Hub Router
2503#show running-config
Building configuration...
Current configuration : 1466 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname 2503
!
!
ip subnet-zero
!
!
!--- Configuration for IKE policies.
crypto isakmp policy 10
!--- Enables the IKE policy configuration (config-isakmp)
!--- command mode, where you can specify the parameters that
!--- are used during an IKE negotiation.
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200.1.2.1
crypto isakmp key cisco123 address 200.1.3.1
!--- Specifies the preshared key "cisco123" which should
!--- be identical at both peers. This is a global
!--- configuration mode command.
!
!--- Configuration for IPSec policies.
crypto ipsec transform-set myset esp-des esp-md5-hmac
!--- Enables the crypto transform configuration mode,
!--- where you can specify the transform sets that are used
!--- during an IPSec negotiation.
!
crypto map mymap 10 ipsec-isakmp
!--- Indicates that IKE is used to establish
!--- the IPSec security association for protecting the
!--- traffic specified by this crypto map entry.
set peer 200.1.2.1
!--- Sets the IP address of the remote end.
set transform-set myset
!--- Configures IPSec to use the transform-set
!--- "myset" defined earlier in this configuration.
match address 110
!--- Specifyies the traffic to be encrypted.
crypto map mymap 20 ipsec-isakmp
set peer 200.1.3.1
set transform-set myset
match address 120
!
!
!
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Ethernet0
ip address 200.1.1.1 255.255.255.0
no ip route-cache
!--- You must enable process switching for IPSec
!--- to encrypt outgoing packets. This command disables fast switching.
no ip mroute-cache
crypto map mymap
!--- Configures the interface to use the
!--- crypto map "mymap" for IPSec.
!
!--- Output suppressed.
ip classless
ip route 172.16.1.0 255.255.255.0 Ethernet0
ip route 192.168.1.0 255.255.255.0 Ethernet0
ip route 200.1.0.0 255.255.0.0 Ethernet0
ip http server
!
access-list 110 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 120 permit ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
!--- This crypto ACL-permit identifies the
!--- matching traffic flows to be protected via encryption.
Spoke 1 Router
2509a#show running-config
Building configuration...
Current configuration : 1203 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname 2509a
!
enable secret 5 $1$DOX3$rIrxEnTVTw/7LNbxi.akz0
!
ip subnet-zero
no ip domain-lookup
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200.1.1.1
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 200.1.1.1
set transform-set myset
match address 110
!
!
!
!
interface Loopback0
ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0
ip address 200.1.2.1 255.255.255.0
no ip route-cache
no ip mroute-cache
crypto map mymap
!
.
.
!--- Output suppressed.
.
.
ip classless
ip route 10.1.1.0 255.255.255.0 Ethernet0
ip route 192.168.1.0 255.255.255.0 Ethernet0
ip route 200.1.0.0 255.255.0.0 Ethernet0
no ip http server
!
access-list 110 permit ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 permit ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
!
end
2509a#
Spoke 2 Router
VPN2509#show running-config
Building configuration...
Current configuration : 1117 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
!
hostname VPN2509
!
!
ip subnet-zero
no ip domain-lookup
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200.1.1.1
!
!
crypto ipsec transform-set myset esp-des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 200.1.1.1
set transform-set myset
match address 120
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0
ip address 200.1.3.1 255.255.255.0
!--- No ip route-cache.
no ip mroute-cache
crypto map mymap
!
.
.
!--- Output suppressed.
.
.
ip classless
ip route 10.1.1.0 255.255.255.0 Ethernet0
ip route 172.16.0.0 255.255.0.0 Ethernet0
ip route 200.1.0.0 255.255.0.0 Ethernet0
no ip http server
!
access-list 120 permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
!
end
VPN2509#
更多内容请看VPN技术、电脑配置手册、服务器配置专栏专题,或进入讨论组讨论。
相关专题
- VPN技术 (1067篇文章)
- 电脑配置手册 (8419篇文章)
- 服务器配置专栏 (10996篇文章)
- SSL VPN详细知识介绍专题 (1067篇文章)
- 层层设防保护VoIP安全 抵御隔墙之耳入侵 (0次浏览)
- 火暴中暗藏危机 2008年提防VoIP漏洞 (0次浏览)
- 2008年VoIP预测:统一通信进入中小企业 (0次浏览)
