[简简单单]神州数码路由器实现IPSec
-
拓扑图
-
R1的配置
hostname R1
!
crypto isakmp key 12345 11.1.1.2 255.255.255.255
!
crypto isakmp policy 1
group 2
hash md5
!
crypto ipsec transform-set p2
transform-type esp-des esp-md5-hmac
!
crypto map v*n 0 ipsec-isakmp
set peer 11.1.1.2
set pfs group2
set transform-set p2
match address v*nacl
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
!
interface GigaEthernet0/3
ip address 11.1.1.1 255.255.255.0
no ip directed-broadcast
crypto map v*n
!
ip route default 11.1.1.2
!
ip access-list extended v*nacl
permit ip 192.168.1.0 255.255.255.0 10.135.101.0 255.255.255.0
! -
R2的配置
hostname R2
!
crypto isakmp key 12345 11.1.1.1 255.255.255.255
!
crypto isakmp policy 1
group 2
hash md5
!
crypto ipsec transform-set p2
transform-type esp-des esp-md5-hmac
!
crypto map v*n 0 ipsec-isakmp
set peer 11.1.1.1
set pfs group2
set transform-set p2
match address v*nacl
!
interface FastEthernet0/0
ip address 10.135.101.254 255.255.255.0
no ip directed-broadcast
!
interface GigaEthernet0/3
ip address 11.1.1.2 255.255.255.252
no ip directed-broadcast
crypto map v*n
!
ip route default 11.1.1.1
!
ip access-list extended v*nacl
permit ip 10.135.101.0 255.255.255.0 192.168.1.0 255.255.255.0
! -
触发隧道
-
通了的效果