路由器和路由器之间的VPN配置代码
相关话题
Hub Router
2503#show running-config
Building configuration
Current configuration : 1466 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
hostname 2503
ip subnet-zero
--- Configuration for IKE policies
crypto isakmp policy 10
--- Enables the IKE policy configuration (config-isakmp)
--- command mode, where you can specify the parameters that
--- are used during an IKE negotiation
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200121
crypto isakmp key cisco123 address 200131
--- Specifies the preshared key "cisco123" which should
--- be identical at both peers This is a global
--- configuration mode command
--- Configuration for IPSec policies
crypto ipsec transform-set myset esp-des esp-md5-hmac
--- Enables the crypto transform configuration mode,
--- where you can specify the transform sets that are used
--- during an IPSec negotiation
crypto map mymap 10 ipsec-isakmp
--- Indicates that IKE is used to establish
--- the IPSec security association for protecting the
--- traffic specified by this crypto map entry
set peer 200121
--- Sets the IP address of the remote end
set transform-set myset
--- Configures IPSec to use the transform-set
--- "myset" defined earlier in this configuration
match address 110
--- Specifyies the traffic to be encrypted
crypto map mymap 20 ipsec-isakmp
set peer 200131
set transform-set myset
match address 120
interface Loopback0
ip address 10111 2552552550
interface Ethernet0
ip address 200111 2552552550
no ip route-cache
--- You must enable process switching for IPSec
--- to encrypt outgoing packets This command disables fast switching
no ip mroute-cache
crypto map mymap
--- Configures the interface to use the
--- crypto map "mymap" for IPSec
--- Output suppressed
ip classless
ip route 1721610 2552552550 Ethernet0
ip route 19216810 2552552550 Ethernet0
ip route 200100 25525500 Ethernet0
ip http server
access-list 110 permit ip 10110 000255 1721610 000255
access-list 110 permit ip 19216810 000255 1721610 000255
access-list 120 permit ip 10110 000255 19216810 000255
access-list 120 permit ip 1721610 000255 19216810 000255
--- This crypto ACL-permit identifies the
--- matching traffic flows to be protected via encryption
Spoke 1 Router
2509a#show running-config
Building configuration
Current configuration : 1203 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
hostname 2509a
enable secret 5 $1$DOX3$rIrxEnTVTw/7LNbxiakz0
ip subnet-zero
no ip domain-lookup
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200111
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 200111
set transform-set myset
match address 110
interface Loopback0
ip address 1721611 2552552550
interface Ethernet0
ip address 200121 2552552550
no ip route-cache
no ip mroute-cache
crypto map mymap
--- Output suppressed
ip classless
ip route 10110 2552552550 Ethernet0
ip route 19216810 2552552550 Ethernet0
ip route 200100 25525500 Ethernet0
no ip http server
access-list 110 permit ip 1721610 000255 10110 000255
access-list 110 permit ip 1721610 000255 19216810 000255
end
2509a#
Spoke 2 Router
VPN2509#show running-config
Building configuration
Current configuration : 1117 bytes
version 122
service timestamps debug datetime msec
service timestamps log uptime
service password-encryption
hostname VPN2509
ip subnet-zero
no ip domain-lookup
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco123 address 200111
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 200111
set transform-set myset
match address 120
interface Loopback0
ip address 19216811 2552552550
interface Ethernet0
ip address 200131 2552552550
--- No ip route-cache
no ip mroute-cache
crypto map mymap
--- Output suppressed
ip classless
ip route 10110 2552552550 Ethernet0
ip route 1721600 25525500 Ethernet0
ip route 200100 25525500 Ethernet0
no ip http server
access-list 120 permit ip 19216810 000255 1721610 000255
access-list 120 permit ip 19216810 000255 10110 000255
end
VPN2509#