第二部分配置实例
//定义站点两端IP地址信息
A站点IP信息: 10.32.190.142 255.255.255.0(公网)
192.168.200.0 255.255.255.0 (私网)
B站点IP信息:10.32.184.204 255.255.255.240(公网)
192.168.100.0 255.255.255.0(私网)
具体配置:
A站点:
interface Ethernet0/0
nameif outside
security-level 0
ip address 10.32.190.142 255.255.255.0
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.200.1 255.255.255.0
access-list outside_cryptomap extended permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0
crypto isakmp enable outside
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map0 1 match address outside_cryptomap
crypto map outside_map0 1 set peer 10.32.184.204
crypto map outside_map0 1 set transform-set ESP-DES-SHA ESP-DES-MD5
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
B站点:
interface Ethernet0/0
nameif outside
security-level 0
ip address 10.32.184.204 255.255.255.240
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
access-list outside_cryptomap extended permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0
crypto isakmp enable outside
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto map outside_map0 1 match address outside_cryptomap
crypto map outside_map0 1 set peer 10.32.190.142
crypto map outside_map0 1 set transform-set ESP-DES-MD5
crypto map outside_map0 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400