ipsec-vpn某端公网地址为动态配置步骤

配置摘取关键地方，其余脑补~~

R1配置：

ip name-server 192.168.200.7

!

crypto isakmp policy 1

 authentication pre-share

crypto isakmp key ciscoaddress 23.1.1.3

crypto isakmp key cisco hostname r4.test.com

!

crypto ipsectransform-set 1 esp-3des esp-md5-hmac

!

crypto map 1 1ipsec-isakmp

 set peer 23.1.1.3

 set transform-set 1

 match address 103

crypto map 1 2ipsec-isakmp

 set peer r4.test.comdynamic

 set transform-set 1

 match address 104

interface Ethernet0/2

 ipaddress 12.1.1.1 255.255.255.0

 half-duplex

 crypto map 1

ip route 0.0.0.0 0.0.0.0 12.1.1.2

!

access-list 103 permit ip10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 104 permit ip10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255

==============================================================

R2配置：

ip name-server 192.168.200.7

interface Ethernet0/2

 ipaddress 24.1.1.2 255.255.255.0

 iphelper-address 192.168.200.7

 half-duplex

ip route 12.1.1.0 255.255.255.0 12.1.1.1

==============================================================

R3配置：

ip name-server192.168.200.7

!

crypto isakmp policy 1

 authentication pre-share

crypto isakmp key ciscoaddress 12.1.1.1

crypto isakmp key cisco hostname r4.test.com

!

crypto ipsectransform-set 1 esp-3des esp-md5-hmac

!

crypto map 1 1ipsec-isakmp

 set peer 12.1.1.1

 set transform-set 1

 match address 101

crypto map 1 2ipsec-isakmp

 setpeer r4.test.com dynamic

 set transform-set 1

 match address 102

!

interface Loopback1

 ipaddress 192.168.1.3 255.255.255.0

interface Ethernet0/2

 ipaddress 23.1.1.3 255.255.255.0

 half-duplex

 crypto map 1

!

ip route 0.0.0.0 0.0.0.0 23.1.1.2

!

access-list 101 permit ip192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 102 permit ip192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255

!

==============================================================

R4配置

crypto isakmp policy 1

 authentication pre-share

crypto isakmp key ciscoaddress 12.1.1.1

crypto isakmp key ciscoaddress 23.1.1.3

!

!

crypto ipsectransform-set 1 esp-3des esp-md5-hmac

!

crypto map 1 1ipsec-isakmp

 set peer 12.1.1.1

 set transform-set 1

 match address 101

crypto map 1 2ipsec-isakmp

 set peer 23.1.1.3

 set transform-set 1

 match address 102

!

interface Loopback1

 ipaddress 172.16.1.4 255.255.255.0

!

interface Ethernet0/2

 ipaddress dhcp

 half-duplex

 crypto map 1

!

!

access-list 101 permit ip172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 102 permit ip172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255

!

==============================================================

R5配置：

ip name-server192.168.200.7

!

interface Ethernet0/0

 ipaddress 10.1.1.5 255.255.255.0

 half-duplex

!

ip route 0.0.0.0 0.0.0.0 10.1.1.1
==============================================================
配置关键点：
1.配置对端预共享密钥时对端指定域名
2.配置ipsec加密图中对端peer设备时指定域名并加上dynamic关键字参数。

offline。。。。。