×××实验配置1 思科路由器IPSEC ××× 传统配置

Site1:

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key L2KEY address 61.128.1.1
!
!
crypto ipsec transform-set Trans esp-des esp-md5-hmac
!
crypto map cry-map 10 ipsec-isakmp
set peer 61.128.1.1
set security-association lifetime seconds 1800
set transform-set Trans
set pfs group2
match address ***
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 202.100.1.1 255.255.255.0
duplex auto
speed auto
crypto map cry-map
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 1.1.1.0 255.255.255.0 10.1.1.10
ip route 2.2.2.0 255.255.255.0 202.100.1.10
ip route 61.128.1.1 255.255.255.255 202.100.1.10
!
!
!
ip access-list extended ***
permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

Site2:

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key L2KEY address 202.100.1.1
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 202.100.1.1
set transform-set cisco
match address ***
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 61.128.1.1 255.255.255.0
duplex auto
speed auto
crypto map cisco
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 1.1.1.0 255.255.255.0 61.128.1.10
ip route 202.100.1.1 255.255.255.255 61.128.1.10
!
!
!
ip access-list extended ***
permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

转载于:https://blog.51cto.com/ccie18405/1213869

×××实验配置1 思科路由器IPSEC ××× 传统配置

相关推荐