一个已经成功的ADSL+VPN的配置例子
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router-B>
!
enable password nesic
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group cat
request-dialin
protocol pppoe
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key nesic address 218.20.58.184
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set NESIC esp-3des esp-md5-hmac
!
crypto map NESICMAP 10 ipsec-isakmp
set peer 218.20.58.184
set transform-set NESIC
match address 100
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1/0
ip address 192.168.3.1 255.255.255.0
half-duplex
!
interface Ethernet1/1
no ip address
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username gzDSLNAMERT@163.gd password 0 XXXXXX
crypto map NESICMAP
!
router rip
network 192.168.3.0
!
ip nat inside source route-map nanat interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip pim bidir-enable
!
!
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip any any
!
route-map nanat permit 10
match ip address 110
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password nesic
login
!
!
FW:crypto isakmp key nesic address 218.20.58.184 ------这句定义一个isakmp key为nesic,指定peer-address为218.20.58.184
crypto map NESICMAP 10 ipsec-isakmp -------这句定义crypto map 名为NESICMAP
set peer 218.20.58.184 ---------------这句指定一个IP Security Peer in a crypto map entry
set transform-set NESIC ----------指定transform-set为NESIC
match address 100 ------------这句用扩展IP访问控制列表来匹配address
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router-B>
!
enable password nesic
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group cat
request-dialin
protocol pppoe
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key nesic address 218.20.58.184
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set NESIC esp-3des esp-md5-hmac
!
crypto map NESICMAP 10 ipsec-isakmp
set peer 218.20.58.184
set transform-set NESIC
match address 100
!
!
!
!
!
!
!
!
fax interface-type fax-mail
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface Ethernet1/0
ip address 192.168.3.1 255.255.255.0
half-duplex
!
interface Ethernet1/1
no ip address
half-duplex
!
interface Ethernet1/2
no ip address
shutdown
half-duplex
!
interface Ethernet1/3
no ip address
shutdown
half-duplex
!
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username gzDSLNAMERT@163.gd password 0 XXXXXX
crypto map NESICMAP
!
router rip
network 192.168.3.0
!
ip nat inside source route-map nanat interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip pim bidir-enable
!
!
access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip any any
!
route-map nanat permit 10
match ip address 110
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password nesic
login
!
!
FW:crypto isakmp key nesic address 218.20.58.184 ------这句定义一个isakmp key为nesic,指定peer-address为218.20.58.184
crypto map NESICMAP 10 ipsec-isakmp -------这句定义crypto map 名为NESICMAP
set peer 218.20.58.184 ---------------这句指定一个IP Security Peer in a crypto map entry
set transform-set NESIC ----------指定transform-set为NESIC
match address 100 ------------这句用扩展IP访问控制列表来匹配address
(责任编辑:四方)
阅读次数:
上一篇:PIX上实现VPN(IPSec)的详细步骤 下一篇:配线架集中上线方式好处多
评论加载中…
