刚做完的实验,贴出来大家分享,虽然不是Cisco的设备,命令几乎完全相同,大家理解就行了。
环境:两台博达2750路由器(1*E,1*FE),两台PC
实验目的:两台路由器通过E0/1连接,实现IPSec VPN,使两台PC互访,并且都能分别通过路由器的NAT访问互联网。
配置:
RouterARouterA#sh run
Building configuration...
Current configuration:
!
!version 1.3.1E
service timestamps log date
service timestamps debug date
no service password-encryption
!
hostname RouterA
!
!
!
crypto ipsec transform-set one
!
crypto map aaa 100 ipsec-manual
set peer 192.0.0.2
set security-association inbound esp 256 cipher abcdabcdabcdabcd
set security-association outbound esp 1257 cipher 1234123412341234
set transform-set one
match address test
!
!
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet0/1
ip address 192.0.0.1255.255.255.0
no ip directed-broadcast
crypto map aaa
duplex half
ip nat outside
!
interface Serial0/0
no ip address
no ip directed-broadcast
!
interface Async0/0
no ip address
no ip directed-broadcast
!
!
ip route default 192.0.0.3
!
!
!
!
!
ip access-list standard nat-2
permit 172.16.1.0 255.255.255.0
!
ip access-list extended test
permit ip 192.0.0.1255.255.255.0 192.0.0.2 255.255.255.0!
!
!
!
ip nat outside source static 192.0.0.2 172.16.2.2
ip nat inside source static 172.16.1.2 192.0.0.1
ip nat inside source list nat-2 interface Ethernet0/1
!
!
!
RouterB:
RouterB#sh run
Building configuration...
Current configuration:
!
!version 1.3.1E
service timestamps log date
service timestamps debug date
no service password-encryption
!
hostname RouterB
!
!
!
crypto ipsec transform-set one
!
crypto map aaa 100 ipsec-manual
set peer 192.0.0.1
set security-association inbound esp 1257 cipher 1234123412341234
set security-association outbound esp 256 cipher abcdabcdabcdabcd
set transform-set one
match address test
!
!
interface FastEthernet0/0
ip address 172.16.2.1 255.255.255.0
no ip directed-broadcast
duplex half
ip nat inside
!
interface Ethernet0/1
ip address 192.0.0.2 255.255.255.248
no ip directed-broadcast
crypto map aaa
ip nat outside
!
interface Serial0/0
no ip address
no ip directed-broadcast
!
interface Async0/0
no ip address
no ip directed-broadcast
!
!
ip route default 192.0.0.3
!
!
!
!
!
ip access-list standard internet
permit 172.16.2.0 255.255.255.0
!
ip access-list extended test
permit ip 192.0.0.2 255.255.255.0 192.0.0.1 255.255.255.0
!
!
!
!
ip nat inside source static 172.16.2.2 192.0.0.2
ip nat outside source static 192.0.0.1 172.16.1.2
ip nat inside source list internet interface Ethernet0/1
!
!
!
进入论坛讨论。
【相 关 文 章】
相关专题
论坛精华
阅读排行榜
- IPSec协议介绍 (453次浏览)
- IP安全加密 IPSec安全技术全面接触 (214次浏览)
- 利用IPSEC阻止恶意程序访问网络 (209次浏览)
- IPSeC的协议 (144次浏览)
- IPSec基础(三)——IPSec协议类型 (132次浏览)
- IPSec基础-IPSec体系结构 (116次浏览)
- IPsec:IP层协议安全结构 (99次浏览)
- 解决争端 让IPsec与NAT两技术和平共处 (98次浏览)
- IPSec中安全协议ESP、AH精解 (94次浏览)
- IPSec和NAT工作模&# (90次浏览)
最新技术文档
- IPSec协议介绍 12-22
- IPSeC的协议 12-15
- IP安全加密 IPSec安全技术全面接触 12-14
- 利用IPSEC阻止恶意程序访问网络 12-14
- IPSec基础(三)——IPSec协议类型 12-14
- 服务器安全之IPSEC:易忽视的防火墙 12-12
- IPSec基础-IPSec体系结构 12-12
- FreeBSD下配置IPSec:WinXP------FreeBSD 12-04
- 在Solaris和Linux之间实现IPSec连接 12-04
- 使用IPsec与组策略管理服务器和域隔离环境 11-11
热门关键字导读