星型网络 Dynamic IPsec VPN
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://ilovetg2008.blog.51cto.com/347866/80962 |
 实验内容:
1,建立全互联拓扑。
2,以R1为中心,让R2和R3与R1分别建立邻居关系,而R2和R3之间路由不可达。
3,建立Dynamic IPsec VPN
R1#show run
!
!
crypto isakmp policy 100
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ilovetg address 192.168.123.3
crypto isakmp key ilovetg2008 address 192.168.123.2
!
!
crypto ipsec transform-set sun1 ah-md5-hmac esp-des esp-md5-hmac comp-lzs
!
crypto dynamic-map sun123 10
set security-association lifetime kilobytes 102400
set transform-set sun1
set pfs group2
match address VPN
!
!
crypto map sun1 100 ipsec-isakmp dynamic sun123
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.123.1 255.255.255.0
duplex auto
speed auto
crypto map sun1
!
!
router eigrp 100
passive-interface Loopback1
network 1.1.1.1 0.0.0.0
network 192.168.123.1 0.0.0.0
no auto-summary
neighbor 192.168.123.3 FastEthernet0/0
neighbor 192.168.123.2 FastEthernet0/0
!
!
ip access-list extended VPN
permit tcp host 1.1.1.1 host 2.2.2.2
permit tcp host 1.1.1.1 host 3.3.3.3
permit ip host 1.1.1.1 host 2.2.2.2
permit ip host 1.1.1.1 host 3.3.3.3
!
!
End
R2#show run
!
crypto isakmp policy 100
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ilovetg2008 address 192.168.123.1
!
!
crypto ipsec transform-set sun2 ah-md5-hmac esp-des esp-md5-hmac comp-lzs
!
crypto map sun2 10 ipsec-isakmp
set peer 192.168.123.1
set security-association lifetime kilobytes 102400
set transform-set sun2
set pfs group2
match address VPN
!
!
interface Loopback2
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.123.2 255.255.255.0
duplex auto
speed auto
crypto map sun2
!
!
router eigrp 100
passive-interface Loopback2
network 2.2.2.2 0.0.0.0
network 192.168.123.2 0.0.0.0
no auto-summary
neighbor 192.168.123.1 FastEthernet0/0
!
!
ip access-list extended VPN
permit tcp host 2.2.2.2 host 1.1.1.1
permit ip host 2.2.2.2 host 1.1.1.1
!
!
end
R3#show run
!
crypto isakmp policy 100
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ilovetg address 192.168.123.1
!
!
crypto ipsec transform-set sun3 ah-md5-hmac esp-des esp-md5-hmac comp-lzs
!
crypto map sun3 10 ipsec-isakmp
set peer 192.168.123.1
set security-association lifetime kilobytes 102400
set transform-set sun3
set pfs group2
match address VPN
!
!
interface Loopback3
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.123.3 255.255.255.0
duplex auto
speed auto
crypto map sun3
!
!
router eigrp 100
network 3.3.3.3 0.0.0.0
network 192.168.123.3 0.0.0.0
no auto-summary
neighbor 192.168.123.1 FastEthernet0/0
!
!
ip access-list extended VPN
permit tcp host 3.3.3.3 host 1.1.1.1
permit ip host 3.3.3.3 host 1.1.1.1
!
!
End
R1#show crypto isakmp sa
dst src state conn-id slot status
192.168.123.1 192.168.123.2 QM_IDLE 1 0 ACTIVE
192.168.123.1 192.168.123.3 QM_IDLE 2 0 ACTIVE
R2#show cry isa sa
dst src state conn-id slot status
192.168.123.1 192.168.123.2 QM_IDLE 1 0 ACTIVE
R3#show cry isakmp sa
dst src state conn-id slot status
192.168.123.1 192.168.123.3 QM_IDLE 1 0 ACTIVE
本文出自 “iLawliet龙崎” 博客,请务必保留此出处http://ilovetg2008.blog.51cto.com/347866/80962 本文出自 51CTO.COM技术博客 |
ilovetg2008
博客统计信息
热门文章
最新评论
友情链接