扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
刚做完的实验,贴出来大家分享,虽然不是Cisco的设备,命令几乎完全相同,大家理解就行了。
环境:两台博达2750路由器(1*E,1*FE),两台PC实验目的:两台路由器通过E0/1连接,实现IPSecVPN,使两台PC互访,并且都能分别通过路由器的NAT访问互联网。
配置:
RouterARouterA#sh run
Building configuration...
Current configuration:
!
!version 1.3.1E
service timestamps log date
service timestamps debug date
no service password-encryption
!
hostname RouterA
!
!
!
crypto ipsec transform-set one
!
crypto map aaa 100 ipsec-manual
set peer 192.0.0.2
set security-association inbound esp 256 cipher abcdabcdabcdabcd
set security-association outbound esp 1257 cipher 1234123412341234
set transform-set one
match address test
!
!
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet0/1
ip address 192.0.0.1255.255.255.0
no ip directed-broadcast
crypto map aaa
duplex half
ip nat outside
!
interface Serial0/0
no ip address
no ip directed-broadcast
!
interface Async0/0
no ip address
no ip directed-broadcast
!
!
ip route default 192.0.0.3
!
!
!
!
!
ip access-list standard nat-2
permit 172.16.1.0 255.255.255.0
!
ip access-list extended test
permit ip 192.0.0.1255.255.255.0 192.0.0.2 255.255.255.0!
!
!
!
ip nat outside source static 192.0.0.2 172.16.2.2
ip nat inside source static 172.16.1.2 192.0.0.1
ip nat inside source list nat-2 interface Ethernet0/1
!
!
!
RouterB:
RouterB#sh run
Building configuration...
Current configuration:
!
!version 1.3.1E
service timestamps log date
service timestamps debug date
no service password-encryption
!
hostname RouterB
!
!
!
crypto ipsec transform-set one
!
crypto map aaa 100 ipsec-manual
set peer 192.0.0.1
set security-association inbound esp 1257 cipher 1234123412341234
set security-association outbound esp 256 cipher abcdabcdabcdabcd
set transform-set one
match address test
!
!
interface FastEthernet0/0
ip address 172.16.2.1 255.255.255.0
no ip directed-broadcast
duplex half
ip nat inside
!
interface Ethernet0/1
ip address 192.0.0.2 255.255.255.248
no ip directed-broadcast
crypto map aaa
ip nat outside
!
interface Serial0/0
no ip address
no ip directed-broadcast
!
interface Async0/0
no ip address
no ip directed-broadcast
!
!
ip route default 192.0.0.3
!
!
!
!
!
ip access-list standard internet
permit 172.16.2.0 255.255.255.0
!
ip access-list extended test
permit ip 192.0.0.2 255.255.255.0 192.0.0.1 255.255.255.0
!
!
!
!
ip nat inside source static 172.16.2.2 192.0.0.2
ip nat outside source static 192.0.0.1 172.16.1.2
ip nat inside source list internet interface Ethernet0/1
!
!
!
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。