vpn配置 
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://fujiammin.blog.51cto.com/137864/32564 | ||||||||||||||||||||||||
配置文档:
Ip地址
RouteA(config)#interface loopback 0
RouteA(config-if)#ip address
RouteA(config-if)#no shutdown
RouteA(config)#interface serial 0/0
RouteA(config-if)#ip address
RouteA(config-if)#no shutdown
Ike协商
RouteA(config)#crypto isakmp enable
RouteA(config)#ip route
RouteA(config)#crypto isakmp policy 1
RouteA(config-isakmap) #hash md5
RouteA(config-isakmap)#authentication pre-share
RouteA(config)#crypto isakmap key 123 address
Ipsec协商
RouteA(config)#crypto ipsec transform-set 1234 ah-md5-hmac esp-des
RouteA(config)#access-list 101 permit
RouteA(config)#crypto map 123map 1 ipsec-isakmp
RouteA(config-crypto-map)#set peer
RouteA(config-crypto-map)#set transform-set 1234
RouteA(config-crypto-map)#match address 101
应用到端口
RouteA(config)#interface serial 0/0
RouteA(config-if)#crypto map 123map
Ip地址
RouteB(config)#interface loopback 0
RouteB(config-if)#ip address
RouteB(config-if)#no shutdown
RouteB(config)#interface serial 0/0
RouteB(config-if)#ip address
RouteB(config-if)#no shutdown
Ike协商
RouteB(config)#crypto isakmp enable
RouteB(config)#ip route
RouteB(config)#crypto isakmp policy 1
RouteB(config-isakmap) #hash md5
RouteB(config-isakmap)#authentication pre-share
RouteB(config)#crypto isakmap key 123 address
Ipsec协商
RouteB(config)#crypto ipsec transform-set 1234 ah-md5-hmac esp-des
RouteB(config)#access-list 101 permit
RouteB(config)#crypto map 123map 1 ipsec-isakmp
RouteB(config-crypto-map)#set peer
RouteB(config-crypto-map)#set transform-set 1234
RouteB(config-crypto-map)#match address 101
应用到端口
RouteB(config)#interface serial 0/0
RouteB(config-if)#crypto map 123map
查看 验证
Show crypto isakmp policy
Show crypto ipsec transform-set
Show crypto ipsec sa
Show crypto map
RouteB#show crypto isakmp policy
Global IKE policy
Protection suite of priority 1
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Message Digest 5
authentication method: Pre-Shared Key
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
RouteB#show crypto ipsec transform-set
Transform set 1234: { ah-md5-hmac }
will negotiate = { Tunnel, },
{ esp-des }
will negotiate = { Tunnel, },
RouteB#show crypto ipsec sa
interface: Serial0/0
Crypto map tag: 123map, local addr.
protected vrf:
local ident (addr/mask/prot/port): (
remote ident (addr/mask/prot/port): (
current_peer:
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.:
path mtu 1500, media mtu 1500
current outbound spi: 0
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
RouteB#show crypto map
Crypto Map "123map" 1 ipsec-isakmp
Peer =
Extended IP access list 101
access-list 101 permit i
Current peer:
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Transform sets={
1234,
}
Interfaces using crypto map 123map:
Serial0/0
RouteB#ping
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 200/224/284 ms
RouteB#ping
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 140/200/284 ms
本文出自 “无极” 博客,请务必保留此出处http://fujiammin.blog.51cto.com/137864/32564 本文出自 51CTO.COM技术博客 |
fjmxz141
博客统计信息
热门文章
最新评论
友情链接