Simonecisco vpn 配置
的有关信息介绍如下:
R1的配置: r1# r1#sh run Building configuration... Current configuration : 1521 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname r1 ! ip subnet-zero ! ip audit notify log ip audit po max-events 100 ! crypto isakmp policy 1 hash md5 authentication pre-share group 2 crypto isakmp client configuration address-pool local pool192 ! crypto isakmp client configuration group vclient-group key vclient-key pool pool192 ! crypto ipsec transform-set vclient-tfs esp-des esp-md5-hmac ! crypto dynamic-map template-map 1 set transform-set vclient-tfs ! crypto map vpnmap isakmp authorization list vclient-group crypto map vpnmap client configuration address respond crypto map vpnmap 1 ipsec-isakmp dynamic template-map ! fax interface-type fax-mail mta receive maximum-recipients 0 ! interface Ethernet0/0 ip address 10.1.1.100 255.255.255.0 half-duplex crypto map vpnmap ! interface Serial1/0 ip address 172.16.1.1 255.255.255.0 no fair-queue ! router ospf 100 log-adjacency-changes redistribute static network 10.1.1.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0 ! ip local pool pool192 192.168.1.1 192.168.1.254 ip classless ip route 192.168.1.0 255.255.255.0 Ethernet0/0 ip http server ip pim bidir-enable ! call rsvp-sync ! mgcp profile default ! dial-peer cor custom ! line con 0 line aux 0 line vty 0 4 login ! end r1# R2的配置: r2>en r2#sh run Building configuration... Current configuration : 743 bytes ! ! Last configuration change at 09:45:04 UTC Thu Nov 4 2004 ! NVRAM config last updated at 09:47:55 UTC Thu Nov 4 2004 ! version 12.3 service config service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname r2 ! boot-start-marker boot-end-marker ! no aaa new-model ip subnet-zero ! ip cef ! interface FastEthernet0 ip address 172.16.2.1 255.255.255.0 speed auto no keepalive ! interface Serial0 ip address 172.16.1.2 255.255.255.0 clockrate 64000 no fair-queue ! router ospf 100 log-adjacency-changes network 172.16.1.0 0.0.0.255 area 0 network 172.16.2.0 0.0.0.255 area 0 ! ip classless no ip http server ! line con 0 line aux 0 line vty 0 4 login ! end r2# R3的配置: r3#sh run Building configuration... Current configuration : 1391 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname r3 ! logging queue-limit 100 ! ip subnet-zero ! ip dhcp excluded-address 10.2.2.1 ! ip dhcp pool dhcppool import all network 10.2.2.0 255.255.255.0 default-router 10.2.2.1 ! mpls ldp logging neighbor-changes ! crypto ipsec client ezvpn vclient connect auto group vclient-group key vclient-key local-address FastEthernet0/0 mode network-extension peer 10.1.1.100 ! no voice hpi capture buffer no voice hpi capture destination ! mta receive maximum-recipients 0 ! interface FastEthernet0/0 ip address 10.1.1.2 255.255.255.0 speed auto half-duplex crypto ipsec client ezvpn vclient ! interface FastEthernet0/1 ip address 10.2.2.1 255.255.255.0 duplex auto speed auto no keepalive crypto ipsec client ezvpn vclient inside ! router ospf 100 log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0 network 10.2.2.0 0.0.0.255 area 0 ! router ospf 100 log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0 network 10.2.2.0 0.0.0.255 area 0 ! ip http server no ip http secure-server ip classless ! call rsvp-sync ! mgcp profile default ! dial-peer cor custom ! line con 0 line aux 0 line vty 0 4 login ! ! end r3# 测试: 1. 配置好R3上的vpn client后,自动进行vpn连接。可以通过debug cry isa、deb cry ip client ezvpn、deb cry ip等debug命令输出的信息查看过程与结果。 2. 在R1上扩展ping,source 10.1.1.100 destination 10.2.2.1,通过。 查看show cry ip sa,可以发现数据没有进行加密。 3. 在R1上扩展ping,source 172.16.1.1 destination 10.2.2.1,通过。 查看show cry ip sa,可以发现数据通过加密进行传输。 4. 在R3上扩展ping,source 10.2.2.1 destination 172.16.1.1,通过。 查看show cry ip sa,可以发现数据通过加密进行传输。 5. 在R3上扩展ping,source 10.1.1.2 destination 172.16.1.1,?通过。 查看show cry ip sa,可以发现数据不通过加密。 6. 启动pc vpn client,ping 172.16.1.1,通过。 在1720上查看show cry ip sa,可以看到数据通过加密进行传输。 7. 在pc vpn client,ping 10.2.2.1,通过。 在R1和R3上查看show cry ip sa,可以看到数据通过加密进行传输。在R1上show cry isa sa,可以看到两个vpn连接。 8. 在R3上扩展ping,source 10.2.2.1 destination 192.168.1.10(pc vpn client获得的ip),通过。查看show cry ip sa,可以发现数据通过加密进行传输。
