路由器-路由器以及VPN Client之间的VPN
screen.width-333)this.width=screen.width-333" border=0>Cisco 2611 Routervpn2611#show runBuilding configuration...Current configuration : 2265 bytes!version 12.2service timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname vpn2611!!--- Enable aaa for user authentication !--- and group authorization.aaa new-model!!!--- To enable X-Auth for user authentication, !--- enable the aaa authentication commands.aaa authentication login userauthen local!--- To enable group authorization, enable !--- the aaa authorization commands.aaa authorization network groupauthor local aaa session-id common!!--- For local authentication of the IPSec user, !--- create the user with password.username cisco password 0 ciscoip subnet-zero!!!ip audit notify logip audit po max-events 100!!--- Create an Internet Security Association and !--- Key Management Protocol (ISAKMP) !--- policy for Phase 1 negotiations for the VPN 3.x clients.crypto isakmp policy 3encr 3desauthentication pre-sharegroup 2!!--- Create an ISAKMP policy for Phase 1 !--- negotiations for the LAN-to-LAN tunnels.crypto isakmp policy 10hash md5authentication pre-share!--- Specify the PreShared key for the LAN-to-LAN tunnel. !--- Make sure that you use !--- no-xauth parameter with your ISAKMP key.crypto isakmp key cisco123 address 172.18.124.199 no-xauth!!--- Create a group that will be used to !--- specify the WINS, DNS servers' address!--- to the client, along with the pre-shared !--- key for authentication.crypto isakmp client configuration group 3000clientkey cisco123dns 10.10.10.10wins 10.10.10.20domain cisco.compool ippool!!!--- Create the Phase 2 Policy for actual data encryption.crypto ipsec transform-set myset esp-3des esp-md5-hmac !!--- Create a dynamic map and apply !--- the transform set that was created above.crypto dynamic-map dynmap 10set transform-set myset !!!--- Create the actual crypto map, and !--- apply the aaa lists that were created !--- earlier. Also create a new instance for your !--- LAN-to-LAN tunnel. Specify the peer IP address, !--- transform set and an Access Control List (ACL) for this !--- instance.crypto map clientmap client authentication list userauthencrypto map clientmap isakmp authorization list groupauthorcrypto map clientmap client configuration address respondcrypto map clientmap 1 ip 1/3 123下一页尾页
页:
[1]