| | | | |

|

1.b L2L ISAKMP Profile

lan to lan vpn

r1:

inter e1/0

ip add 123.1.1.1 255.255.255.0

no sh

int lo0

ip add 1.1.1.1 255.255.255.255

r2:

int e0/0

ip add 123.1.1.2 255.255.255.0

no sh

int lo0

ip add 2.2.2.2 255.255.255.0

r1:

cry isakmp policy 10

authentication pre

cry keying cisco(替代以前的cry isakmp key)

pre-share-key address 123.1.1.2 key 0 cisco

cry isa profile cisco

match identity address 123.1.1.2

keyring cisco

定义第二阶段的策略

cry ipsec transform-set cisco esp-de esp-md5-hmac

ip access-list ex vpn

permit ip host 1.1.1.1 host 2.2.2.2

cry map cisco 10 ipsec-isa

match address vpn

set transform-set cisco

set peer 123.1.1.2

set isakmp-profile cisco

int e1/0

cry map cisco

ip route 0.0.0.0 0.0.0.0 123.1.1.2

r2:

crypto keyring cisco

pre-shared-key address 123.1.1.1 key cisco

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp profile cisco

keyring cisco

match identiy address 123.1.1.1 255.255.255.255

crypto ipsec transform set cisco esp-des esp-md5-hac

crypto map cisco 10 ispsec-isakmp

set peer 123.1.1.1

set transform-set cisco

set isakmp-profile cisco

match address vpn

ip access-list ex vpn

permit ip host 2.2.2.2 host 1.1.1.1

ip route 0.0.0.0 0.0.0.0 123.1.1.1

int e0/0

cr map cisco

发表于 2024-08-12 21:25 深秋、阅读(14) 评论(0) 收藏举报

刷新页面返回顶部