lsdwyl 发表于 2018-7-10 11:00:17

在Cisco路由器上配置***

Current configuration : 1505 bytes  !
  version 12.3
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  !
  hostname r1
  !
  boot-start-marker
  boot-end-marker
  !
  !
  no aaa new-model
  ip subnet-zero
  !
  !
  ip cef
  no ip domain lookup
  !
  ip audit po max-events 100
  no ftp-server write-enable
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  crypto isakmp policy 1   定义策略集,下面是策略集的内容,两边要一致.
  hash md5
  authentication pre-share
  lifetime 64000
  crypto isakmp key cisco address 202.10.1.2   设置共享密钥和对端地址!
  !
  crypto ipsec transform-set benet ah-md5-hmac esp-des 配置IPSec的相关参数,两边也要一致.
  !
  crypto map map1 1 ipsec-isakmp配置端口应用,就是将IKE与IPSec做个关联,我是这样理解的.
  set peer 202.10.1.2
  set transform-set benet
  match address 101
  !
  !
  !
  !
  interface Loopback0    回环地址模拟公司内部地址
  ip address 192.168.1.1 255.255.255.0
  !
  interface FastEthernet0/0
  no ip address
  shutdown
  duplex auto
  speed auto
  !
  interface FastEthernet0/1
  no ip address
  shutdown
  duplex auto
  speed auto
  !
  interface Serial1/0         配置路由器的地址
  ip address 202.10.1.1 255.255.255.0
  serial restart-delay 0
  crypto map map1
  !
  interface Serial1/1
  no ip address
  shutdown
  serial restart-delay 0
  !
  interface Serial1/2
  no ip address
  shutdown
  serial restart-delay 0
  !
  interface Serial1/3
  no ip address
  shutdown
  serial restart-delay 0
  !
  ip http server
  no ip http secure-server

  ip>  ip route 192.168.2.0 255.255.255.0 202.10.1.2    静态路由到公司分部
  !
  !
  access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  !设置要加密的数据流.这里是指从192.168.1.0到192.168.2.0的数据流
  !
  !
  !
  !
  !
  !
  !
  !
  line con 0
  exec-timeout 0 0
  logging synchronous
  transport preferred all
  transport output all
  line aux 0
  transport preferred all
  transport output all
  line vty 0 4
  !
  end
页: [1]
查看完整版本: 在Cisco路由器上配置***