廣域網EASY ***實驗
網絡拓撲:
實驗目的:
實現WAI網PC用*** CLENT軟件訪問內網資源即可。
實驗步驟:
1. 設置NEI網路由器
Building configuration...
Current configuration : 641 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
resource policy
ip cef
interface FastEthernet0/0
ip address 172.0.0.2 255.255.255.0
/*設置外網口地址
duplex half
!
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
/*設置內網口地址
duplex half
!
no ip http server
no ip http secure-server
logging alarm informational
control-plane
gatekeeper
shutdown
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
2. 設置外網路由器
Building configuration...
Current configuration : 641 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
resource policy
!
ip cef
!
interface FastEthernet0/0
ip address 172.0.0.1 255.255.255.0
/*設置外網口地址
duplex half
!
interface FastEthernet1/0
ip address 10.0.0 .1 255.0.0.0
/*設置內網口地址
duplex half
!
no ip http server
no ip http secure-server
logging alarm informational
control-plane
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
3. 設置內外網PC並檢查連通性
內網PC:
這裏一定要PING不通外網地址
外網PC同理。
4. 在內網路由器添加***設置
Router con0 is now available
Press RETURN to get started.
Router> en
Router#sh run
Building configuration...
Current configuration : 1302 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
esource policy
ip cef
username ccnp password 0 cisco
crypto isakmp policy 100
/*配置IKE策略
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group ez***policy
/*配置IKE階段的客戶段配置參數
key ciscoaaa
/*客戶端軟件所用的密碼
pool ez***pool
/*調用一下地址池
crypto ipsec transform-set ez***set esp-3des esp-md5-hmac
/*配置IPSEC轉換集合,供動態影射模板調用
crypto dynamic-map dmap 65535
/*配置動態映射模版調用IPSEC轉換集
set transform-set ez***set
reverse-route
/*/反向路由注入
crypto map my*** client authentication list ez***_login
crypto map my*** isakmp authorization list ez***_autho
crypto map my*** client configuration address respond
crypto map my*** 65535 ipsec-isakmp dynamic dmap
/*調用動態影射模板
interface FastEthernet0/0
ip address 172.0.0.2 255.255.255.0
duplex half
crypto map my***
/*關聯到接口
!
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
duplex half
!
ip local pool ez***pool 100.100.100.10 100.100.100.20
/*配置本地地址池,以供調用
ip route 0.0.0 .0 0.0.0.0 172.0.0.1
/*配置默認路由,使之能到達PC
no ip http server
no ip http secure-server
logging alarm informational
control-plane
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
5. 設置外網PC CLINET
如圖:
*** client上的配置如下:
Connection Entry填本地PC的IP地址
Description上隨便填
Host上填Server的地址
Group Authentication欄填上
ez***policy
ciscoaaa
連接時要配置的用戶名和密碼應該是Server
ccnp
Connection Entry填本地PC的IP地址
Description上隨便填
Host上填Server的地址
Group Authentication欄填上
ez***policy
ciscoaaa
連接時要配置的用戶名和密碼應該是Server
ccnp
cisco
連接後,出現如圖:
補充:
上面實驗是用用Dynamips和Virtual PC模擬廣域網***實驗。
需要實現虛擬PC通過真實電腦網卡和路由器的橋接。
真實網絡需要兩塊網卡:
路由器橋接
計算橋接參數,選擇對應的網卡。如圖:最上面是本地連接3。
複製你要橋接的網卡參數,返回主界面後依次填入你要橋接的網卡
例如:\Device\NPF_{2CD5187F -2A 2A -4AF9-8009-531D37B51B3B}。確定橋接參數就可以了。
虛擬PC橋接:
選擇左邊Adapter1:爲你橋接的網卡即可。