. ~. X& k& z8 n5 f) }crypto isakmp policy 2
0 P) m$ U4 t# I0 T hash md5
4 H8 O% @# T/ j authentication pre-share8 [5 n' [) N1 s$ X% }
!
% ~7 B+ P6 m" N; D# y$ Xcrypto isakmp policy 3, v; a) E; T4 m* W# W" }
authentication pre-share
/ o& J: J. k* E3 Jcrypto isakmp key 123456 address 0.0.0.0 0.0.0.0' P5 d, D: c4 W# [
!( V# M- S( h' H
crypto isakmp client configuration group vpn_group& ~' a) b/ Q. Y# d6 p
key abc123, W- f- c! F+ u8 N
pool vpn_pool2 J1 A; L" n- z& s* O$ F2 D
!. m9 k; `; N, T1 y8 A. h
crypto ipsec security-association lifetime seconds 86400
8 `$ B5 t8 A/ `4 P4 y!
9 K/ g* B# a. U% R+ \3 Z7 G/ ?crypto ipsec transform-set basic-des esp-des esp-md5-hmac
. P. V1 u( K5 ?% {9 B, ^crypto ipsec transform-set basic2-des esp-des esp-sha-hmac
; B& P4 {" S' Q( y: j' P* t# ucrypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
$ K) N0 v5 X9 p" |( E _) n7 Jcrypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac 7 h( X l' S4 y6 R( l
!2 D3 \1 V9 p& ^4 g& \" u
crypto dynamic-map adsl 1$ o* Y* _) c4 _# W
set transform-set basic-des 4 ]& [) c4 v8 v0 W- M$ e4 T8 d
match address 1110 m& |- j$ e2 {) k! f
crypto dynamic-map adsl 2% v8 `6 H7 G+ k5 m/ q; A$ j$ T+ Y: L
set transform-set basic-des * h% m; U L3 S
match address 1129 U& A# _2 v# ~' l5 G. `, h1 f
crypto dynamic-map adsl 3
/ x* B2 D7 d! m+ ^* B* J set transform-set basic-des & K$ Z1 P# ^3 ^ G' @
match address 113$ K2 C$ Y$ X! w" A6 W+ | c
...
6 Q6 w# K9 c5 D!% J9 @4 Y! i6 U p
crypto dynamic-map client 1/ X' J0 {3 ~+ W- u! ~5 M/ M
set transform-set advan-3des
: I- B* p1 I/ d& X; |( I6 e!/ s T! h' W/ F: J1 @* E {$ \& ?
!
" j5 ~7 t' N _, }% a# _- ycrypto map vpn isakmp authorization list vpn_group$ f% O. |4 O" J; ~& c- ~$ B
crypto map vpn client configuration address respond
' x/ e& K+ ^$ Q, U& Qcrypto map vpn 1 ipsec-isakmp
; V6 E/ C: z1 s set peer 195.6.174.202% l8 F- l& W) }2 M9 q1 b; @1 `% e
set transform-set basic-des + x! @8 u& T; H/ i/ L; ?
match address 110- [: W& G5 j/ y4 F) q y7 T- U; E! G
crypto map vpn 98 ipsec-isakmp dynamic adsl 2 ?7 X C# t3 n I; Q7 i/ N( J) N
crypto map vpn 99 ipsec-isakmp dynamic client ! O. Z- F# {& c) i2 Z
!
2 c4 e% o4 x7 ~! W- K....
$ H/ e6 G6 Y; e0 U/ P) ainterface FastEthernet0/1
8 {3 h/ y) x% _6 b2 [7 L description Internet Connection
9 D. o4 R* o: X2 B, N& o ip address 222.202.209.27 255.255.255.0
7 m5 w8 O# e0 Z2 l/ l6 B; S3 [" T6 C ip nat outside
3 x7 v9 h& P5 C: f duplex auto. p& G1 _0 o0 L, k2 R4 f0 Z, h
speed auto# Y0 } u: t" H( V; X$ I
no cdp enable a/ F3 q1 h( G x; ~
crypto map vpn
9 L ]; ]- D3 w$ l!% \/ ~# O. O) F1 o0 q2 S
ip local pool vpn_pool 192.201.0.1 192.201.0.30
3 |8 T% ~9 c, }, Y7 {( N. c4 Eno ip http server
( Y& e; F% m; o: f8 c8 g( Uno ip http secure-server
- [: ^ Z0 z, _2 a$ U; _5 C) |1 kip classless* f3 E* A2 R7 c- j, p
ip route 0.0.0.0 0.0.0.0 222.202.209.254
: H9 z4 d6 Z& R/ b, r5 L8 n!, i2 Z5 E- `: M- I3 W( r
!0 ]5 |( w& e) J3 @2 I- Y! h
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15
' b# C( ?/ F8 f2 M# k9 J2 x0 Xaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255
8 R/ c, z" P, g( I+ v- l2 Qaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.2555 E' S# q. {$ d; H. ]- T
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255! W3 k6 D1 j/ n$ u+ { J! M# Z* x" t
access-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255
; `0 b& p* x& O0 `4 y+ @8 taccess-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
8 E- Q( i' G$ H" ]access-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255
; z# D- a& m5 D4 W' c.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
