拓樸圖
![]()
實驗說明:
1、總部路由器爲固定IP,分公司路由器爲ADSL動態IP,現在分公司要與總部建立起IPSEC***實現192.168.1.0/24與172.16.1.0/24兩個網絡的互通。
2、R4 S1/0接口爲了實驗方便就直接配了一個IP 2.2.2.2,實際當中應該爲pppOE撥號。
上配置:
R2:
interface Serial1/0
ip address 192.168.1.1 255.255.255.0
no sh
!
interface Serial1/1
ip address 1.1.1.1 255.255.255.0
no sh
crypto map mymap
exit
ip route 0.0.0.0 0.0.0.0 Serial1/1
ip access-list extended ipsec***
permit ip 192.168.1.0 0.0.0.255 any
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dymap 10
set transform-set myset
match address ipsec***
crypto map mymap 10 ipsec-isakmp dynamic dymap
R3
interface Serial1/0
ip address 2.2.2.2 255.255.255.0
serial restart-delay 0
crypto map mymap
no sh
!
interface Serial1/2
ip address 172.16.1.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 Serial1/0
ip access-list extended ipsec***
permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 1.1.1.1
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set myset
match address ipsec***
我們可以看到,總部那邊***視圖配置有點不同(紅色顯示部分),使用了動態視圖。
實驗結果:
pc2#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/56/76 ms
實驗 成功
