我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题: r) K" _# \6 L4 ]
即:都能访问中心端的10.28.0.0网段0 ?0 i: Q% Q, }0 U5 i1 X! J8 k1 q* G
- k- p* R; q' G2 e/ D) D7 C9 }) d6 _aaa new-model g4 M, M; ]3 x$ _+ F
!) R6 j& ^' h' }7 o
!: G, t+ T; u- F( M
aaa authentication login default local
, q1 T& [" q; A: g5 b. F* m& z8 Qaaa authorization network vpn_group local & P$ I |1 [' [4 f: \
aaa session-id common
# X- Y: p( I/ \, ]7 zip subnet-zero; q6 Y& ?' J s7 U" Y, Z
!5 j w& A! t' `
!
* H: `6 Z% W, }. m1 y, [1 R9 icrypto isakmp policy 12 G& |- o, X& e' u
encr 3des a( Y. M; Q* m% l8 }, x
authentication pre-share7 f$ k# m8 C: Y* d& t' g/ @$ t" M
group 2
" i0 e; C4 F0 [- v!4 `6 W" I& W k1 e4 G4 h4 D
crypto isakmp policy 2
+ l2 A- a7 O& e% f2 F hash md5) Y; G9 G, {% J7 U8 \7 k( C
authentication pre-share$ U' @' T4 U9 u1 X4 }
!8 K( ^) ~6 v/ ]: [' y0 w
crypto isakmp policy 3, ]! i' w7 S" \# f8 q* p+ F4 v& Q
authentication pre-share
7 ]0 p! z! J/ w1 C9 mcrypto isakmp key 123456 address 0.0.0.0 0.0.0.0
, w3 i+ Y( V1 A- Q# z!
) r4 x9 }/ [0 D, o- k+ f' y$ Acrypto isakmp client configuration group vpn_group5 `! x- g4 F: [5 ~( H
key abc123
, n# }/ B& c! e/ R8 `9 l pool vpn_pool8 V# j3 W4 Q! u F) C; \9 I
!7 z/ f6 s y2 O6 r
crypto ipsec security-association lifetime seconds 86400! t3 ?; e6 S; G- O; Q% u5 ~
!
0 H7 p X) X( T7 Acrypto ipsec transform-set basic-des esp-des esp-md5-hmac
& [+ ?, G/ D5 e& l9 T; Rcrypto ipsec transform-set basic2-des esp-des esp-sha-hmac * {( e4 b0 ~9 @2 [
crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
& d4 _& T" L: C) h( y6 f/ G3 [crypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac " q! P+ M# x/ T( y
!
( ^+ q% V3 A' Z. {) N9 scrypto dynamic-map adsl 1; y6 \; j" ^8 N) J' \. H
set transform-set basic-des 4 @* v' _( k+ j
match address 111
; |1 c3 G; s; R" Icrypto dynamic-map adsl 27 B7 R% C/ `- b+ @( m J/ t( d( V
set transform-set basic-des
2 a- o/ \/ O# Q1 @( y+ H match address 112
7 Y2 W$ z# h# W% xcrypto dynamic-map adsl 35 b+ h! E4 H: S" w$ ` e6 O
set transform-set basic-des # H {% {4 D' Q5 v
match address 113
: N6 T6 ~5 h( X2 y" [- ]...
, |* {" s' b, G& H/ {0 t/ R e!
- L3 \# i# F) wcrypto dynamic-map client 1
& x4 O2 l( d' g& ?% u set transform-set advan-3des , c/ T# }% p& c- \/ X. p
!( x' i s' [! G: U3 h
!, F# A, V/ E. d
crypto map vpn isakmp authorization list vpn_group- [4 c% F7 C" C0 W3 Y4 N
crypto map vpn client configuration address respond
, B! e6 a# }) t& k; h7 F5 U6 Mcrypto map vpn 1 ipsec-isakmp + s; M* d q; ?2 e3 _
set peer 195.6.174.202
6 p: q+ i2 M1 N: a. A set transform-set basic-des
' r5 S% q; K; W match address 110* Y: k; w! }3 I. M
crypto map vpn 98 ipsec-isakmp dynamic adsl - |# I1 w k! E+ `
crypto map vpn 99 ipsec-isakmp dynamic client P1 i3 f( T% b8 s6 X4 Z
!- a7 _' Z: k. k; q
....: Z: b$ w* y$ K$ Y! V, I2 t
interface FastEthernet0/1* l" k" x; P& x* a
description Internet Connection D$ O8 h9 u/ H% }
ip address 222.202.209.27 255.255.255.05 z$ ]4 S: ~: } H6 ]) l
ip nat outside! D, u9 a. j, I1 H0 p: z6 |
duplex auto; U! I u8 Q4 K- t' k8 G7 o+ V7 B' o
speed auto6 o$ [' R& E: u( c1 V
no cdp enable
0 r4 O0 n% f- v' a9 D3 Q crypto map vpn, R9 j$ o6 u3 X3 o# l8 q4 V3 Y q
!
4 H" v b* S9 s' Mip local pool vpn_pool 192.201.0.1 192.201.0.30
% p2 I9 G1 J4 n: I( fno ip http server, \! w$ W0 A& M6 z
no ip http secure-server+ B6 H) E2 a0 b' N
ip classless
1 F, l0 y5 y% j; ]ip route 0.0.0.0 0.0.0.0 222.202.209.254
5 } Q# W4 N) j, L5 i: ]9 p!
! z- n' S# m3 W% q5 b4 e!& u8 l' {0 Z/ ?( d* R. ` d
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15- e6 u% ?% I" n- s7 n5 ^) \& E
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255
! j1 a! t& u+ N9 u& caccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.255: K: i; ^/ D$ A3 y6 J
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255
' b" S0 m1 h8 k$ Z9 jaccess-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.2551 d" p+ P! ]+ L# f. z
access-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
+ R5 H O6 n N$ \" J$ haccess-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255
& s+ A6 T+ N& T; }.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
