ciso路由器配置VPN纯命令

Router(config)#crypto isakmp enable Router(config)#crypto isakmp policy 1 Router(config-isakmp)#authentication pre-share Router(config-isakmp)#encryption aes Router(config-isakmp)#hash sha Router(config-isakmp)#group 2 Router#sh crypto isakmp policy Global IKE policy Protection suite of priority 1 encryption algorithm: AES - Advanced Encryption Standard (128 bit keys). hash algorithm: Secure Hash Standard authentication method: Pre-Shared Key Diffie-Hellman group: #2 (1024 bit) lifetime: 86400 seconds, no volume limit Default protection suite encryption algorithm: DES - Data Encryption Standard (56 bit keys). hash algorithm: Secure Hash Standard authentication method: Rivest-Shamir-Adleman Signature Diffie-Hellman group: #1 (768 bit) lifetime: 86400 seconds, no volume limit Router(config)#crypto isakmp key 6 jianglu add 200.0.20.1 Router(config)#do sh crypto isakmp key Keyring Hostname/Address Preshared Key default 200.0.20.1 (encrypted) Router(config)#access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255 Router(config)#crypto ipsec transform-set jianglu esp-3des ah-sha-hmac Router(cfg-crypto-trans)#mode tunnel Router#sh crypto ipsec transform-set Transform set jianglu: { ah-sha-hmac } will negotiate = { Tunnel, }, { esp-3des } will negotiate = { Tunnel, }, Router#sh run Current configuration : 1011 bytes version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname Router boot-start-marker boot-end-marker no aaa new-model memory-size iomem 5 ip cef no ip domain lookup crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key 6 jianglu address 200.0.20.1 crypto ipsec transform-set jianglu ah-sha-hmac esp-3des crypto map jianglu 1 ipsec-isakmp set peer 200.0.20.1 set transform-set jianglu match address 101 interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 200.0.10.1 255.255.255.252 duplex auto speed auto crypto map jianglu ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 200.0.10.2 access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255 control-plane Router#sh run Building configuration... Current configuration : 1011 bytes version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname Router boot-start-marker boot-end-marker no aaa new-model memory-size iomem 5 ip cef no ip domain lookup crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key 6 jianglu address 200.0.10.1 crypto ipsec transform-set jianglu ah-sha-hmac esp-3des ! crypto map jianglu 1 ipsec-isakmp set peer 200.0.10.1 set transform-set jianglu match address 101 interface Loopback0 ip address 2.2.2.2 255.255.255.0 ! interface FastEthernet0/0 ip address 200.0.20.1 255.255.255.252 duplex auto speed auto crypto map jianglu ! ip http server no ip http secure-server ip route 0.0.0.0 0.0.0.0 200.0.20.2 access-list 101 permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255 control-plane 继续阅读