本实验借助于Cisco 2600 路由器,通过VPN技术实现蓝色学苑,一分部和二分部之间的网络互联,为了贴近实用性,中间仍然通过Cisco 3640 模拟ISP 。
通过在网络基础部分的介绍,各位应该对VPN技术有了一定的认识,在VPN的实现中主要有两个方面:建立VPN Tunnel和IPSec的加密
具体拓扑图如下:
Cisco 2600 with GRE Tunnel
Current configuration
!
version 12.0
sevice timestamps debug uptime
sevice timestamps log uptime
sevice password-encryption
!
hostname bluestudy1
!
enable passsword cisco
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
no ip directed-broadcast
ip mtu 1467
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
!
interface serial0/0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
frame-relay lmi-type ansi
!
interface serial0/0.1 point-to-point
description connected to internet
ip address 199.1.1.2 255.255.255.248
no ip directed-broadcast
ip nat outside
no arp frame-relay
frame-relay interface-dlci 111
!
!
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
router eigrp 100
network 172.16.0.0
!
router rip
version 2
network 172.16.0.0
no auto-summary
!
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 srial0/0.1
ip http server
!
access-list 2 permit 172.16.1.0 0.0.0.255
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password cisco
login
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
Cisco 2600 Configuration with IPSec
Current configuration
!
version 12.0
sevice timestamps debug uptime
sevice timestamps log uptime
sevice password-encryption
!
hostname bluestudy1
!
enable passsword cisco
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
crypto isakmp key policy 1
authentication pre-share
group 2
crypto isakmp key slurpee-machine address 172.16.101.2
!
crypto ipsec transform-set test ah-sha-hmac esp-des esp-sha-hmac
!
set transform-set test
!
crypto map bluestudy 10 ipsec-isakmp
set peer 172.16.101.2
set transform-set test
match address 101
!
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
no ip directed-broadcast
ip mtu 1467
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
crypto map bluestudy
!
interface serial0/0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
frame-relay lmi-type ansi
!
interface serial0/0.1 point-to-point
description connected to internet
ip address 199.1.1.2 255.255.255.248
no ip directed-broadcast
ip nat outside
no arp frame-relay
frame-relay interface-dlci 111
!
!
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
router eigrp 100
network 172.16.0.0
!
router rip
version 2
network 172.16.0.0
no auto-summary
!
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 srial0/0.1
ip http server
!
access-list 2 permit 172.16.1.0 0.0.0.255
access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255(对方网络,只有到这个网络的信息包才加密)
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password cisco
login
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end收藏 http://www.qqread.com/route/p991305008.html
更多内容请看路由器设置专题、交换机与路由器密码恢复、路由故障处理手册专题,或进入讨论组讨论。
相关图文阅读
频道图文推荐
健 康 咨 询
时 尚 咨 询
相关专题
- 路由器设置专题 (2378篇文章)
- 交换机与路由器密码恢复 (3933篇文章)
- 路由故障处理手册 (2441篇文章)
- VPN技术 (1067篇文章)
- Cisco IOS技术手册 (2995篇文章)
- 路由安全配置专题 (11761篇文章)
- Cisco路由器配置手册 (4742篇文章)
- Cisco交换机专题 (4251篇文章)
- 无线宽带路由器 (7351篇文章)
- 电脑配置手册 (8308篇文章)
- Cisco 网络教材之路由器的配置详细解析 (44次浏览)
- 合理配置路由命令 管好网络带宽 (14次浏览)
- 如何保持路由器配置的安全性? (14次浏览)
- 路由器启动配置文件丢失故障解决方法 (9次浏览)
- 将路由配置为抵御攻击第一道安全屏障 (1次浏览)
