<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("思科路由器,路由器站点,VPN") PageTitle=stripHTML("思科路由器站点到站点VPN") ArticleIntro=stripHTML("思科路由器站点到站点VPN,详情请看,下面内容:") Articlecontent=stripHTML("应用情况,公司总部分总互连,都有公网IP  R1路由器上连通性配置  R1(config)#interface e0  R1(config-if)#ip add…") ModuleName = stripHTML("netadmin") InfoID = stripHTML("117308") ChannelShortName=stripHTML("网管") InstallDir=stripHTML("http://www.77169.com/") ChannelDir=stripHTML("netadmin") %> 思科路由器站点到站点VPN - 华盟网 - http://www.77169.com
您现在的位置: 华盟网 >> 网管 >> 路由交换 >> 正文

思科路由器站点到站点VPN

2015/2/16 作者:不详 来源: 华盟收集
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>

  应用情况,公司总部分总互连,都有公网IP

  R1路由器上连通性配置

  R1(config)#interface e0

  R1(config-if)#ip address 10.1.1.1 255.255.255.0

  R1(config-if)#no shutdown

  R1(config)#interface e1

  R1(config-if)#ip address 1.1.1.1 255.255.255.0

  R1(config-if)#no shutdown

  R1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2

  R2路由器上连通性配置

  R2(config)#interface e0

  R2(config-if)#ip address 1.1.1.2 255.255.255.0

  R2(config-if)#no shutdown

  R2(config)#interface e1

  R2(config-if)#ip address 2.2.2.2 255.255.255.0

  R2(config-if)#no shutdown

  R2(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

  R1路由器IpSec配置

  R1(config)#crypto isakmp enable (optional)默认启用

  R1路由器IpSec isakmp 配置(阶段一的策略)

  R1(config)#crypto isakmp policy 10

  R1(config-isakmp)#hash md5

  R1(config-isakmp)#authentication pre-shared

  R1(config-isakmp)#encryption 3des

  R1(config-isakmp)#group 2

  R1路由器Pre-Share认证配置

  R1(config)#crypto isakmp key cisco address 10.1.1.2

  R1路由器IpSec变换集配置(阶段二的策略)

  R1(config)#crypto ipsec transform-set cisco esp-3des esp-md5-hmac R1 (cfg-crypto-trans)#mode tunnel

  R1路由器加密图的配置

  R1(config)#crypto map cisco10 ipsec-isakmp

  R1(config-crypto-map)#set peer 10.1.1.2

  R1(config-crypto-map)#set transform-set cisco

  R1(config-crypto-map)#match address 101

  R1路由器定义感兴趣流量

  R1(config)#access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255 R1路由器加密图绑定到接口

  R1(config)#interface e0

  R1(config-if)#crypto map cisco

  4、R2路由器IpSec配置

  R2(config)#crypto isakmp enable (optional)默认启用

  R2路由器IpSec isakmp 配置(阶段一的策略)

  R2(config)#crypto isakmp policy 10

  R2(config-isakmp)#hash md5

  R2(config-isakmp)#authentication pre-share

  R2(config-isakmp)#encryption 3des

  R2(config-isakmp)#group 2

  R2路由器Pre-Share认证配置

  R2(config)#crypto isakmp key cisco address 10.1.1.1

  R2路由器IpSec变换集配置(阶段二的策略)

  R2(config)#crypto ipsec transform-set cisco esp-3des esp-md5-hmac

  R2(cfg-crypto-trans)#mode tunnel

  R2路由器加密图的配置

  R2(config)#crypto map cisco 10 ipsec-isakmp

  R2(config-crypto-map)#set peer 10.1.1.1

  R2(config-crypto-map)#set transform-set cisco

  R2(config-crypto-map)#match address 101

  R2路由器定义感兴趣流量

  R2(config)#access-list 101 permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255

  R2路由器加密图绑定到接口

  R2(config)#interface e0

  R2(config-if)#crypto map cisco