我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题' q3 Y, [5 Y. {' G! x$ x
即:都能访问中心端的10.28.0.0网段! Z2 {$ O* p- B$ y4 q
+ |/ q, U7 n. e) k
aaa new-model
* Q8 F, v4 x$ A% i7 n2 u+ R+ Q!
# ]' ?2 ~( ~. ` ^1 Z' l!8 D9 c# k! D6 y3 H
aaa authentication login default local, t+ g ^/ t r, B9 J% w4 t
aaa authorization network vpn_group local , l- a4 |- S) c% A+ z% }
aaa session-id common& d& m0 Z- W' C0 x0 ]
ip subnet-zero
: N% ^; P& Z# P# i8 {!) Q4 `4 Q- n. f; p; l' Y
!
* a+ {! z- A3 o; Fcrypto isakmp policy 1" G7 T( L' K# X+ T; q( A& _
encr 3des
9 _$ R% A0 E) i! ]; N& J" D authentication pre-share j" K% M9 W6 O
group 2" e V- w5 |0 J. Q; Q7 |" o
!/ E% V0 \. S. v$ ?9 i$ L
crypto isakmp policy 2
' L1 Z# g0 W, o# x: M: @ hash md5% v$ b% w; H& K) @
authentication pre-share
- w& m9 V+ N/ R9 [& M, t/ s!1 _" |$ l) L9 c( X7 z( ]
crypto isakmp policy 3
) A" [- y G0 l( i. ?6 P authentication pre-share
/ n( P2 h- f$ l& O% O& Y kcrypto isakmp key 123456 address 0.0.0.0 0.0.0.00 c: b0 Y T1 \0 Z& E$ g
!
I5 T, h. n7 m6 B+ H x: ~4 w$ D/ tcrypto isakmp client configuration group vpn_group
+ C# m$ _* Q- w+ b- }/ r7 ] key abc123/ S3 u8 b4 b( G5 D5 c
pool vpn_pool
9 Y7 B( r4 ]+ R" Y1 y; R) S6 ]!2 I3 X2 v/ u$ ?5 `
crypto ipsec security-association lifetime seconds 86400
# l- n* F9 F0 C# i+ C!% y1 p7 p( n. A, |+ v
crypto ipsec transform-set basic-des esp-des esp-md5-hmac 3 E' Q2 J" @3 L* {/ i5 k3 b `
crypto ipsec transform-set basic2-des esp-des esp-sha-hmac 5 j% d3 N& ~& K
crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac 2 h( [7 E# d- ]
crypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac 0 K6 o. ]8 E6 r
!. q I" N1 c0 F: m1 W8 K) i
crypto dynamic-map adsl 11 }( E7 Y& Z$ k D7 |
set transform-set basic-des $ ]$ A" ?, f3 @/ g" b; \) h
match address 111
: {+ {1 p8 x! \" d: r& zcrypto dynamic-map adsl 27 U( f. T U' l8 ]: W+ {
set transform-set basic-des
5 W& C0 L9 ]6 `! s$ M3 W) a9 T match address 1123 S' [" j- k$ s
crypto dynamic-map adsl 3
v0 @1 V9 k0 r2 B) m set transform-set basic-des
: r2 R* P% o1 Q# v$ B match address 113
, E: w2 L( C5 u: {...( n& ]& c( p2 \; E
!+ |) a4 {% a& f' }2 ^
crypto dynamic-map client 1
! B8 T4 B2 l1 x, I2 Q9 C% z+ ^: a set transform-set advan-3des 8 y' D1 V& `- y' p. a
!$ x) S- t6 @# o Z
!5 Q0 c* S% D0 \% e/ Q. G
crypto map vpn isakmp authorization list vpn_group
8 K2 f0 s/ E; O! { ~crypto map vpn client configuration address respond' u/ v. e' `. `# n: R: G/ t
crypto map vpn 1 ipsec-isakmp 0 L% l" g2 |+ @4 w$ ^5 o. K6 N7 w
set peer 195.6.174.202
% G8 Z7 f- a# ] set transform-set basic-des 4 M" s8 o/ R7 J3 p' I$ m
match address 110/ R. Y/ R _* b. J, q; I% }6 L
crypto map vpn 98 ipsec-isakmp dynamic adsl & W+ m/ k( @3 Z% j
crypto map vpn 99 ipsec-isakmp dynamic client
+ W# w+ `) h: H+ X3 E7 Q q7 ~!
8 f2 a" ?& V( y6 a' |/ f$ z" ^....
: r9 |9 W, s) I: r" ~interface FastEthernet0/1
^( I2 ], V0 V ^5 a description Internet Connection( \! w) H; q8 `) s! k5 L1 `
ip address 222.202.209.27 255.255.255.0+ r/ w a4 _* H! ~
ip nat outside
9 h) `% t" _5 q/ B' Q duplex auto( u! t8 U" t l1 e6 L
speed auto) E/ C( u, B7 l: H2 f9 v) Q6 O
no cdp enable v. q8 m/ z+ U, s6 Q& v
crypto map vpn3 S0 H( x' b/ B- ]1 N! p/ j4 D
!: O2 k* ]) @! p7 H
ip local pool vpn_pool 192.201.0.1 192.201.0.30
o% ^# t: {4 dno ip http server9 ^6 p- \% K |6 q! A
no ip http secure-server
3 c* x! W3 x6 W. @2 X# r2 |3 aip classless
( C( S+ g8 {8 ^5 Jip route 0.0.0.0 0.0.0.0 222.202.209.254
: r" {8 W7 l& V: T0 L8 U!
, V* T6 c% Z9 j/ { m6 v3 T) T!
2 u6 }* G3 A8 X0 o/ Jaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15
! X+ \5 M$ F/ ^+ Uaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255
. R5 b( H& I& E# x/ raccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.255
5 q8 r A c8 _& x. v# W% Maccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255
7 I9 _. U7 `8 q" C+ x1 aaccess-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255
I. f# s0 x# A: Iaccess-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
: G$ @. B/ O9 [" E6 saccess-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255- V% y: L6 W2 E( g6 \+ Q
.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
