CiscoL2LVPNWord文件下载.docx
《CiscoL2LVPNWord文件下载.docx》由会员分享,可在线阅读,更多相关《CiscoL2LVPNWord文件下载.docx(8页珍藏版)》请在冰豆网上搜索。
ip|tcp|telnetsourceip1.1.1.1destinationip5.5.5.5
一旦撞击上接口的Cryptomap则加密。
加密后的格式为:
ip|ESP|PC发出的包sourceip192.168.1.1destinationip192.168.2.4
Router1配置
Router1#shrunning-config
!
hostnameRouter1
noaaanew-model
ipcef
noipdomainlookup
interfaceLoopback1
ipaddress1.1.1.1255.255.255.0
interfaceSerial1/0
ipaddress12.1.1.1255.255.255.0
serialrestart-delay0
iproute0.0.0.00.0.0.012.1.1.2
Router1#
Router2配置
Router2#shrun
Buildingconfiguration...
Currentconfiguration:
1738bytes
hostnameRouter2
cryptoisakmppolicy10//定义isakmppolicy10,Router按照从小到大规则匹配
hashmd5
authenticationpre-share//认证方式为pre-share
group2
cryptoisakmpkeyciscoaddress192.168.2.4//peer地址和Key
cryptoipsectransform-setL2L.tranesp-desesp-md5-hmac//第二阶段的转换集
cryptomapL2L.map10ipsec-isakmp//建立Cryptomap方式为ipsec-isakmp
setpeer192.168.2.4
settransform-setL2L.tran//关联转换集
matchaddressL2L.vpn//匹配感兴趣流
interfaceFastEthernet0/0
ipaddress192.168.1.2255.255.255.0
ipnatoutside
ipvirtual-reassembly
duplexfull
cryptomapL2L.map//接口上调用
interfaceSerial1/1
ipaddress12.1.1.2255.255.255.0
ipnatinside
iproute0.0.0.00.0.0.0192.168.1.3
iproute1.1.1.1255.255.255.25512.1.1.1
noiphttpserver
noiphttpsecure-server
ipnatinsidesourcelist101interfaceFastEthernet0/0overload
ipaccess-listextendedL2L.vpn//定义感兴趣流
permitiphost1.1.1.1host5.5.5.5
loggingalarminformational
access-list101denyiphost1.1.1.1host5.5.5.5//Nat时Deny掉感兴趣流
access-list101permitiphost1.1.1.1any
access-list101permitiphost12.1.1.1any
Router3配置
Router3#shrunning-config
1057bytes
hostnameRouter3
interfaceLoopback3
ipaddress3.3.3.3255.255.255.0
ipaddress192.168.1.3255.255.255.0
ipaddress192.168.2.3255.255.255.0
Router3#
Router4配置
Router4#shrun
hostnameRouter4
cryptoisakmppolicy10
authenticationpre-share
cryptoisakmpkeyciscoaddress192.168.1.2
cryptoipsectransform-setL2L.tranesp-desesp-md5-hmac
cryptomapL2L.map10ipsec-isakmp
setpeer192.168.1.2
settransform-setL2L.tran
setipaccess-groupcryvpnin
matchaddressL2L.vpn
ipaddress192.168.2.4255.255.255.0
cryptomapL2L.map
ipaddress45.1.1.4255.255.255.0
iproute0.0.0.00.0.0.0192.168.2.3
iproute5.5.5.5255.255.255.25545.1.1.5
ipnatinsidesourcelist101interfaceSerial1/0overload
ipaccess-listextendedL2L.vpn
permitiphost5.5.5.5host1.1.1.1
ipaccess-listextendedcryvpn//设置CryptoMap下的ACL
permittcphost1.1.1.1host5.5.5.5eqtelnet
access-list101denyiphost5.5.5.5host1.1.1.1
access-list101permitiphost5.5.5.5any
access-list101permitiphost45.1.1.5any
Router4#
Router5配置
Router5#shrun
1075bytes
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
hostnameRouter5
interfaceLoopback5
ipaddress5.5.5.5255.255.255.0
ipaddress45.1.1.5255.255.255.0
iproute0.0.0.00.0.0.045.1.1.4
Router5#