103实验指导1对多 Site To Site VPNWord文档下载推荐.docx
- 文档编号:20490735
- 上传时间:2023-01-23
- 格式:DOCX
- 页数:22
- 大小:47.82KB
103实验指导1对多 Site To Site VPNWord文档下载推荐.docx
《103实验指导1对多 Site To Site VPNWord文档下载推荐.docx》由会员分享,可在线阅读,更多相关《103实验指导1对多 Site To Site VPNWord文档下载推荐.docx(22页珍藏版)》请在冰豆网上搜索。
RouterA(R1):
ints1/1
noshutdown
clockrate128000
ipadd202.96.134.1255.255.255.252
intloopback0
ipadd10.1.1.1255.255.255.0
iproute0.0.0.00.0.0.0s1/1
Internet(R2):
ints1/0
ipadd202.96.134.2255.255.255.252
ipadd61.0.0.1255.255.255.252
inte0/0
duplexfull
ipadd198.133.0.1255.255.255.252
RouterB(R3):
ipadd61.0.0.02255.255.255.252
ipadd10.2.2.2255.255.255.0
iproute0.0.0.00.0.0.0s1/0
RouterC(R4):
ipadd198.133.0.2255.255.255.252
ipadd10.3.3.3255.255.255.0
iproute0.0.0.00.0.0.0198.133.0.1
2、RouterA:
和RouterB之间联通的配置:
!
cryptoisakmppolicy10
hashmd5
authenticationpre-share
cryptoisakmpkey0cisco1234address61.0.0.2
!
cryptoipsectransform-setSITE2esp-desesp-md5-hmac
cryptomapTEST-MAP10ipsec-isakmp
setpeer61.0.0.2
settransform-setSITE2
matchaddress110
interfaceSerial1/1
cryptomapTEST-MAP
access-list110permitip10.1.1.00.0.0.25510.2.2.00.0.0.255
3、RouterB:
和RouterA之间联通的配置:
cryptoisakmpkey0cisco1234address202.96.134.1
cryptoipsectransform-setSITE1esp-desesp-md5-hmac
setpeer202.96.134.1
settransform-setSITE1
interfaceSerial1/0
access-list110permitip10.2.2.00.0.0.25510.1.1.00.0.0.255
4、RouterA:
和RouterC之间联通的配置:
cryptoisakmppolicy20
encryaes
hashsha
group2
cryptoisakmpkey0123456address198.133.0.2
cryptoipsectransform-setSITE3esp-3desesp-sha
cryptomapTEST-MAP20ipsec-isakmp
setpeer198.133.0.2
settransform-setSITE3
matchaddress120
access-list120permitip10.1.1.00.0.0.25510.3.3.00.0.0.255
5、RouterC:
cryptoisakmpkey0123456address202.96.134.1
cryptoipsectransform-setSITE1esp-3desesp-sha
setpeer202.96.134.1
interfacee0/0
access-list110permitip10.3.3.00.0.0.25510.1.1.00.0.0.255
6、测试:
从RouterA的loopback0接口pingRouterB和RouterC的loopback0
RouterA:
ping10.2.2.2source10.1.1.1
ping10.3.3.3source10.1.1.1
RouterB:
ping10.1.1.1source10.2.2.2
RouterC:
ping10.1.1.1source10.3.3.3
RouterB、RouterC是否可以互相pingloopback接口?
●showcryptoisakmppolicy
●showcryipsectransform-set
●showcryptomap
●showcryptoisakmpsa
●showcryptoipsecsa
●showcryptoengineconnectionsactive
●clearcryptosa
●clearcryptoisakmp
7、RouterB、RouterC也要可以互相通信,需要改变感兴趣流(ACL)
增加
access-list110permitip10.3.3.00.0.0.25510.2.2.00.0.0.255
access-list120permitip10.2.2.00.0.0.25510.3.3.00.0.0.255
access-list110permitip10.2.2.00.0.0.25510.3.3.00.0.0.255
重新测试:
ping10.3.3.3source10.2.2.2
ping10.2.2.2source10.3.3.3
三、完整配置(RouterC/RouterB不能通信)
===============================R1===============================
hostnameR1
boot-start-marker
boot-end-marker
noaaanew-model
memory-sizeiomem5
ipcef
encraes
cryptoisakmpkeycisco1234address61.0.0.2
cryptoisakmpkey123456address198.133.0.2
cryptoipsectransform-setSITE3esp-3desesp-sha-hmac
settransform-setSITE2
settransform-setSITE3
interfaceLoopback0
ipaddress10.1.1.1255.255.255.0
interfaceEthernet0/0
noipaddress
shutdown
half-duplex
interfaceEthernet0/1
interfaceEthernet0/2
interfaceEthernet0/3
shutdown
serialrestart-delay0
nofair-queue
ipaddress202.96.134.1255.255.255.252
interfaceSerial1/2
interfaceSerial1/3
iphttpserver
noiphttpsecure-server
iproute0.0.0.00.0.0.0Serial1/1
control-plane
linecon0
lineaux0
linevty04
End
===============================R2===============================
hostnameR2
ipaddress198.133.0.1255.255.255.252
full-duplex
ipaddress202.96.134.2255.255.255.252
ipaddress61.0.0.1255.255.255.252
exec-timeout00
===============================R3===============================
hostnameR3
cryptoisakmpkeycisco1234address202.96.134.1
settransform-setSITE1
ipaddress10.2.2.2255.255.255.0
ipaddress61.0.0.2255.255.255.252
iproute0.0.0.00.0.0.0Serial1/0
end
===============================R4===============================
hostnameR4
cryptoisakmpkey123456address202.96.134.1
cryptoipsectransform-setSITE1esp-3desesp-sha-hmac
ipaddress10.3.3.3255.255.255.0
ipaddress198.133.0.2255.255.255.252
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 103实验指导1对多 Site To VPN 103 实验 指导