我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题 q+ }! U$ m) \& p. Q8 V2 K
即:都能访问中心端的10.28.0.0网段
/ K# F% Z. C5 X$ ^6 }3 f- A
o( R2 M; G" p4 Q" o7 R) S" g' [aaa new-model( [* o; X4 z5 J. r& N
!
& s/ R% T/ u- K8 C!* M4 @2 U- Z9 D
aaa authentication login default local
; w; `+ h8 g- n6 m, V+ k. T' xaaa authorization network vpn_group local
/ m; S9 g% b2 o8 k: _- `. j5 W# h* iaaa session-id common( |' N: x' T: f6 w+ e
ip subnet-zero: U ~& N% e6 R
!
! X; T/ n }: E0 \2 U5 |, K5 I!0 f% A" ^ {5 Y! n
crypto isakmp policy 1 y4 |! f7 L. z# B8 o
encr 3des
" _/ c S- A8 c$ k authentication pre-share
( C# K" q6 r8 B% r: D group 2; Y+ F( }3 `. S. \. ]( S9 ^: ]4 E
!+ M8 F/ K( |: D$ E+ `
crypto isakmp policy 23 C! F% Z6 q% X6 A9 R/ ^
hash md5+ l1 C, U/ P& W9 C
authentication pre-share$ Z& I+ ~9 G8 t4 v& v# P& C
!
9 Z+ K, e6 [4 V( A' ocrypto isakmp policy 35 f. t; v2 s! ]4 X
authentication pre-share- O/ [- b: J/ {% z
crypto isakmp key 123456 address 0.0.0.0 0.0.0.00 q6 s; x1 D t% H! J
!
+ u( |! V" G8 o! o& j- Zcrypto isakmp client configuration group vpn_group
z6 ^8 T( e/ X5 f- d key abc123
$ ^; o" _2 Z9 p( M: m" f$ p+ z pool vpn_pool. P9 M% @$ N% S
!
5 _, x" X6 k8 Y# O. ]crypto ipsec security-association lifetime seconds 864000 _/ y/ i, G9 o0 b0 U
!
. w9 {: c/ {9 K, W0 acrypto ipsec transform-set basic-des esp-des esp-md5-hmac 9 d0 x/ ]! ^9 w) e8 ?6 j
crypto ipsec transform-set basic2-des esp-des esp-sha-hmac " q3 r( V3 |. h% z/ L
crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
6 A+ f$ X0 v( l% K/ J3 {crypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac
4 M# Q0 d2 n+ L# \! m j!0 c1 a8 S0 K. Y/ ]9 p. N8 s7 i( D
crypto dynamic-map adsl 13 N4 z! {& Z g" L8 h6 J7 y' ]
set transform-set basic-des
) Z$ V# |) c+ f+ N0 g8 | match address 111* Y! W S/ e) ~, {0 F% |. Z3 r1 Q
crypto dynamic-map adsl 2
% [1 g1 M* P6 `) | set transform-set basic-des + x: p. T& ^+ h) r; u3 z1 l
match address 112
2 n1 R0 W, O4 H3 ]* Hcrypto dynamic-map adsl 3
; Y/ j8 b6 k- P8 |2 m2 D set transform-set basic-des
" b' K: Y& S& [8 r9 }9 g match address 1134 O2 B: R8 r6 {8 t5 h) Y
...
$ V8 a- l8 R4 ?6 x!
6 x/ l$ A q7 X4 H% qcrypto dynamic-map client 1; t1 l; z! h2 A
set transform-set advan-3des
: Q$ h- c% f) F& P; y. o!
; u8 H4 Z, n2 J1 T!
" f/ @# {% ^0 w) _3 Scrypto map vpn isakmp authorization list vpn_group' `7 L7 o# M P% M- B
crypto map vpn client configuration address respond
7 p$ q/ f# A% J o% }" t# r" Pcrypto map vpn 1 ipsec-isakmp
# q3 L% j" K# N6 p set peer 195.6.174.202
* E( u* O) {% f- n set transform-set basic-des % b) H7 @8 S! @" ^8 B; P7 J
match address 110+ {( t, A- w9 a3 Y/ q) |8 `* k
crypto map vpn 98 ipsec-isakmp dynamic adsl
8 `$ E/ T" E# G: ^crypto map vpn 99 ipsec-isakmp dynamic client
( n. I' X# K% K+ \. [6 r!
3 W& v+ q- a- I% K6 a....! u5 N: g. _3 q/ `
interface FastEthernet0/1
/ B1 S8 e7 w$ r/ x- q7 b3 h5 r o: w description Internet Connection
8 x8 a( R% I& k" A( Y% P ip address 222.202.209.27 255.255.255.0
: C% q ?2 n" Q# h1 X* } ip nat outside4 ^ x8 E% `" ^3 a: l% C) |
duplex auto
! c3 V" f9 S H6 Y5 K speed auto
4 B/ n: ?9 i/ c) Z, g* d: A4 l& X no cdp enable
7 u$ o" ^2 Q/ t crypto map vpn) M, V3 ]# o5 X& j$ u2 K
!
+ x g4 p1 {1 q8 W) _ip local pool vpn_pool 192.201.0.1 192.201.0.302 t* X. S" D) b4 p4 L7 |
no ip http server- w# N& q% v! Y( X& M# k0 R
no ip http secure-server
( T$ V6 v8 I. c7 dip classless- i% k' E/ F1 Q
ip route 0.0.0.0 0.0.0.0 222.202.209.254
8 S9 s& y" z# k2 V" m!+ G! i L3 ^* X8 S* B7 t
!
2 ?% Y0 r% v" Uaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15
/ X: {6 G( Y% _* G; i' c( i8 y2 I( vaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255) z: j$ d3 \, X4 Z( J
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.2556 ]6 F( x: s0 F1 G0 G! T
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255. {1 f4 Q1 `4 C! T0 i# q' X: L( ^
access-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.2552 [ {; O& O' r& A* F- z5 w
access-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255( {( u m& w3 Q( P/ k
access-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255, j" s# G3 m6 _( A3 B
.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
