|
GW1:
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 64.1.1.0 255.255.255.0 //對(duì)方可能獲得IP地址范圍的IP地址��,可以是0.0.0.0 0.0.0.0
!
crypto ipsec transform-set SET esp-3des esp-md5-hmac
!
crypto dynamic-map dymap 10 //配置動(dòng)態(tài)MAP
set transform-set SET
set pfs group5
!
crypto map cisco 1000 ipsec-isakmp dynamic dymap //關(guān)聯(lián)動(dòng)態(tài)MAP
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet1/0
ip address 202.1.1.1 255.255.255.0
duplex auto
speed auto
crypto map cisco //應(yīng)用普通MAP
!
ip route 0.0.0.0 0.0.0.0 202.1.1.10
Internet:
ip dhcp excluded-address 64.1.1.10
!
ip dhcp pool VPN
network 64.1.1.0 255.255.255.0
default-router 64.1.1.10
!
interface FastEthernet1/0
ip address 202.1.1.10 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 64.1.1.10 255.255.255.0
duplex auto
speed auto
GW2:
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 202.1.1.1
!
crypto ipsec transform-set SET esp-3des esp-md5-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 202.1.1.1
set transform-set SET
set pfs group5
match address vpn
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet1/0
ip address dhcp
duplex auto
speed auto
crypto map cisco
!
ip route 0.0.0.0 0.0.0.0 64.1.1.10
ip route 0.0.0.0 0.0.0.0 64.1.1.10 254
!
ip access-list extended vpn
permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
只能GW2發(fā)起IPSec流量,GW1不能先發(fā)起
本文出自:億恩科技【www.cmtents.com】
服務(wù)器租用/服務(wù)器托管中國(guó)五強(qiáng)�����!虛擬主機(jī)域名注冊(cè)頂級(jí)提供商��!15年品質(zhì)保障��!--億恩科技[ENKJ.COM]
|
香港服務(wù)器租用
美國(guó)服務(wù)器租用
電信骨干機(jī)房
聯(lián)通骨干機(jī)房
0371-60135900
