client-to-siteVPN和site-to-siteVPN配置详情

client-to-site VPN配置

拓扑图如下：

       client-to-site VPN

client:192.168.110.0/24        路由器内网:10.0.1.0/24   外网:210.41.166.124


//启用3A认证
aaa new-model

aaa authentication login vpn-en local

aaa authorization network vpn-or local 

//3A用户名和密码
username root password 123456

ip local pool vpn-pool 192.168.110.1 192.168.110.254
ip route 0.0.0.0 0.0.0.0 210.41.166.1

//相互之间不进行NAT转换
access-list 100 deny   ip 10.0.1.0 0.0.0.255 192.168.110.0 0.0.0.255
access-list 100 permit ip any any

//定义感兴趣的流
access-list 101 permit ip 10.0.1.0 0.0.0.255 192.168.110.0 0.0.0.255

//实现NAT配置
ip nat inside source list 100 interface FastEthernet0/1 overload

//IKE 1阶段
crypto isakmp policy 20
 encr 3des
 hash sha
 authentication pre-share
 group 2

//IKE 2阶段
crypto ipsec transform-set vpn-client esp-3des esp-sha-hmac


//对发建立VPN连接的用户名myvpn和密码123cisco
crypto isakmp client configuration group myvpn
 key 123cisco
 pool vpn-pool
 acl 101

//配置动态映射表
crypto dynamic-map dymap 20
 set transform-set vpn-client 
 reverse-route

//授权
crypto map test client authentication list vpn-en
//认证
crypto map test isakmp authorization list vpn-or
//客户端回应
crypto map test client configuration address respond
crypto map test 20 ipsec-isakmp dynamic dymap 

//内网
int fa0/0
 ip address 10.0.1.254 255.255.255.0
 ip nat inside

//外网
int fa0/1
 ip address 210.41.166.124 255.255.255.0
 ip nat outside
 crypto map test

site-to-siteVPN 配置

拓扑图如下：

    site-to-site VPN


R1路由器内网:10.0.1.0/24   外网:210.41.166.124
R2路由器内网:10.0.2.0/24   外网:210.41.166.123



R1

//相互之间不进行NAT转换
access-list 100 deny   ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 100 permit ip any any

//定义感兴趣的流
access-list 101 permit ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255


ip local pool vpn-pool 192.168.110.1 192.168.110.254
ip route 0.0.0.0 0.0.0.0 210.41.166.1
//实现NAT配置
ip nat inside source list 100 interface FastEthernet0/1 overload

//IKE 1阶段
crypto isakmp policy 20
 encr 3des
 hash sha
 authentication pre-share
 group 2
crypto isakmp key cisco address 210.41.166.123

//IKE第二阶段
crypto ipsec transform-set ccnp esp-3des esp-sha-hmac 

//建立地址映射
crypto map vpn-map 20 ipsec-isakmp 
 set peer 210.41.166.123
 set transform-set ccnp 
 match address 101

//内网
int fa0/0
 ip address 10.0.1.254 255.255.255.0
 ip nat inside

//外网
int fa0/1
 ip address 210.41.166.124 255.255.255.0
 ip nat outside
 crypto map vpn-map


R2



//相互之间不进行NAT转换
access-list 100 deny   ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 100 permit ip any any

//定义感兴趣的流
access-list 101 permit ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255

//实现NAT配置
ip nat inside source list 100 interface FastEthernet0/1 overload

//IKE 1阶段
crypto isakmp policy 20
 encr 3des
 hash sha
 authentication pre-share
 group 2
crypto isakmp key cisco address 210.41.166.124

//IKE第二阶段
crypto ipsec transform-set ccnp esp-3des esp-sha-hmac 

//建立地址映射
crypto map vpn-map 20 ipsec-isakmp 
 set peer 210.41.166.124
 set transform-set ccnp 
 match address 101

//内网
int fa0/0
 ip address 10.0.2.254 255.255.255.0
 ip nat inside

//外网
int fa0/1
 ip address 210.41.166.123 255.255.255.0
 ip nat outside
 crypto map vpn-map

OK ！！！

client-to-siteVPN和site-to-siteVPN配置详情

SQL优化-20231016

廣義表的存儲結構（廣義表的遞歸算法，複製廣義表，求廣義表的深度）

手機推薦（目前來看）

串的模式匹配算法(求子串位置的定位函數Index(S,T,pos))

串操作應用舉例（文本編輯）

圖的數組(鄰接矩陣)存儲結構

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結