不卡AV在线|网页在线观看无码高清|亚洲国产亚洲国产|国产伦精品一区二区三区免费视频

學(xué)習(xí)啦>學(xué)習(xí)電腦>網(wǎng)絡(luò)知識>路由器>路由器設(shè)置>cisco思科>

思科IPSEC的如何配置

時間: 權(quán)威724 分享

  思科公司是全球領(lǐng)先的網(wǎng)絡(luò)解決方案供應(yīng)商,他的功能也是全球領(lǐng)先的,那么你知道思科IPSEC 的如何配置嗎?下面是學(xué)習(xí)啦小編整理的一些關(guān)于思科IPSEC 的如何配置的相關(guān)資料,供你參考。

  思科IPSEC 的配置的方法

  實(shí)驗(yàn)拓?fù)洌?/p>

  實(shí)驗(yàn)要求:

  保證兩個站點(diǎn)的路由沒問題。

  在站點(diǎn)A與站點(diǎn)B間配置,保障企業(yè)的網(wǎng)絡(luò)通過互聯(lián)網(wǎng)連接起來。

  三、實(shí)驗(yàn)的配置:

  R1的全部配置:

  r1#show running-config

  Building configuration...

  Current configuration : 597 bytes

  !

  version 12.4

  no service timestamps log datetime msec

  no service timestamps debug datetime msec

  no service password-encryption

  !

  hostname r1

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  spanning-tree mode pvst

  !

  !

  !

  !

  interface FastEthernet0/0

  ip address 192.168.2.3 255.255.255.0

  duplex auto

  speed auto

  !

  interface FastEthernet0/1

  ip address 192.168.0.1 255.255.255.0

  duplex auto

  speed auto

  !

  interface Vlan1

  no ip address

  shutdown

  !

  ip classless

  ip route 192.168.1.0 255.255.255.0 192.168.2.1

  ip route 0.0.0.0 0.0.0.0 192.168.2.1

  !

  !

  !

  !

  !

  !

  !

  line con 0

  !

  line aux 0

  !

  line vty 0 4

  login

  !

  !

  !

  end

  siteA的全部配置:

  siteA# show running-config

  Building configuration...

  Current configuration : 1184 bytes

  !

  version 12.4

  no service timestamps log datetime msec

  no service timestamps debug datetime msec

  no service password-encryption

  !

  hostname siteA

  !

  !

  !

  !

  !

  !

  !

  !

  crypto isakmp policy 10

  encr 3des

  hash md5

  authentication pre-share

  group 2

  !

  crypto isakmp key cisco address 61.128.1.1

  !

  !

  crypto ipsec transform-set cisco esp-3des esp-md5-hmac

  !

  crypto map map 10 ipsec-isakmp

  set peer 61.128.1.1

  set transform-set cisco

  match address

  !

  !

  !

  !

  !

  spanning-tree mode pvst

  !

  !

  !

  !

  interface FastEthernet0/0

  ip address 192.168.2.1 255.255.255.0

  duplex auto

  speed auto

  !

  interface FastEthernet0/1

  no ip address

  duplex auto

  speed auto

  shutdown

  !

  interface Serial0/0/0

  ip address 202.100.1.1 255.255.255.0

  crypto map map

  !

  interface Serial0/0/1

  no ip address

  shutdown

  !

  interface Vlan1

  no ip address

  shutdown

  !

  ip classless

  ip route 0.0.0.0 0.0.0.0 202.100.1.10

  ip route 192.168.0.0 255.255.255.0 192.168.2.3

  ip route 192.168.1.0 255.255.255.0 202.100.1.10

  !

  !

  ip access-list extended

  permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

  permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

  !

  !

  !

  !

  !

  line con 0

  !

  line aux 0

  !

  line vty 0 4

  login

  !

  !

  !

  end

  Internet的全部配置:

  Internet#show running-config

  Building configuration...

  Current configuration : 708 bytes

  !

  version 15.1

  no service timestamps log datetime msec

  no service timestamps debug datetime msec

  no service password-encryption

  !

  hostname Internet

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  !

  license udi pid CISCO2901/K9 sn FTX15245R08

  !

  !

  !

  !

  !

  spanning-tree mode pvst

  !

  !

  !

  !

  interface GigabitEthernet0/0

  no ip address

  duplex auto

  speed auto

  shutdown

  !

  interface GigabitEthernet0/1

  no ip address

  duplex auto

  speed auto

  shutdown

  !

  interface Serial0/0/0

  ip address 202.100.1.10 255.255.255.0

  clock rate 64000

  !

  interface Serial0/0/1

  ip address 61.128.1.10 255.255.255.0

  clock rate 64000

  !

  interface Vlan1

  no ip address

  shutdown

  !

  ip classless

  !

  !

  !

  !

  !

  !

  !

  line con 0

  !

  line aux 0

  !

  line vty 0 4

  login

  !

  !

  !

  end

  siteB的全部配置:

  siteB#show running-config

  Building configuration...

  Current configuration : 1183 bytes

  !

  version 12.4

  no service timestamps log datetime msec

  no service timestamps debug datetime msec

  no service password-encryption

  !

  hostname siteB

  !

  !

  !

  !

  !

  !

  !

  !

  crypto isakmp policy 10

  encr 3des

  hash md5

  authentication pre-share

  group 2

  !

  crypto isakmp key cisco address 202.100.1.1

  !

  !

  crypto ipsec transform-set cisco esp-3des esp-md5-hmac

  !

  crypto map map 10 ipsec-isakmp

  set peer 202.100.1.1

  set transform-set cisco

  match address

  !

  !

  !

  !

  !

  spanning-tree mode pvst

  !

  !

  !

  !

  interface FastEthernet0/0

  ip address 192.168.1.1 255.255.255.0

  duplex auto

  speed auto

  !

  interface FastEthernet0/1

  no ip address

  duplex auto

  speed auto

  shutdown

  !

  interface Serial0/0/0

  no ip address

  shutdown

  !

  interface Serial0/0/1

  ip address 61.128.1.1 255.255.255.0

  crypto map map

  !

  interface Vlan1

  no ip address

  shutdown

  !

  ip classless

  ip route 0.0.0.0 0.0.0.0 61.128.1.10

  ip route 192.168.0.0 255.255.255.0 61.128.1.10

  ip route 192.168.2.0 255.255.255.0 61.128.1.10

  !

  !

  ip access-list extended

  permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

  permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

  !

  !

  !

  !

  !

  line con 0

  !

  line aux 0

  !

  line vty 0 4

  login

  !

  !

  !

  end

  看過文章“思科IPSEC 的如何配置"的人還看了:

  1.思科路由器基本配置教程

  2.如何查看Cisco路由器的配置信息

  3.Cisco路由器配置命令全攻略

  4.如何利用腳本配置思科路由器

  5.cisco思科怎么配置無線AP

  6.思科配置常見問題及其解決方法

  7.思科Cisco路由器的基礎(chǔ)配置知識

  8.思科路由器怎么進(jìn)入 思科路由器怎么設(shè)置

  9.CISCO路由器的配置與調(diào)試

  10.教你如何設(shè)置Cisco路由器安全

554308