首页 资讯 电脑入门 操作系统 上网 办公 技巧 硬件 软件 网络 图像 多媒体 程序 数据库 网页网站 网游 安全 加密 企业

Cisco 路由器 VPN典型配置

巧巧电脑网络 2005-08-22 蓝色网络技术学苑    收藏此文 
本实验借助于cisco 2600 路由器,通过VPN技术实现蓝色学苑,一分部和二分部之间的网络互联,为了贴近实用性,中间仍然通过Cisco 3640 模拟ISP 。通过在网络基础部分的介绍,各位应该对vpn技术有了一定的认识。

  本实验借助于Cisco 2600 路由器,通过VPN技术实现蓝色学苑,一分部和二分部之间的网络互联,为了贴近实用性,中间仍然通过Cisco 3640 模拟ISP 。
  
     通过在网络基础部分的介绍,各位应该对VPN技术有了一定的认识,在VPN的实现中主要有两个方面:建立VPN Tunnel和IPSec的加密
  
  具体拓扑图如下:
  
  Cisco 2600 with GRE Tunnel
  
  Current configuration
  
  !
  
  version 12.0
  
  sevice timestamps debug uptime
  
  sevice timestamps log uptime
  
  sevice password-encryption
  
  !
  
  hostname bluestudy1
  
  !
  
  enable passsword cisco
  
  !
  
  memory-size iomem 25
  
  ip subnet-zero
  
  no ip domain-lookup
  
  !
  
  interface Tunnel0
  
  ip address 172.16.101.1 255.255.255.0
  
  no ip directed-broadcast
  
  ip mtu 1467
  
  tunnel sourece 199.1.1.2
  
  tunnel destination 199.1.2.2
  
  !
  
  interface serial0/0
  
  no ip address
  
  no ip directed-broadcast
  
  encapsulation frame-relay
  
  no ip mroute-cache
  
  frame-relay lmi-type ansi
  
  !
  
  interface serial0/0.1 point-to-point
  
  description connected to internet
  
  ip address 199.1.1.2 255.255.255.248
  
  no ip directed-broadcast
  
  ip nat outside
  
  no arp frame-relay
  
  frame-relay interface-dlci 111
  
  !
  
  !
  
  interface ethernet0/0
  
  ip address 172.16.1.1 255.255.255.0
  
  no ip directed-broadcast
  
  ip nat inside
  
  !
  
  router eigrp 100
  
  network 172.16.0.0
  
  !
  
  router rip
  
  version 2
  
  network 172.16.0.0
  
  no auto-summary
  
  !
  
  ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
  
  ip nat inside sourece list 2 pool bluestudy overload
  
  ip nat inside sourece static 172.16.1.3 199.1.1.5
  
  ip classless
  
  ip route 0.0.0.0 0.0.0.0 srial0/0.1
  
  ip http server
  
  !
  
  access-list 2 permit 172.16.1.0 0.0.0.255
  
  snmp-server community public RO
  
  !
  
  line con 0
  
  exec-timeout 0 0
  
  password cisco
  
  login
  
  transport input none
  
  line aux 0
  
  line vty 0 4
  
  password cisco
  
  login
  
  !
  
  end
  
   
  
   
  
  Cisco 2600 Configuration with IPSec
   
  
   
  
  Current configuration
  
  !
  
  version 12.0
  
  sevice timestamps debug uptime
  
  sevice timestamps log uptime
  
  sevice password-encryption
  
  !
  
  hostname bluestudy1
  
  !
  
  enable passsword cisco
  
  !
  
  memory-size iomem 25
  
  ip subnet-zero
  
  no ip domain-lookup
  
  !
  
  crypto isakmp key policy 1
  
  authentication pre-share
  
  group 2
  
  crypto isakmp key slurpee-machine address 172.16.101.2
  
  !
  
  crypto ipsec transform-set test ah-sha-hmac esp-des esp-sha-hmac
  
  !
  
  set transform-set test
  
  !
  
  crypto map bluestudy 10 ipsec-isakmp
  
  set peer 172.16.101.2
  
  set transform-set test
  
  match address 101
  
  !
  
  interface Tunnel0
  
  ip address 172.16.101.1 255.255.255.0
  
  no ip directed-broadcast
  
  ip mtu 1467
  
  tunnel sourece 199.1.1.2
  
  tunnel destination 199.1.2.2
  
  crypto map bluestudy
  
  !
  
  interface serial0/0
  
  no ip address
  
  no ip directed-broadcast
  
  encapsulation frame-relay
  
  no ip mroute-cache
  
  frame-relay lmi-type ansi
  
  !
  
  interface serial0/0.1 point-to-point
  
  description connected to internet
  
  ip address 199.1.1.2 255.255.255.248
  
  no ip directed-broadcast
  
  ip nat outside
  
  no arp frame-relay
  
  frame-relay interface-dlci 111
  
  !
  
  !
  
  interface ethernet0/0
  
  ip address 172.16.1.1 255.255.255.0
  
  no ip directed-broadcast
  
  ip nat inside
  
  !
  
  router eigrp 100
  
  network 172.16.0.0
  
  !
  
  router rip
  
  version 2
  
  network 172.16.0.0
  
  no auto-summary
  
  !
  
  ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
  
  ip nat inside sourece list 2 pool bluestudy overload
  
  ip nat inside sourece static 172.16.1.3 199.1.1.5
  
  ip classless
  
  ip route 0.0.0.0 0.0.0.0 srial0/0.1
  
  ip http server
  
  !
  
  access-list 2 permit 172.16.1.0 0.0.0.255
  
  access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255(对方网络,只有到这个网络的信息包才加密)
  
   
  
  snmp-server community public RO
  
  !
  
  line con 0
  
  exec-timeout 0 0
  
  password cisco
  
  login
  
  transport input none
  
  line aux 0
  
  line vty 0 4
  
  password cisco
  
  login
  
  !
  
  end

相关文章:学习常见Cisco 路由协议的设置

cisco的rip版本2支持验证、密钥管理、路由汇总、无类域间路由(cidr)和变长子网掩码(vlsms)go top2. 举例router1:router ripversion 2network 192.200.10.0network 192.20.10.0!相关调试命令:跳跃计数是一个包到达目标所必须经过的路由器的数目。使用组合用户配置尺度。

本类最热图文
Google
巧巧电脑网络编辑信箱  告诉我们您想看的专题或文章