在論壇上看到一個關於配置***的拓撲圖。很簡單的一個ipsec ***的拓撲圖。有一段時間沒有寫***的配置了。自己將這個圖配置通信,也給自己複習一個***的基本配置指令。
配置命令如下:
在R1上:
en
conf t
ho r1
enable password cisco
enable secret cisco
line con 0
pass cisco
login
exit
line vty 0 4
login local
exit
username cisco password cisco
int s0/1
ip add 202.70.134.1 255.255.255.0
no sh
clock rate 64000
exit
int f1/0
ip add 172.16.1.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 202.70.134.2
crypto isakmp policy 10
encryption 3des
hash sha
group 2
authentication pre-share
exit
crypto isakmp key 0 benet address 61.0.0.2
access-list 100 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255
crypto ipsec transform-set r1r4 ah-sha-hmac esp-3des
mo tunnel
exit
crypto map mymap 1 ipsec-isakmp
set peer 61.0.0.2
set transform-set r1r4
set pfs group2
set security-association lifetime seconds 3600
set security-association idle-time 120
match address 100
exit
int s0/1
crypto map mymap
exit
key config-key password-encrypt
12345678
12345678
password encryption aes
en
conf t
ho r1
enable password cisco
enable secret cisco
line con 0
pass cisco
login
exit
line vty 0 4
login local
exit
username cisco password cisco
int s0/1
ip add 202.70.134.1 255.255.255.0
no sh
clock rate 64000
exit
int f1/0
ip add 172.16.1.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 202.70.134.2
crypto isakmp policy 10
encryption 3des
hash sha
group 2
authentication pre-share
exit
crypto isakmp key 0 benet address 61.0.0.2
access-list 100 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255
crypto ipsec transform-set r1r4 ah-sha-hmac esp-3des
mo tunnel
exit
crypto map mymap 1 ipsec-isakmp
set peer 61.0.0.2
set transform-set r1r4
set pfs group2
set security-association lifetime seconds 3600
set security-association idle-time 120
match address 100
exit
int s0/1
crypto map mymap
exit
key config-key password-encrypt
12345678
12345678
password encryption aes
在R2上
en
conf t
ho r2
enable password cisco
enable secret cisco
line con 0
password cisco
login
exit
line vty 0 4
login
exit
username cisco password cisco
int s0/1
ip add 202.70.134.2 255.255.255.0
no sh
int s1/1
ip add 218.30.1.2 255.255.255.0
clock rate 64000
no sh
exit
int loopback 0
ip add 2.2.2.2 255.255.255.255
no sh
exit
router ospf 2
router-id 2.2.2.2
net 2.2.2.2 0.0.0.0 area 0
net 202.70.134.0 0.0.0.255 area 0
net 218.30.1.0 0.0.0.255 area 0
exit
在R3上:
en
conf t
ho r3
enable password cisco
enable secret cisco
line con 0
password cisco
login
exit
line vty 0 4
login
exit
username cisco password cisco
int s0/1
ip add 61.0.0.1 255.255.255.0
no sh
int s1/1
ip add 218.30.1.1 255.255.255.0
no sh
int loopback 0
ip add 3.3.3.3 255.255.255.255
no sh
exit
router ospf 3
router-id 3.3.3.3
net 3.3.3.3 0.0.0.0 area 0
net 218.30.1.0 0.0.0.255 area 0
net 61.0.0.0 0.0.0.255 area 0
exit
在R4上:
en
conf t
ho r4
enable password cisco
enable secret cisco
line con 0
password cisco
login
exit
line vty 0 4
login
exit
username cisco password cisco
int s0/1
ip add 61.0.0.2 255.255.255.0
clock rate 64000
no sh
exit
int f1/0
ip add 172.16.2.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 61.0.0.1
crypto isakmp policy 10
encryption 3des
hash sha
group 2
authentication pre-share
exit
crypto isakmp key 0 benet address 202.70.134.1
access-list 100 permit ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255
crypto ipsec transform-set r4r1 ah-sha-hmac esp-3des
mo tunnel
exit
crypto map mymap 1 ipsec-isakmp
set peer 202.70.134.1
set transform-set r4r1
set pfs group2
set security-association lifetime seconds 3600
set security-association idle-time 120
match address 100
exit
int s0/1
crypto map mymap
exit
key config-key password-encrypt
12345678
12345678
password encryption aes
conf t
ho r4
enable password cisco
enable secret cisco
line con 0
password cisco
login
exit
line vty 0 4
login
exit
username cisco password cisco
int s0/1
ip add 61.0.0.2 255.255.255.0
clock rate 64000
no sh
exit
int f1/0
ip add 172.16.2.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 61.0.0.1
crypto isakmp policy 10
encryption 3des
hash sha
group 2
authentication pre-share
exit
crypto isakmp key 0 benet address 202.70.134.1
access-list 100 permit ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255
crypto ipsec transform-set r4r1 ah-sha-hmac esp-3des
mo tunnel
exit
crypto map mymap 1 ipsec-isakmp
set peer 202.70.134.1
set transform-set r4r1
set pfs group2
set security-association lifetime seconds 3600
set security-association idle-time 120
match address 100
exit
int s0/1
crypto map mymap
exit
key config-key password-encrypt
12345678
12345678
password encryption aes
配置完成後進行驗證結果如下:
可以看出***已經連接成功!!!