注册 | 登录 忘记密码? 51cto首页 | 博客 | 论坛 | 招聘
热点文章 IB客座主编(四)美国西蒙公..
 帮助
《案例精解企业级网络构建》赠书活动开始啦!  最新活动:“Web安全大家谈”有奖征文 博主的更多文章>>

远程13.8.1用预共享密钥配置一个站点到站点的IPSEC

2008-01-31 08:46:17
san1#show run
!
interface Serial1/2
 no ip address
 encapsulation frame-relay
 no sh
!
interface Serial1/2.1 point-to-point
 ip address 192.168.192.1 255.255.255.0
 frame-relay interface-dlci 103  
!
interface Serial1/2.2 point-to-point
 ip address 192.168.191.1 255.255.255.0
 frame-relay interface-dlci 102  
!
ip route 192.168.0.0 255.255.255.0 192.168.191.2
ip route 192.168.200.0 255.255.255.0 192.168.192.2
!
!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
london2#show run
!
crypto isakmp policy 100
 authentication pre-share
crypto isakmp key 6 cisco1234 address 192.168.192.2
!
crypto ipsec transform-set myset esp-des
!        
crypto map mymap 110 ipsec-isakmp
 set peer 192.168.192.2
 set transform-set myset
 match address 120
!
interface Loopback0
 ip address 192.168.0.1 255.255.255.0
!
interface Serial1/2
 ip address 192.168.191.2 255.255.255.0
 encapsulation frame-relay
 no sh
 crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 192.168.191.1
!
access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255
!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
singapore3#show run
!
crypto isakmp policy 100
 authentication pre-share
crypto isakmp key 6 cisco1234 address 192.168.191.2
!
!
crypto ipsec transform-set myset esp-des
!        
crypto map mymap 110 ipsec-isakmp
 set peer 192.168.191.2
 set transform-set myset
 match address 120
!
!
!
interface Loopback0
 ip address 192.168.200.1 255.255.255.0
!
interface Serial1/2
 ip address 192.168.192.2 255.255.255.0
 encapsulation frame-relay
 no sh
 crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 192.168.192.1
!
access-list 120 permit ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255
!
!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r5#show run
frame-relay switching
!
interface Serial1/0
 no sh
 no ip address
 encapsulation frame-relay
 clock rate 64000
 frame-relay intf-type dce
 frame-relay route 102 interface Serial1/1 201
 frame-relay route 103 interface Serial1/2 301
!
interface Serial1/1
 no ip address
 encapsulation frame-relay
 no sh
 clock rate 64000
 frame-relay intf-type dce
 frame-relay route 201 interface Serial1/0 102
!
interface Serial1/2
 no ip address
 encapsulation frame-relay
 no sh
 clock rate 64000
 frame-relay intf-type dce
 frame-relay route 301 interface Serial1/0 103
!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
步骤:
crypto isakmp policy 100      起用IKE,使用预共享密钥做为认证方法,创建一个优先权为100的IKE策略
 authentication pre-share  
crypto isakmp key 6 cisco1234 address 192.168.191.2    配置预共享密钥和对等体地址 
show crypto isakmp policy
access-list 120 permit ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255  要封装分组
crypto ipsec transform-set myset esp-des  配置IPSEC转换集,指定DES来加密分组
crypto map mymap 110 ipsec-isakmp      使用一个名为MYMAP的映射和值为110的序列号来配置一个IPSEC密码映射
 match address 120              匹配条件
  set transform-set myset        设置转换集myset
 set peer 192.168.191.2         设置对等体
interface Serial1/2
  crypto map mymap               将密码映射mymap作用到R3接口上
show crypto ipsec sa
debug crypto ipsec
debug crypto isakmp
clear crypto sa
clear crypto isakmp
show crypto isakmp sa
 




    相关文章
路由器配置实现多PC共享上网
经验案例:当配置为共享/静态WEP加密时,客..
远程10.5.3配置动态NAT-overload
QQ远程桌面共享
怎样利用ipc$和默认共享入侵远程电脑
网络共享打印安全设置规范
3550的基本配置
关于配置NM-CIDS-K9的一点心得
SecPath防火墙DHCP Server的典型配置案例
csico2950简要配置手册
    文章评论
 
 

发表评论

昵   称:
验证码:  点击图片可刷新验证码  博客过2级,无需填写验证码
内   容: