在Cisco路由器上配置***
Current configuration : 1505 bytes !version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
ip cef
no ip domain lookup
!
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1 定义策略集,下面是策略集的内容,两边要一致.
hash md5
authentication pre-share
lifetime 64000
crypto isakmp key cisco address 202.10.1.2 设置共享密钥和对端地址!
!
crypto ipsec transform-set benet ah-md5-hmac esp-des 配置IPSec的相关参数,两边也要一致.
!
crypto map map1 1 ipsec-isakmp配置端口应用,就是将IKE与IPSec做个关联,我是这样理解的.
set peer 202.10.1.2
set transform-set benet
match address 101
!
!
!
!
interface Loopback0 回环地址模拟公司内部地址
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0 配置路由器的地址
ip address 202.10.1.1 255.255.255.0
serial restart-delay 0
crypto map map1
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
no ip http secure-server
ip> ip route 192.168.2.0 255.255.255.0 202.10.1.2 静态路由到公司分部
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!设置要加密的数据流.这里是指从192.168.1.0到192.168.2.0的数据流
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
!
end
页:
[1]