天天看点
返回

ipsec vpn 多对等体

实验拓扑:

ipsec vpn 多对等体

---------------------R1------------------------------------------------------

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

crypto isakmp key root address 30.1.1.1 255.255.255.0

crypto isakmp key cisco address 20.1.1.1 255.255.255.0

!

crypto ipsec transform-set trans esp-des esp-md5-hmac

crypto map smap 10 ipsec-isakmp

set peer 20.1.1.1

set transform-set trans

match address vpna

crypto map smap 20 ipsec-isakmp

set peer 30.1.1.1

match address vpnb

interface Loopback0

ip address 1.1.1.1 255.255.255.0

interface FastEthernet0/0

ip address 10.1.1.1 255.255.255.0

speed 100

full-duplex

crypto map smap

ip route 0.0.0.0 0.0.0.0 10.1.1.10

ip access-list extended vpna

permit ip 1.1.1.0 0.0.0.255 3.3.3.0 0.0.0.255

ip access-list extended vpnb

permit ip 1.1.1.0 0.0.0.255 4.4.4.0 0.0.0.255

---------------------------R2------------------------------

 ip address 20.1.1.10 255.255.255.0

interface FastEthernet0/1

 ip address 30.1.1.10 255.255.255.0

interface FastEthernet1/0

 ip address 10.1.1.10 255.255.255.0

----------------------ASA1------------------------------------

interface GigabitEthernet0

 nameif outside

 security-level 0

 ip address 20.1.1.1 255.255.255.0

interface GigabitEthernet1

 nameif inside

 security-level 100

 ip address 192.168.3.1 255.255.255.0

access-list vpna extended permit ip 3.3.3.0 255.255.255.0 1.1.1.0 255.255.255.0

route outside 0.0.0.0 0.0.0.0 20.1.1.10 1

route inside 0.0.0.0 0.0.0.0 192.168.3.3 tunneled

crypto ipsec ikev1 transform-set trans esp-des esp-md5-hmac

crypto map smap 10 match address vpna

crypto map smap 10 set peer 10.1.1.1

crypto map smap 10 set ikev1 transform-set trans

crypto map smap interface outside

crypto ikev1 enable outside

crypto ikev1 policy 10

 authentication pre-share

 encryption des

 hash md5

 group 2

 lifetime 86400

tunnel-group 10.1.1.1 type ipsec-l2l

tunnel-group 10.1.1.1 ipsec-attributes

 ikev1 pre-shared-key cisco

------------------------------ASA2-------------------------------

 ip address 30.1.1.1 255.255.255.0

 ip address 192.168.4.1 255.255.255.0

access-list vpnb extended permit ip 4.4.4.0 255.255.255.0 1.1.1.0 255.255.255.0

route outside 0.0.0.0 0.0.0.0 30.1.1.10 1

route inside 0.0.0.0 0.0.0.0 192.168.4.4 tunneled

crypto map smap 10 match address vpnb

no threat-detection statistics tcp-intercept

 ikev1 pre-shared-key root

--------------------R3-------------------------------

ip address 3.3.3.3 255.255.255.0

ip address 192.168.3.3 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.3.1

IPSec VPN
上一篇: 使用证书和LDAP验证的SSL ×××
下一篇: 配置OSPF负载分担

继续阅读