VPN配置实验Word格式文档下载.doc
《VPN配置实验Word格式文档下载.doc》由会员分享,可在线阅读,更多相关《VPN配置实验Word格式文档下载.doc(12页珍藏版)》请在冰豆网上搜索。
2.配置路由器0和路由器2,构建VPN。
实验二、拓扑结构如下图所示,IP地址必须配置成不同于下图中的IP。
2.配置路由器3和路由器0,构建远程接入VPN。
实验一拓扑
实验二拓扑
四、实验步骤
实验一
分部路由设置
Router>
enable
Router#configureterminal
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#hostnamefenbu
fenbu(config)#interfaceFastEthernet0/1
fenbu(config-if)#ipaddress192.168.1.1255.255.255.0
fenbu(config-if)#noshutdown
%LINK-5-CHANGED:
InterfaceFastEthernet0/1,changedstatetoup
%LINEPROTO-5-UPDOWN:
LineprotocolonInterfaceFastEthernet0/1,changedstatetoup
fenbu(config-if)#exit
fenbu(config)#interfaceFastEthernet0/0
fenbu(config-if)#ipaddress100.1.1.2255.255.255.0
InterfaceFastEthernet0/0,changedstatetoup
LineprotocolonInterfaceFastEthernet0/0,changedstatetoup
fenbu(config)#cryptoisakmppolicy10
fenbu(config-isakmp)#encryption3des
fenbu(config-isakmp)#hashmd5
fenbu(config-isakmp)#authenticationpre-share
fenbu(config-isakmp)#cryptoisakmpkeygaoaddress200.1.1.2
fenbu(config)#cryptoipsectransform-setgaozhuangesp-3desesp-md5-hma
fenbu(config)#cryptomaptom10ipsec-isakmp?
dynamicEnabledynamiccryptomapsupport
<
cr>
fenbu(config)#cryptomaptom10ipsec-isakmp
%NOTE:
Thisnewcryptomapwillremaindisableduntilapeer
andavalidaccesslisthavebeenconfigured.
fenbu(config-crypto-map)#setpeer200.1.1.2
fenbu(config-crypto-map)#settransform-setgaozhuang
fenbu(config-crypto-map)#matchaddress101
fenbu(config-crypto-map)#exit
fenbu(config)#access-list101permitip192.168.1.00.0.0.255192.168.2.00.0.0.255
fenbu(config)#intf0/0
fenbu(config-if)#cryptomapgao
*Jan307:
16:
26.785:
%CRYPTO-6-ISAKMP_ON_OFF:
ISAKMPisON
fenbu(config-if)#noshut
fenbu(config)#iproute0.0.0.00.0.0.0100.1.1.1
fenbu(config)#exit
远程路由设置
Router(config)#hostnameyuanchen
yuanchen(config)#interfaceFastEthernet0/1
yuanchen(config-if)#ipaddress200.1.1.2255.255.255.0
yuanchen(config-if)#noshutdown
yuanchen(config)#interfaceFastEthernet0/0
yuanchen(config-if)#ipaddress192.168.2.1255.255.255.0
yuanchen(config-if)#exit
yuanchen(config)#cryptoisakmppolicy10
yuanchen(config-isakmp)#encryption3des
yuanchen(config-isakmp)#hashmd5
yuanchen(config-isakmp)#authenticationpre-share
yuanchen(config-isakmp)#cryptoisakmpkeygaoaddress100.1.1.2
yuanchen(config)#cryptoipsectransform-setgaozhuangesp-3desesp-md5-hmac
yuanchen(config)#cryptomapgao10ipsec-isakmp
yuanchen(config-crypto-map)#settransform-setgaozhuang
yuanchen(config-crypto-map)#setpeer100.1.1.2
yuanchen(config-crypto-map)#matchaddress101
yuanchen(config-crypto-map)#exit
yuanchen(config)#access-list101permitip192.168.2.00.0.0.255192.168.1.00.0.0.255
^
yuanchen(config)#intf0/1
yuanchen(config-if)#cryptomapgao
yuanchen(config-if)#noshut
yuanchen(config)#iproute0.0.0.00.0.0.0200.1.1.1
yuanchen(config)#exit
测试 PC1pingPC0
成功ping通,实验成功
实验二、
Vpn连接
相关代码
zongbu#conft
zongbu(config)#aaanew-model
zongbu(config)#aaaauthenticationlogingaolocal
zongbu(config)#aaaauthorizationnetworkzhuanglocal
zongbu(config)#usernamegaozhuangsecret14060510012
zongbu(config)#cryptoisakmppolicy1
zongbu(config-isakmp)#hashmd5
zongbu(config-isakmp)#authenticationpre-share
zongbu(config-isakmp)#group2
zongbu(config-isakmp)#exit
zongbu(config)#iplocalpoolgz192.168.2.1192.168.2.10
zongbu(config)#cryptoisakmpclientconfigurationgroupgaogroup
zongbu(config-isakmp-group)#keygaozhuanggongxiangmiyao
zongbu(config-isakmp-group)#poolgaogroup
zongbu(config-isakmp-group)#exit
zongbu(config)#cryptoipsectransform-setgaoesp-aesesp-sha-hmac
zongbu(config)#cryptodynamic-mapwydynmap10
zongbu(config-crypto-map)#settransform-setgao
zongbu(config-crypto-map)#reverse-route
zongbu(config-crypto-map)#exit
zongbu
升级会员 