本文详细介绍了如何配置IPsec隧道,包括IPsec协商加密、口令认证、数据加密方式以及接口应用步骤。
!
crypto isakmp policy 1 //IPsec协商加密配置
hash md5
authentication pre-share //选择口令认证
group 2
!
crypto isakmp key cisco address 202.1.2.2 //配置口令cisco,以及对端地址
!
crypto ipsec transform-set test esp-des esp-md5-hmac //配置数据加密test
!
hash md5
authentication pre-share //选择口令认证
group 2
!
crypto isakmp key cisco address 202.1.2.2 //配置口令cisco,以及对端地址
!
crypto ipsec transform-set test esp-des esp-md5-hmac //配置数据加密test
!
access-list 100 permit gre host 202.1.1.2 host 202.1.2.2
!
crypto map hjfmap 1 ipsec-isakmp //条用policy 1
set peer 202.1.2.2 //对端IP
set transform-set test //调用数据加密方式
match address 100
!
interface Tunnel0
ip address 1.1.1.1 255.255.255.0
tunnel source FastEthernet0/0 //由于模拟器原因,只能配端口,真机可以配IP
tunnel destination 202.1.2.2
!
interface FastEthernet0/0
ip address 202.1.1.2 255.255.255.0
crypto map hjfmap //应用到接口
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.0
clock rate 19200
!
ip route 0.0.0.0 0.0.0.0 202.1.1.1 //默认上网还是从Internet出去
crypto map hjfmap 1 ipsec-isakmp //条用policy 1
set peer 202.1.2.2 //对端IP
set transform-set test //调用数据加密方式
match address 100
!
interface Tunnel0
ip address 1.1.1.1 255.255.255.0
tunnel source FastEthernet0/0 //由于模拟器原因,只能配端口,真机可以配IP
tunnel destination 202.1.2.2
!
interface FastEthernet0/0
ip address 202.1.1.2 255.255.255.0
crypto map hjfmap //应用到接口
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
!
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.0
clock rate 19200
!
ip route 0.0.0.0 0.0.0.0 202.1.1.1 //默认上网还是从Internet出去
ip route 172.16.1.0 255.255.255.0 10.1.1.2
ip route 172.16.1.0 255.255.255.0 1.1.1.2 10 //浮动路由,配置管理距离实现
!
ip route 172.16.1.0 255.255.255.0 1.1.1.2 10 //浮动路由,配置管理距离实现
!
转载于:https://blog.51cto.com/hjfwww/325445
扫一扫
5946
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
