上图AB间运行IPSec VPN ,配置如下
RouterA#show running-config
crypto isakmp policy 10
hash md5
authentication per-share
crypto isakmp key nichole address 10.1.2.1
!
!
!
crypto ipsec transform-set nichole esp-des
!
crypto map nichole 20 ipsec-isakmp
set peer 10.1.2.1
set transform-set nichole
match address 101
!
interface ethernet 0/0
ip address 10.1.1.1 255.255.255.0
ip access-group 100 in
crypto map nichole
no shutdown
!
interface ethernet 0/1
ip address 192.168.1.1 255.255.255.0
no shutdown
!
access-list 100 permit ahp host 10.1.2.1 host 10.1.1.1
access-list 100 permit esp host 10.1.2.1 host 10.1.1.1
access-list 100 permit udp host 10.1.2.1 host 10.1.1.1 eq 500 或(isakmp)
access-list 101 permit tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip any any
!
RouterB#show running-config
crypto isakmp policy 10
hash md5
authentication per-share
crypto isakmp key nichole address 10.1.1.1
!
!
!
crypto ipsec transform-set nichole esp-des
!
crypto map nichole 20 ipsec-isakmp
set peer 10.1.2.1
set transform-set nichole
match address 101
!
interface ethernet 0/0
ip address 10.1.2.1 255.255.255.0
ip access-group 100 in
crypto map nichole
no shutdown
!
interface ethernet 0/1
ip address 192.168.2.1 255.255.255.0
no shutdown
!
access-list 100 permit ahp host 10.1.1.1 host 10.1.2.1
access-list 100 permit esp host 10.1.1.1 host 10.1.2.1
access-list 100 permit udp host 10.1.1.1 host 10.1.2.1 eq 500 或(isakmp)
access-list 101 permit tcp 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip any any
!
return
