---------------------EASY ***----------------------------------
aaa new-model //開啓AAA服務//
aaa authentication login benet1 local //AAA本地身份驗證//
aaa authorization network benet2 local //AAA授權//
username zhangsan password 123123 //創建本地用戶//
---------------------------------------------------------------------
crypto isakmp policy 1 //定義控制連接IKE協議//
en 3des
hash sha
authentication pre-share
group 2
ip local pool vip 192.168.10.100 192.168.10.200 //定義分配給客戶端地址池//
access-list 110 permit ip 192.168.10.0 0.0.0.255 any //分離隧道acl//
--------------------------------------------------------------------------------------
crypto isakmp client configuration group ez*** //創建組策略//
key 123456 //預共享密鑰//
dns 8.8.8.8 //分離dns//
pool vip //調用分配地址池//
split-dns benet.com //分離dns//
acl 110 //調用隧道分離//
save-password //允許客戶端可以保存密碼//
netmask 255.255.255.0 //指定客戶端的子網掩碼//
crypto ipsec transform-set best esp-3des esp-sha-hmac //定義傳輸集//
--------------------------------------------------------------------------
crypto dynamic-map dymap 1 //建立動態MAP//
reverse-route //反轉路由爲連接成功的客戶端產生32位路由//
set transform-set best //調用傳輸集//
crypto map mymap client configuration address respond //建立靜態MAP 接受地址響應//
crypto map mymap client authentication list benet1 //認證列表爲之前AAA服務中定義的benet1//
crypto map mymap isakmp authorization list benet2 //授權列表爲之前AAA服務中定義的benet2//
crypto map mymap 1 ipsec-isakmp dynamic dymap //靜態MAP包含動態MAP //
int fa0/0
crypto map mymap //靜態MAP應用在端口//