我这里有一现成配置, 静态VPN, site-to-site 及 client-to-site互相访口都没问题
* k$ Q( [& b( h) f/ O$ {. S9 j即:都能访问中心端的10.28.0.0网段% C$ T8 A% u0 S9 s' @8 e& j5 q
1 p F N* p4 G+ w6 I5 jaaa new-model
4 E) w4 j5 k; u- J& c!
9 R' v6 U, o" m$ Z- o1 b4 T `!1 ?# w, P0 e: n! }' G6 m
aaa authentication login default local
0 B) k6 Q" K3 S$ A3 y8 k! \aaa authorization network vpn_group local / a7 H: Z2 F3 m% C/ e1 {7 B5 }, h
aaa session-id common
/ k+ }2 ^7 b- C. d a1 y) T) b# |ip subnet-zero
- {3 a9 W" s V4 N. J8 m!
: a5 G) h; @8 m2 x!
6 c/ V( T$ e q zcrypto isakmp policy 1
; J* W. ]" s; A encr 3des
$ |6 |6 t* x4 m6 f% w) i authentication pre-share
+ e1 ~1 L6 p: R- O group 26 G7 d9 {0 Q' l) l( U1 d, b/ d u! c& y
!! h1 Q# E" e0 [& j: i% S
crypto isakmp policy 2
% T P7 n G. e9 l8 f hash md5
! `0 C d6 w9 F q3 c+ x. ` authentication pre-share$ ?1 I& R& r8 X# p2 M e
!
' W+ i4 M: t& y. B, U8 H2 y6 rcrypto isakmp policy 3
0 c8 @, T6 ]3 b authentication pre-share @2 O# Y: ?2 V$ D3 e) R) o
crypto isakmp key 123456 address 0.0.0.0 0.0.0.0
1 n% n: m: X# z( b! C) d7 |!
+ u/ t& v3 B7 y0 V' N% J6 ]' {* tcrypto isakmp client configuration group vpn_group& q8 M. i, \9 k( n
key abc123- ^* d* q1 U4 r7 y3 D* M) Q! C
pool vpn_pool
3 K) ]+ e, P/ t!( S/ \; w( ?$ a( M& }" V, ]9 k L
crypto ipsec security-association lifetime seconds 86400
& b4 @; {) U- M2 O$ A, r!
" ~' T6 q; \0 }& z: a+ w" Y/ Jcrypto ipsec transform-set basic-des esp-des esp-md5-hmac
& K9 L- S( y, v/ Z# Mcrypto ipsec transform-set basic2-des esp-des esp-sha-hmac
2 [/ D8 L! T$ y- S9 ~crypto ipsec transform-set advan-3des esp-3des esp-md5-hmac
$ S1 y$ f9 X( ]5 R3 t5 pcrypto ipsec transform-set advan2-3des esp-3des esp-sha-hmac ! Z* Y4 C. c1 [2 ~) c: `' R
!0 m% T0 K# \! u$ L
crypto dynamic-map adsl 1
$ g/ N' [ Y: I7 w \" {8 T* ` set transform-set basic-des
9 w- T# z' J- D# T/ n, A match address 111
: I) j) i" S Q- T* M- y; zcrypto dynamic-map adsl 29 y; z* X% `8 w- Z# p3 s! {
set transform-set basic-des , L u6 _# S' ^/ W' \
match address 112
# Y7 G( z3 i8 G$ f; y; q& g1 Pcrypto dynamic-map adsl 3% ~' r& t) R+ |+ G
set transform-set basic-des
/ W$ [4 ?$ q! |% _; A, @; S8 J match address 113& h- D! r/ C2 |3 Y& @* Q
...' l3 n+ i6 ]- E k$ M1 W5 S1 w) b
!
) ]2 V# C3 ^& V0 |0 K8 {- o0 I" tcrypto dynamic-map client 1
, ~6 H0 p* V' n- j: s* n( X3 T+ n set transform-set advan-3des . i& P, p6 ], A4 p, o( e
!% j- Z7 P9 x4 H
!, H$ `4 r: R: G! m: L! U( w
crypto map vpn isakmp authorization list vpn_group
* x6 l4 f G3 K2 \2 {9 R! P# icrypto map vpn client configuration address respond4 E7 Z" W/ v% W* N7 V( `$ ?1 c/ g/ Z5 j
crypto map vpn 1 ipsec-isakmp
! T2 m. L% k# i" w set peer 195.6.174.202 h( |" Q" x6 U/ O
set transform-set basic-des
/ O: Z L; r3 H7 M match address 110
: a% @+ o, n' t4 Y4 i' K6 _crypto map vpn 98 ipsec-isakmp dynamic adsl
& ~0 g. ?) F5 V! A$ ucrypto map vpn 99 ipsec-isakmp dynamic client
0 r+ g: K/ [# M( _ P6 t# V!
+ {8 x; T0 D3 g9 U....; l) M) s4 _) D/ o
interface FastEthernet0/1) N" T1 G8 ^7 W/ }6 e' [
description Internet Connection
2 T! s- g2 M4 F- n% S5 s4 S: D ip address 222.202.209.27 255.255.255.07 i/ S7 ^3 W! @) C8 J
ip nat outside
3 L: B2 B5 O" A duplex auto
6 a. H: d- q, c speed auto3 |+ ^5 Z0 g/ j
no cdp enable/ r0 t* q. t' W( r$ B9 z
crypto map vpn
! g9 Z2 V7 p6 I!1 l4 C% m/ k2 z- h' Y
ip local pool vpn_pool 192.201.0.1 192.201.0.30* ]3 r# j3 X g/ b1 I, \
no ip http server
2 W8 E! @- W& Sno ip http secure-server, t0 r: V& D6 I! c- s$ I
ip classless
( L& U$ h& z6 g; c+ wip route 0.0.0.0 0.0.0.0 222.202.209.254
8 u% N, W. L) Y9 U!- L6 L: k* A0 X
!
2 O; e: T# Q2 U+ J# n Uaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.203.50.32 0.0.0.157 V4 j- H7 I9 ^0 a: j
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.204.2.0 0.0.0.255
/ ~, A+ g, W. L- a, v% Gaccess-list 110 permit ip 10.28.0.0 0.0.0.255 10.229.0.0 0.0.255.2552 g7 v& F. y7 r4 S
access-list 110 permit ip 10.28.0.0 0.0.0.255 10.251.0.0 0.0.255.255
" I* u. A. F! i* }, @* m6 uaccess-list 111 permit ip 10.28.0.0 0.0.0.255 192.201.1.0 0.0.0.255
. q3 E5 V$ A; u. yaccess-list 112 permit ip 10.28.0.0 0.0.0.255 192.201.2.0 0.0.0.255
# J* ?' Y+ p. i0 Daccess-list 113 permit ip 10.28.0.0 0.0.0.255 192.201.3.0 0.0.0.255
; q7 Y4 N( w# I5 p.... |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
