我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题6 Q b- Q9 D5 z) r! J% a
即:都能访问中心端的10.28.0.0网段
2 m, R3 q _2 A! C9 j
2 I' r' k" b, L! I8 H- t* T2 baaa new-model
8 B. I% n$ o* ^0 }' ~5 e/ _( d!% d/ ?# ~# \3 C/ J+ J# H$ C$ v4 u# Q7 Z
!
+ ?& d: k" y; ^- `aaa authentication login default local3 n2 I3 Q! O3 q; o' q
aaa authorization network vpn_group local
) ~( a4 @' v5 \: l$ s8 y, {6 x2 N Xaaa session-id common3 |+ K2 D8 Z2 o2 P L, m* j$ r
ip subnet-zero
2 S$ a( i. C+ L# g!9 Y1 H8 Q; @! s" ~) D& Z
!
9 F* c9 u* C; W5 b* p! J# xcrypto isakmp policy 1: J- F+ q5 f" v7 o w3 G! I
encr 3des' Y( I. R0 [' q$ [" X3 X
authentication pre-share
0 _$ B' t5 H: H) [. L& {. Z group 29 g0 [! h) E q, P7 }- d( i
!& n: Q+ [9 _/ \7 ]6 Z
crypto isakmp policy 2
# { J, d4 R1 e1 R: I' O hash md5* k' k, H4 }$ v' V) D
authentication pre-share
- X9 x+ f. n1 s( H, R!3 r! V( A r! l' X( V2 z4 B0 M' f
crypto isakmp policy 31 F8 `3 W+ Y6 ]9 v2 ^: e
authentication pre-share! Y" U/ _7 S M% b
crypto isakmp key 123456 address 0.0.0.0 0.0.0.0
" I. ^5 E# N9 S8 M- b# p!
# A# c1 V' a3 @) g- T, x( ]crypto isakmp client configuration group vpn_group: k0 w0 A6 ^$ D( E( @7 G$ b
key abc123) T/ i! V3 D- V0 t! J. S4 M, n
pool vpn_pool" u3 j3 u$ {, o, e) K
!( }& r/ h" ]: j
crypto ipsec security-association lifetime seconds 86400
: ^6 Q* C- q4 V, l!
! L& Q) B. I" C) B3 _crypto ipsec transform-set basic-des esp-des esp-md5-hmac
9 Z' P9 }- x( W) t' `9 {crypto ipsec transform-set basic2-des esp-des esp-sha-hmac , c. d" U/ v, Q, p7 W8 ?
crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac Q G9 V7 U9 W( ]9 a2 Z
crypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac 3 H& W/ H. x9 L! D% l3 p: ~
!
: _+ F1 F/ r; ~8 H2 B* ocrypto dynamic-map adsl 1( f4 m$ Z' ^- {' q% ]/ z
set transform-set basic-des
4 z3 z6 o1 n# P" Q) P& A$ ]3 D match address 111
. r# E0 _3 j! p) dcrypto dynamic-map adsl 2
6 j! ~+ N8 S/ |8 o set transform-set basic-des
* m+ D: ]4 X; _# Y: K# D7 M match address 112- t5 k3 j8 d( ?; O+ j) X) L4 f2 s
crypto dynamic-map adsl 3- V3 A7 j2 G! P3 C
set transform-set basic-des 4 v) z K/ U% p M- B, w
match address 113
# F: X: i( }8 P+ L" m...
. z0 }7 l+ e3 P! f0 U!. i! A' D' I( D) o
crypto dynamic-map client 1
3 K7 u; @" _# v( n( y- \) Y, t set transform-set advan-3des 2 u9 ?; K3 z6 o# d
!
; o% p E, l2 h4 D( v!
/ N+ U( I7 H' Dcrypto map vpn isakmp authorization list vpn_group
3 y$ ~7 K0 F7 r5 S. E: Tcrypto map vpn client configuration address respond
2 _' |7 ^* a7 zcrypto map vpn 1 ipsec-isakmp / H( G9 x8 ?3 s' S- ?
set peer 195.6.174.202
* W+ D/ ]" U' o+ H set transform-set basic-des ) T. I$ f2 C% d+ @/ F
match address 110
! N. ?% p1 ?" n4 Dcrypto map vpn 98 ipsec-isakmp dynamic adsl
1 ^6 y7 d! y& `, W' acrypto map vpn 99 ipsec-isakmp dynamic client ! v( ]8 O* X1 Z5 Y- \2 r q; i5 B' F
!2 `8 m2 g0 u0 a3 u8 a& u Z) m2 |3 Z/ t
....
0 d' |# F0 D) R7 hinterface FastEthernet0/17 q7 A+ J( n$ b( e% \0 o; p
description Internet Connection
, _# y8 P3 h" s% t3 } ip address 222.202.209.27 255.255.255.0* ]( m0 N5 U( }" _
ip nat outside
7 T3 ]3 {# c+ f/ k duplex auto
0 e2 I& W% s4 u2 d speed auto9 G% S% y/ O: s/ d _ }5 t+ _% p9 r
no cdp enable$ H! p( n1 l* F' h1 |% }. k
crypto map vpn$ T5 H1 k" H3 ?) m
! p' u4 y( H. Z2 P. F
ip local pool vpn_pool 192.201.0.1 192.201.0.30# c- D4 }* E, L
no ip http server& U8 F/ w$ ~& G; ?0 W
no ip http secure-server
# Q) H& D- Q% H& T. S' i" [ip classless& k: P" |8 a1 Q n. o2 e
ip route 0.0.0.0 0.0.0.0 222.202.209.254
. q- G% P1 A4 o, p3 R6 }!4 F4 R! h) n% n7 W
!2 x+ o9 x; U+ j; a8 `% i* j
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.15" T% u: K% r* z$ m% S
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255
9 d8 d: H" {' i$ i7 I; O; J9 Vaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.255. a! D5 t# i3 x9 Y$ ~/ [1 _. b V
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.2551 ?9 ~9 U3 o, \: f- N" m: L
access-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255
. h8 I0 o- D; K# h5 g. _8 ]/ faccess-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.2553 y7 B* A) t ?! m- [
access-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255
$ [7 H; t6 }/ ?2 ^& ]9 _.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
