ImageVerifierCode 换一换
格式:DOCX , 页数:22 ,大小:47.82KB ,
资源ID:7380941      下载积分:3 金币
快捷下载
登录下载
邮箱/手机:
温馨提示:
快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。 如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝    微信支付   
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【https://www.bdocx.com/down/7380941.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录   QQ登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(103实验指导1对多 Site To Site VPN.docx)为本站会员(b****5)主动上传,冰豆网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知冰豆网(发送邮件至service@bdocx.com或直接QQ联系客服),我们立即给予删除!

103实验指导1对多 Site To Site VPN.docx

1、103实验指导1对多 Site To Site VPN实验指导(1对多 Site To Site VPN)一、 实验任务 R1:RotuerA、 R2:Internet、 R3:RotuerB、 R4:RotuerC RouterB、RouterC采用VPN和总部连接 总部和不同分部之间的VPN采用不同的参数、密码 要保证三个site之间都可以互相通信二、 实验步骤1、 R1、R2、R3上如图配置IP地址,打开接口,配置路由:Switch(S1):Switch(config)#int f0/0Switch(config-if)#shutdownRouterA(R1):int s1/1 no s

2、hutdown clock rate 128000 ip add 202.96.134.1 255.255.255.252int loopback0 ip add 10.1.1.1 255.255.255.0ip route 0.0.0.0 0.0.0.0 s1/1Internet(R2):int s1/0 no shutdown clock rate 128000 ip add 202.96.134.2 255.255.255.252int s1/1 no shutdown clock rate 128000 ip add 61.0.0.1 255.255.255.252int e0/0 n

3、o shutdown duplex full ip add 198.133.0.1 255.255.255.252RouterB(R3):int s1/0 no shutdown clock rate 128000 ip add 61.0.0.02 255.255.255.252int loopback0 ip add 10.2.2.2 255.255.255.0ip route 0.0.0.0 0.0.0.0 s1/0RouterC(R4):int e0/0 no shutdown duplex full ip add 198.133.0.2 255.255.255.252int loopb

4、ack0 ip add 10.3.3.3 255.255.255.0ip route 0.0.0.0 0.0.0.0 198.133.0.12、 RouterA:和RouterB之间联通的配置:!crypto isakmp policy 10 hash md5 authentication pre-share!crypto isakmp key 0 cisco1234 address 61.0.0.2!crypto ipsec transform-set SITE2 esp-des esp-md5-hmac !crypto map TEST-MAP 10 ipsec-isakmp set pe

5、er 61.0.0.2 set transform-set SITE2 match address 110!interface Serial1/1 crypto map TEST-MAP!access-list 110 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255!3、 RouterB:和RouterA之间联通的配置:!crypto isakmp policy 10 hash md5 authentication pre-share!crypto isakmp key 0 cisco1234 address 202.96.134.1!crypt

6、o ipsec transform-set SITE1 esp-des esp-md5-hmac !crypto map TEST-MAP 10 ipsec-isakmp set peer 202.96.134.1 set transform-set SITE1 match address 110!interface Serial1/0 crypto map TEST-MAP!access-list 110 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255!4、 RouterA:和RouterC之间联通的配置:!crypto isakmp poli

7、cy 20 encry aes hash sha group 2 authentication pre-share!crypto isakmp key 0 123456 address 198.133.0.2!crypto ipsec transform-set SITE3 esp-3des esp-sha!crypto map TEST-MAP 20 ipsec-isakmp set peer 198.133.0.2 set transform-set SITE3 match address 120!interface Serial1/1 crypto map TEST-MAP!access

8、-list 120 permit ip 10.1.1.0 0.0.0.255 10.3.3.0 0.0.0.2555、 RouterC:和RouterA之间联通的配置:!crypto isakmp policy 10 encry aes hash sha group 2 authentication pre-share!crypto isakmp key 0 123456 address 202.96.134.1!crypto ipsec transform-set SITE1 esp-3des esp-sha!crypto map TEST-MAP 10 ipsec-isakmp set p

9、eer 202.96.134.1 set transform-set SITE1 match address 110!interface e0/0 crypto map TEST-MAP!access-list 110 permit ip 10.3.3.0 0.0.0.255 10.1.1.0 0.0.0.255!6、 测试:从RouterA的loopback0接口ping RouterB和RouterC的loopback0RouterA:ping 10.2.2.2 source 10.1.1.1ping 10.3.3.3 source 10.1.1.1RouterB:ping 10.1.1.

10、1 source 10.2.2.2RouterC:ping 10.1.1.1 source 10.3.3.3RouterB、RouterC是否可以互相ping loopback接口? show crypto isakmp policy show cry ipsec transform-set show crypto map show crypto isakmp sa show crypto ipsec sa show crypto engine connections active clear crypto sa clear crypto isakmp7、 RouterB、RouterC也要可

11、以互相通信,需要改变感兴趣流(ACL)RouterA:增加access-list 110 permit ip 10.3.3.0 0.0.0.255 10.2.2.0 0.0.0.255access-list 120 permit ip 10.2.2.0 0.0.0.255 10.3.3.0 0.0.0.255RouterB:增加access-list 110 permit ip 10.2.2.0 0.0.0.255 10.3.3.0 0.0.0.255RouterC:增加access-list 110 permit ip 10.3.3.0 0.0.0.255 10.2.2.0 0.0.0.25

12、5重新测试:RouterA:ping 10.2.2.2 source 10.1.1.1ping 10.3.3.3 source 10.1.1.1RouterB:ping 10.3.3.3 source 10.2.2.2RouterC:ping 10.2.2.2 source 10.3.3.3三、 完整配置(RouterC/RouterB不能通信)=R1=!hostname R1!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5!ip cef! ! !crypto isakmp policy 10 hash

13、md5 authentication pre-share!crypto isakmp policy 20 encr aes authentication pre-share group 2crypto isakmp key cisco1234 address 61.0.0.2crypto isakmp key 123456 address 198.133.0.2!crypto ipsec transform-set SITE2 esp-des esp-md5-hmac crypto ipsec transform-set SITE3 esp-3des esp-sha-hmac !crypto

14、map TEST-MAP 10 ipsec-isakmp set peer 61.0.0.2 set transform-set SITE2 match address 110crypto map TEST-MAP 20 ipsec-isakmp set peer 198.133.0.2 set transform-set SITE3 match address 120!interface Loopback0 ip address 10.1.1.1 255.255.255.0! interface Ethernet0/0 no ip address shutdown half-duplex!i

15、nterface Ethernet0/1 no ip address shutdown half-duplex!interface Ethernet0/2 no ip address shutdown half-duplex!interface Ethernet0/3 no ip address shutdown half-duplex!interface Serial1/0 no ip address shutdown serial restart-delay 0 no fair-queue!interface Serial1/1 ip address 202.96.134.1 255.25

16、5.255.252 serial restart-delay 0 clock rate 128000 crypto map TEST-MAP!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!ip http serverno ip http secure-server!ip route 0.0.0.0 0.0.0.0 Serial1/1!access-list 110 permit

17、ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255access-list 120 permit ip 10.1.1.0 0.0.0.255 10.3.3.0 0.0.0.255!control-plane!line con 0line aux 0line vty 0 4! End=R2=!hostname R2!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5!ip cef! ! !interface Ethernet0/0 ip address 198.133.0.1 255

18、.255.255.252 full-duplex! interface Ethernet0/1 no ip address shutdown half-duplex!interface Ethernet0/2 no ip address shutdown half-duplex!interface Ethernet0/3 no ip address shutdown half-duplex!interface Serial1/0 ip address 202.96.134.2 255.255.255.252 serial restart-delay 0 clock rate 128000 no

19、 fair-queue!interface Serial1/1 ip address 61.0.0.1 255.255.255.252 serial restart-delay 0 clock rate 128000!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!ip http serverno ip http secure-server!control-plane! !line

20、 con 0 exec-timeout 0 0line aux 0line vty 0 4!End=R3=!hostname R3!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5!ip cef! ! !crypto isakmp policy 10 hash md5 authentication pre-sharecrypto isakmp key cisco1234 address 202.96.134.1!crypto ipsec transform-set SITE1 esp-des esp-md5

21、-hmac !crypto map TEST-MAP 10 ipsec-isakmp set peer 202.96.134.1 set transform-set SITE1 match address 110!interface Loopback0 ip address 10.2.2.2 255.255.255.0!interface Ethernet0/0 no ip address shutdown half-duplex!interface Ethernet0/1 no ip address shutdown half-duplex!interface Ethernet0/2 no

22、ip address shutdown half-duplex!interface Ethernet0/3 no ip address shutdown half-duplex!interface Serial1/0 ip address 61.0.0.2 255.255.255.252 serial restart-delay 0 clock rate 128000 no fair-queue crypto map TEST-MAP!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Seri

23、al1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!ip http serverno ip http secure-server!ip route 0.0.0.0 0.0.0.0 Serial1/0!access-list 110 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255!control-plane! !line con 0line aux 0line vty

24、 0 4!end=R4=!hostname R4!boot-start-markerboot-end-marker!no aaa new-modelmemory-size iomem 5!ip cef! ! !crypto isakmp policy 10 encr aes authentication pre-share group 2crypto isakmp key 123456 address 202.96.134.1! crypto ipsec transform-set SITE1 esp-3des esp-sha-hmac !crypto map TEST-MAP 10 ipse

25、c-isakmp set peer 202.96.134.1 set transform-set SITE1 match address 110!interface Loopback0 ip address 10.3.3.3 255.255.255.0!interface Ethernet0/0 ip address 198.133.0.2 255.255.255.252 full-duplex crypto map TEST-MAP!interface Ethernet0/1 no ip address shutdown half-duplex! interface Ethernet0/2

26、no ip address shutdown half-duplex!interface Ethernet0/3 no ip address shutdown half-duplex!interface Serial1/0 no ip address shutdown serial restart-delay 0!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown serial restart-delay 0!ip http serverno ip http secure-server!ip route 0.0.0.0 0.0.0.0 198.133.0.1!access-list 110 permit ip 10.3.3.0 0.0.0.255 10.1.1.0 0.0.0.255!control-plane! !line con 0line aux 0line vty 0 4!End

copyright@ 2008-2022 冰豆网网站版权所有

经营许可证编号:鄂ICP备2022015515号-1