实验四IPSec综合实验Word格式文档下载.docx

实验四IPSec综合实验Word格式文档下载.docx

《实验四IPSec综合实验Word格式文档下载.docx》由会员分享，可在线阅读，更多相关《实验四IPSec综合实验Word格式文档下载.docx（8页珍藏版）》请在冰豆网上搜索。

192.168.1.1/24

Router1

FastEthernet0/1

192.168.1.254/24

FastEthernet0/0

192.168.2.1/30

Router2

192.168.2.2/30

192.168.3.254/24

PC2

192.168.3.1/24

配置清单：

路由器IP配置清单

RSR20-01>

en14

Password:

RSR20-01#conft

Enterconfigurationcommands,oneperline.EndwithCNTL/Z.

RSR20-01（config）#intfa0/1

RSR20-01（config-if）#ipadd192.168.1.254255.255.255.0

RSR20-01（config-if）#noshutdown

RSR20-01（config-if）#exit

RSR20-01（config）#intfa0/0

RSR20-01（config-if）#ipadd192.168.2.1255.255.255.252

RSR20-01（config-if）#end

RSR20-01#

RSR20-02>

RSR20-02#conft

RSR20-02（config）#

RSR20-02（config）#intfa0/0

RSR20-02（config-if）#ipadd192.168.2.2255.255.255.252

RSR20-02（config-if）#nosh

RSR20-02（config-if）#noshutdown

RSR20-02（config-if）#exit

RSR20-02（config）#intfa0/1

RSR20-02（config-if）#ipadd192.168.3.254255.255.255.0

RSR20-02（config-if）#end

RSR20-02#

路由器RIP路由协议配置清单

RSR20-01（config）#routerrip

RSR20-01（config-router）#network192.168.1.0

RSR20-01（config-router）#network192.168.2.0

RSR20-01（config-router）#end

RSR20-02（config）#routerrip

RSR20-02（config-router）#network192.168.2.0

RSR20-02（config-router）#network192.168.3.0

RSR20-02（config-router）#end

路由器IPSec配置清单

RSR20-01（config）#

RSR20-01（config）#access-list100permitip192.168.1.00.0.0.255?

A.B.C.DDestinationaddress

anyAnydestinationhost

hostAsingledestinationhost

RSR20-01（config）#$00.0.0.255192.168.3.00.0.0.255

RSR20-01（config）#crypto?

dynamic-mapSpecifyadynamiccryptomaptemplate

ipsecConfigureIPSECpolicy

isakmpConfigureISAKMPpolicy

keyLongtermkeyoperations

mapEnteracryptomap

pkiPublicKeycomponents

softwareUsesoftwareengineforIPSecprocessing

RSR20-01（config）#cryptoisakmp?

enableEnableISAKMP

keepaliveSetakeepaliveintervalforusewithipsecpeers

keySetpre-sharedkeyforremotepeer

mode-detectSetmode-detecttoacceptmainmodeoraggressivenegetiate

policySetpolicyforanISAKMPprotectionsuite

RSR20-01（config）#cryptoisakmppolicy?

<

1-10000>

Priorityofprotectionsuite

RSR20-01（config）#cryptoisakmppolicy1

RSR20-01（isakmp-policy）#authentication?

pre-sharePre-SharedKey

rsa-sigRsa-Sig

RSR20-01（isakmp-policy）#authenticationpre-share

RSR20-01（isakmp-policy）#encryption?

3desThreekeytripleDES.

aes-128AES-AdvancedEncryptionStandard（128bitkeys）.

aes-192AES-AdvancedEncryptionStandard（192bitkeys）.

aes-256AES-AdvancedEncryptionStandard（256bitkeys）.

desDES-DataEncryptionStandard（56bitkeys）.

RSR20-01（isakmp-policy）#encryption3des

RSR20-01（isakmp-policy）#hash?

md5MessageDigest5

shaSecureHashStandard

RSR20-01（isakmp-policy）#hashsha

RSR20-01（isakmp-policy）#group?

1-2>

Groupdescriptionnumber

RSR20-01（isakmp-policy）#group2

RSR20-01（isakmp-policy）#exit

RSR20-01（config）#cryptoisakmpkey?

0SpecifiesanUNENCRYPTEDpasswordwillfollow

7SpecifiesaHIDDENpasswordwillfollow

RSR20-01（config）#cryptoisakmpkey0?

WORDPre-sharedkey

RSR20-01（config）#cryptoisakmpkey0ruijie?

addressDefinesharedkeywithIPaddress

hostnameDefinesharedkeywithhostname

RSR20-01（config）#cryptoisakmpkey0ruijieaddress?

A.B.C.DPeerIPaddress

RSR20-01（config）#cryptoisakmpkey0ruijieaddress192.168.2.2

RSR20-01（config）#cryptoipsec?

df-bitDf-bitsetting

security-associationSecurityassociationparameters

transform-setDefinetransformandsettings

RSR20-01（config）#cryptoipsectransform-set?

WORDTransformsettag

RSR20-01（config）#cryptoipsectransform-setruijie?

ah-md5-hmacAH-HMAC-MD5transform

ah-sha-hmacAH-HMAC-SHAtransform

esp-3desESPtransformusing3DES（EDE）cipher（168bits）

esp-aes-128ESPtransformusingAES（CBC）cipher（128bits）

esp-aes-192ESPtransformusingAES（CBC）cipher（192bits）

esp-aes-256ESPtransformusingAES（CBC）cipher（256bits）

esp-desESPtransformusingDEScipher（56bits）

esp-md5-hmacESPtransformusingHMAC-MD5auth

esp-nullESPtransformw/ocipher

esp-sha-hmacESPtransformusingHMAC-SHAauth

cr>

RSR20-01（config）#cryptoipsectransform-setruijieesp-3des?

RSR20-01（config）#cryptoipsectransform-setruijieesp-3desesp-sha-hmac

RSR20-01（cfg-crypto-trans）#exit

RSR20-01（config）#cryptomap?

WORDCryptomaptag

RSR20-01（config）#cryptomapruijie?

1-65535>

Sequencetoinsertintocryptomapentry

local-addressInterfacetouseforlocaladdressforthiscryptomap

RSR20-01（config）#cryptomapruijie1?

ipsec-isakmpIPSECISAKMP

ipsec-manualIPSECmanualkeying

RSR20-01（config）#cryptomapruijie1ipsec-?

ipsec-isakmpipsec-manual

RSR20-01（config）#cryptomapruijie1ipsec-isakmp?

dynamicEnabledynamiccryptomapsupport

RSR20-01（config）#cryptomapruijie1ipsec-isakmp

RSR20-01（config-crypto-map）#set?

exchange-modeSetexchangemodeusingthisitem

peerAllowedEncryption/Decryptionpeer

transform-setSpecifylistoftransformsetsinpriorityorder

RSR20-01（config-crypto-map）#setpeer?

WORDIPaddress（A.B.C.D）/Hostnameofpeer

RSR20-01（config-crypto-map）#setpeer192.168.2.2

RSR20-01（config-crypto-map）#settransform-set?

WORDProposaltag

RSR20-01（config-crypto-map）#settransform-setruijie

RSR20-01（config-crypto-map）#match?

addressMatchaddressofpacketstoencrypt

RSR20-01（config-crypto-map）#matchaddress?

100-199>

IPaccess-listnumber

RSR20-01（config-crypto-map）#matchaddress100

RSR20-01（config-crypto-map）#exit

RSR20-01（config-if）#crypto?

mapApplycryptotointerface

RSR20-01（config-if）#cryptomap?

WORDCryptomapname

RSR20-01（config-if）#cryptomapruijie