|
- 社区积分
- 115
- 技术积分
- 1292
- 阅读权限
- 40
- 注册时间
- 2007-7-21
论坛徽章 1 |
楼主
发表于 2007-8-14 14:03
| 只看该作者
CISCO2811路由器EasyVPN配置范例
CISCO2811路由器EasyVPN配置范例
Building configuration...
Current configuration : 11354 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname routerA
!
boot-start-marker
boot system flash c2800nm-advsecurityk9-mz.123-14.T7.bin
boot-end-marker
!
logging buffered 51200 warnings
enable secret level 5 5 $1$Tu0L$1sLQMFmHtGkH7lvBCOkug.
!
aaa new-model
!
!
aaa authorization network default none
aaa authorization network hyhtdevelop local
aaa authorization network andylzx local
!
aaa session-id common
!
resource policy
!
memory-size iomem 30
ip subnet-zero
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.28.15.1 172.28.15.9
ip dhcp excluded-address 172.28.15.251 172.28.15.254
!
!
no ip ips deny-action ips-interface
ip ips notify SDEE
ip domain name hyht.com
ip name-server 202.98.160.68
ip name-server 202.98.161.68
ip address-pool local
ip accounting-threshold 100
!
ftp-server enable
no ftp-server write-enable
ftp-server topdir 192.168.100.254
!
!
!
username hyhtl secret 5 $1$pqb8$2/eBAic.MBUTewQGodFTJ/
username hyhtadmin privilege 15 secret 5 $1$Ydfa$zd6FU/Ae6f0DMNeca0BYR1
!
!
-----定义IKE策略----
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 25200
no crypto isakmp ccm
----指定客户端的地址池-----------
crypto isakmp client configuration address-pool local SDM_POOL_3
----为客户端定义组名和组密码---
crypto isakmp client configuration group groupname
grouppassword
dns 202.98.160.68 202.98.161.68
domain hyht.com
pool hyhthyd01
netmask 255.255.255.0
!
!
crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
!
----定义动态加密图项dynmap----
crypto dynamic-map dynmap 1
set transform-set transform-1
reverse-route
!
----创建加密图mymap---------
crypto map mymap isakmp authorization list hyhtdevelop --定义mymap的授权方式---
crypto map mymap client configuration address respond ---指定可为客户端分配地址---
crypto map mymap 1 ipsec-isakmp dynamic dynmap ---引入加密图项dynmap----
interface FastEthernet0/0
description VPNServer
ip address 20.165.9.40 255.255.255.128
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map mymap ---在此接口上加载加密图mymap----
!
interface FastEthernet0/1
description ToInternet
ip address 20.165.8.73 255.255.255.192
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/0/0
description ToDatabase
!
interface FastEthernet0/0/1
shutdown
!
interface FastEthernet0/0/2
shutdown
!
interface FastEthernet0/0/3
shutdown
!
interface Vlan1
description ToDatabaseCenter
ip address 10.192.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan2
ip address 172.28.3.1 255.255.255.0
ip local pool hyhtdevelop 172.28.0.10 172.28.0.250
ip local pool hyhthyd01 172.28.1.10 172.28.1.250
ip local pool chinamobile 172.28.15.1
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 20.165.9.1
ip route 0.0.0.0 0.0.0.0 20.165.8.65 20
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat pool vpnoutsidepool 220.165.8.73 220.165.8.73 netmask 255.255.255.192
ip nat inside source list 101 pool vpnoutsidepool overload
!
ip access-list extended tochinamobile
remark tochinamobile
remark SDM_ACL Category=4
permit ip any 10.168.2.0 0.0.0.255
permit ip any host 172.28.15.1
permit ip any 135.77.7.40 0.0.0.7
!
!
!
control-plane
!
!
alias exec e exit
alias exec ct config t
alias exec s show runn
alias exec crs copy running start
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet
line vty 5 15
privilege level 15
transport input telnet
!
scheduler allocate 20000 1000
!
end
routerA# |
|
