cisco3745做Easy ***
本地认证授权数据库账户 aaa new-model!
!
aaa authentication login cisco local AAA本地用户接入验证
aaa authorization network default localAAA网络接入授权
!
crypto isakmp policy 10 定义IKE策略-第一阶段
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 20 10
crypto isakmp client configuration address-pool local abc
crypto isakmp xauth timeout 20
!
crypto isakmp client configuration group meeting配置客户端推送策略
key meet
pool abc
acl 101 隧道分离ACL
!
!
crypto ipsec transform-set KQ3745 esp-desesp-md5-hmac创建IPSec变换集
!
!
crypto dynamic-map easy*** 10 由于远程用户是移动的,所以要定义动态MAP
set transform-set KQ3745
reverse-route 开启反向路由注入,指向动态分配客户端网络的地址,下一跳为*** peer地址
!
!
crypto map ***map clientauthentication list ciscoXauth认证方式与crypto map关联
crypto map ***map isakmpauthorization list default
crypto map ***map clientconfiguration addre***espond 配置路由器响应client的IP地址申请
crypto map ***map 1 ipsec-isakmp dynamic easy***将动态crypt map与静态MAP结合
!
!
!
interface FastEthernet0/0
ip address 192.168.1.11 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 11.11.11.11 255.255.255.0
duplex auto
speed auto
crypto map ***map接口下应用加密图
!
ip local pool abc 10.14.1.110.14.1.200 定义本地为远程用户自动分配的地址池范围
ip http server
no ip http secure-server
ip> ip route 0.0.0.0 0.0.0.0 11.11.11.1
!
!
!
access-list 101 permit ip 192.168.103.0 0.0.0.255 10.14.1.00.0.0.255
access-list 101 permit tcp 192.168.103.0 0.0.0.255 eq 3389 10.40.1.0 0.0.0.255 eq 3389
access-list 101 permit icmp 192.168.103.0 0.0.0.255 10.14.1.00.0.0.255
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login authentication cisco
!
end
配置完成,本人在配置的过程中遇到"Secure *** connection terminated by the client.Reason412:the remote peer is no longer responding"的错误,后来发现时本地AAA网络授权方式和crypto map ***map isakmpauthorization中不一样,本配置中我后来全部改为default,连接成功。
页:
[1]