IPsec *** 實驗步驟

---

 

IPsec ***

 

 

 

 

 

 

 

 

 

R1:
conf t
in fa0/0
ip add 170.58.12.1 255.255.255.0
no sh
in fa0/1
ip add  1.1.1.2  255.255.255.0
no sh

exit
ip route 0.0.0.0 0.0.0.0 170.58.12.2
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
exit
crypto isakmp key cisco address 170.58.23.3
crypto ipsec transform-set myset esp-des esp-md5-hmac
exit
crypto map mymap10 ipsec-isakmp
 set peer 170.58.23.3
 set transform-set myset

 match address ***
exit
ip access-list extended ***
 permit ip host 1.1.1.1 host 3.3.3.3
exit
in fa0/0
cry map mymap
exit

R2:
conf t
in fa0/0
ip add 170.58.12.2 255.255.255.0
no sh
in fa0/1
ip add 170.58.23.2 255.255.255.0
no sh
exit

R3:

conf t
in fa0/1
ip add 170.58.23.3 255.255.255.0
no sh
in fa0/0
ip add 3.3.3.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 170.58.23.2
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
exit
crypto isakmp key cisco address 170.58.12.1
crypto ipsec transform-set myset esp-des esp-md5-hmac
exit
crypto map mymap 10 ipsec-isakmp
 set peer 170.58.12.1
 set transform-set myset 
 match address ***
exit
ip access-list extended ***
 permit ip host 3.3.3.3 host 1.1.1.1
exit
in fa0/1
cry map mymap exit

 

各位幫看看哪裏不合適，現在的結果是pc1和pc2不能互ping！