client-to-siteVPN和site-to-siteVPN配置详情
来源:互联网 发布:淘宝助理5.6 编辑:程序博客网 时间:2024/06/04 00:43
client-to-site VPN配置
拓扑图如下:
client-to-site VPNclient:192.168.110.0/24 路由器内网:10.0.1.0/24 外网:210.41.166.124//启用3A认证aaa new-modelaaa authentication login vpn-en localaaa authorization network vpn-or local //3A用户名和密码username root password 123456ip local pool vpn-pool 192.168.110.1 192.168.110.254ip route 0.0.0.0 0.0.0.0 210.41.166.1//相互之间不进行NAT转换access-list 100 deny ip 10.0.1.0 0.0.0.255 192.168.110.0 0.0.0.255access-list 100 permit ip any any//定义感兴趣的流access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.110.0 0.0.0.255//实现NAT配置ip nat inside source list 100 interface FastEthernet0/1 overload//IKE 1阶段crypto isakmp policy 20 encr 3des hash sha authentication pre-share group 2//IKE 2阶段crypto ipsec transform-set vpn-client esp-3des esp-sha-hmac//对发建立VPN连接的用户名myvpn和密码123ciscocrypto isakmp client configuration group myvpn key 123cisco pool vpn-pool acl 101//配置动态映射表crypto dynamic-map dymap 20 set transform-set vpn-client reverse-route//授权crypto map test client authentication list vpn-en//认证crypto map test isakmp authorization list vpn-or//客户端回应crypto map test client configuration address respondcrypto map test 20 ipsec-isakmp dynamic dymap //内网int fa0/0 ip address 10.0.1.254 255.255.255.0 ip nat inside//外网int fa0/1 ip address 210.41.166.124 255.255.255.0 ip nat outside crypto map test
site-to-siteVPN 配置
拓扑图如下:
site-to-site VPNR1路由器内网:10.0.1.0/24 外网:210.41.166.124R2路由器内网:10.0.2.0/24 外网:210.41.166.123R1//相互之间不进行NAT转换access-list 100 deny ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255access-list 100 permit ip any any//定义感兴趣的流access-list 101 permit ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255ip local pool vpn-pool 192.168.110.1 192.168.110.254ip route 0.0.0.0 0.0.0.0 210.41.166.1//实现NAT配置ip nat inside source list 100 interface FastEthernet0/1 overload//IKE 1阶段crypto isakmp policy 20 encr 3des hash sha authentication pre-share group 2crypto isakmp key cisco address 210.41.166.123//IKE第二阶段crypto ipsec transform-set ccnp esp-3des esp-sha-hmac //建立地址映射crypto map vpn-map 20 ipsec-isakmp set peer 210.41.166.123 set transform-set ccnp match address 101//内网int fa0/0 ip address 10.0.1.254 255.255.255.0 ip nat inside//外网int fa0/1 ip address 210.41.166.124 255.255.255.0 ip nat outside crypto map vpn-mapR2//相互之间不进行NAT转换access-list 100 deny ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255access-list 100 permit ip any any//定义感兴趣的流access-list 101 permit ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255//实现NAT配置ip nat inside source list 100 interface FastEthernet0/1 overload//IKE 1阶段crypto isakmp policy 20 encr 3des hash sha authentication pre-share group 2crypto isakmp key cisco address 210.41.166.124//IKE第二阶段crypto ipsec transform-set ccnp esp-3des esp-sha-hmac //建立地址映射crypto map vpn-map 20 ipsec-isakmp set peer 210.41.166.124 set transform-set ccnp match address 101//内网int fa0/0 ip address 10.0.2.254 255.255.255.0 ip nat inside//外网int fa0/1 ip address 210.41.166.123 255.255.255.0 ip nat outside crypto map vpn-map
OK !!!
0 0
- client-to-siteVPN和site-to-siteVPN配置详情
- Windows server 2003 VPN 配置实例(Site to Site)
- core-site.xml配置信息详情
- hdfs-site.xml配置参数详情
- hdfs-site.xml配置参数详情
- core-site.xml参数配置详情
- mapred-site.xml参数配置详情
- Site-to-site using rsa-encrypted
- CISCO Site-to-Site IPSEC VPN
- 动态地址Site-to-Site VPN
- PIX site-to-site using PAT to Static
- 使用CA进行site-to-site VPN连接
- IPSec Site-to-Site between routers over PIX
- 动态IP Site to Site VPN案例分享
- 在NAT环境中实现Site-to-Site VPN
- Liferay on Private Site to get Public Site Page URL
- [cicso-cisco] [cisco-win2008] site-to-site vpn
- 小米路由器mini + OpenWrt +OpenVPN 实现 Site-to-Site
- MyBatis分页处理
- 第十周项目四大奖赛计分
- bat+sqlcmd 批量运行脚本
- svn放弃修改
- POJ 1724 ROADS 最短路
- client-to-siteVPN和site-to-siteVPN配置详情
- Jena下本体的简单检索
- 【VC编程技巧】控件☞4.1位图Button
- JDBC批量执行executeBatch
- 使用Zxing开发Air版二维码扫描工具
- Eclipse启动时报错java.lang.NumberFormatException
- ARC3: Error 19809 Creating archive log file to '+FRADG'
- QUST程序设计赛D题:饥饿的金木研
- UVa 10139 - Factovisors