我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题
# m) C& _- Y# G" D即:都能访问中心端的10.28.0.0网段
1 j! i, _- Y6 y; h
: Y b" r+ {" w4 E- Paaa new-model
: V; n: U1 `" z! G( N, n+ X- ?' j: c
!! b3 R! k# Z) r
aaa authentication login default local/ `6 X. {2 r8 G: p' N0 p
aaa authorization network vpn_group local / P) @! S# F6 n
aaa session-id common% X6 v/ S, n B. Z7 n
ip subnet-zero
% |, n4 C: c) g* L: g6 T!
) T7 O1 F) t& b!
( J/ L$ J) V9 W* I1 Bcrypto isakmp policy 1; b+ x5 v2 Q( }6 I
encr 3des. C9 q6 Q0 h( y$ O3 c1 N
authentication pre-share
6 y U7 G0 Q+ B" k; H group 2+ G$ P! d0 s' F/ H. `6 V
!
* o/ l/ P. Y7 U% h, K3 zcrypto isakmp policy 2$ t$ h2 I s6 X% h7 _
hash md55 [& }( i7 t' D$ W* ^0 f
authentication pre-share, g k8 ?8 {1 e# O/ E3 d" L
!' h9 Y$ C) Y1 L. F3 `5 ~9 ]" \
crypto isakmp policy 3% y: {2 X9 a4 o" F" M
authentication pre-share5 t* J v7 Z" G4 w& F- T
crypto isakmp key 123456 address 0.0.0.0 0.0.0.0
; W) ?6 l* V$ w' ^. \$ i!2 u5 t, P, T* x/ ?; R* h" D
crypto isakmp client configuration group vpn_group
$ d6 g! ?8 I c; O) s key abc123
2 F, J1 n X3 w! c9 N pool vpn_pool
. m( ?* P* s* _2 S0 ?!: V( k# b( \5 A7 w. z" F
crypto ipsec security-association lifetime seconds 86400# X: @" t A* u9 Q7 Q# p+ g9 b
!( c2 v* [( Q* F2 D
crypto ipsec transform-set basic-des esp-des esp-md5-hmac ( b; [1 J3 z# L. C" Z% j& n
crypto ipsec transform-set basic2-des esp-des esp-sha-hmac 1 C! L0 D9 R9 L6 O
crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
* o1 q6 ` {5 d( C) `8 H: D" xcrypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac q" M+ Q2 ~) h: h7 b3 n( p: l2 C
!
, Q0 d Z+ F/ g3 s3 l- Qcrypto dynamic-map adsl 1+ ^- Y% N7 ~& _+ V$ u: E* ]
set transform-set basic-des ( m E9 {# O2 F2 S5 z
match address 111
: @/ Y, _4 I% D8 mcrypto dynamic-map adsl 2/ a# J( z/ N' O( A% o0 o
set transform-set basic-des
$ B; Z2 n2 E0 z: H$ I: q match address 112
8 C2 k2 n' K9 f v. m, O9 ^crypto dynamic-map adsl 3: S# w( l: {! D* c
set transform-set basic-des ! X! Y5 P: C7 b# { M
match address 113; ^1 b4 i0 x1 p$ R' j0 b
...- M' @4 ^0 a4 h$ m$ ~
!6 I1 h) x) w5 [+ r7 ?# L
crypto dynamic-map client 1- d) O! [) ]4 p* J3 |1 C
set transform-set advan-3des
! z+ b" e$ r7 V8 g" T. q!: g+ b" [* v5 W. u* B! E
!+ ~. C0 |. P7 v( X3 ~) m
crypto map vpn isakmp authorization list vpn_group; X0 x! g$ b c& z3 A' V
crypto map vpn client configuration address respond
4 ~2 J# A( }0 {% f+ H; bcrypto map vpn 1 ipsec-isakmp ( k# U# n3 a: w; @, y5 v
set peer 195.6.174.202- q4 Q' U1 E3 R8 i8 a+ }
set transform-set basic-des 7 `! h5 b6 Q/ p4 ]4 Y0 ?2 B
match address 110
$ ~4 f4 n. w0 u ccrypto map vpn 98 ipsec-isakmp dynamic adsl * F0 b8 k2 P1 P0 G! R# w6 Q6 V! p
crypto map vpn 99 ipsec-isakmp dynamic client
/ I7 J V- v: [+ }9 B!8 E2 K/ ]6 }2 D% P( p N% Q
....- f+ H" _$ i3 v) O
interface FastEthernet0/1
9 D0 _: `. r% I' \/ e0 C$ \ description Internet Connection
0 V$ f( p4 C$ n! F2 ^ ip address 222.202.209.27 255.255.255.0
& S, f u: p+ ^ T# Y( d+ l( W8 f ip nat outside; t- k% }7 A( E$ t- x8 @
duplex auto
$ g1 S @$ l+ M/ J speed auto
) e1 H' n, ?& [3 h) u no cdp enable% W6 @9 ~, ?- ~! B3 r( p& ~
crypto map vpn
- w8 Y0 }( U g# c. w# T4 }- R!; c6 z. a& A( {" ?+ V7 W
ip local pool vpn_pool 192.201.0.1 192.201.0.30
. G2 Q9 f9 r1 D, b7 cno ip http server
7 C2 z0 b0 s* t' vno ip http secure-server
7 I5 N: f9 l" P- g( Bip classless
3 X" K9 F% a7 ~$ M' Yip route 0.0.0.0 0.0.0.0 222.202.209.254
9 C0 Q) j+ R+ g. H* x" _" a!- i+ a+ p$ j% B: E. ?0 [: f
!9 D2 ~9 r, x+ k b2 P9 a
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.158 A" X( d' B& q- R+ J6 i
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255! [9 S9 M1 {+ x8 m9 J e1 d
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.255
1 o$ v# ~3 o9 ^, |2 U* f ~1 [* w+ taccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255
4 p! U/ p a- [5 f$ Gaccess-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255" ]2 v3 [* [( K/ G& i
access-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
# |8 n" G9 `4 Q, T: }8 M& Xaccess-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255
# ?/ r. _1 L9 V+ i.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
