ciso路由器配置VPN纯命令Router(config)#crypto isakmp enable
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#encryption aes
Router(config-isakmp)#hash sha
Router(config-isakmp)#group 2
Router#sh crypto isakmp policy
Global I...
Router(config)#crypto isakmp enable
Router(config)#crypto isakmp policy 1
Router(config-isakmp)#authentication pre-share
Router(config-isakmp)#encryption aes
Router(config-isakmp)#hash sha
Router(config-isakmp)#group 2
Router#sh crypto isakmp policy
Global IKE policy
Protection suite of priority 1
encryption algorithm: AES - Advanced Encryption Standard (128 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
Router(config)#crypto isakmp key 6 jianglu add 200.0.20.1
Router(config)#do sh crypto isakmp key
Keyring Hostname/Address Preshared Key default 200.0.20.1 (encrypted)
Router(config)#access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
Router(config)#crypto ipsec transform-set jianglu esp-3des ah-sha-hmac
Router(cfg-crypto-trans)#mode tunnel
Router#sh crypto ipsec transform-set
Transform set jianglu: { ah-sha-hmac }
will negotiate = { Tunnel, },
{ esp-3des }
will negotiate = { Tunnel, },
Router#sh run
Current configuration : 1011 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
ip cef
no ip domain lookup
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key 6 jianglu address 200.0.20.1
crypto ipsec transform-set jianglu ah-sha-hmac esp-3des crypto map jianglu 1 ipsec-isakmp
set peer 200.0.20.1
set transform-set jianglu
match address 101
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 200.0.10.1 255.255.255.252
duplex auto
speed auto
crypto map jianglu
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 200.0.10.2
access-list 101 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255 control-plane
Router#sh run
Building configuration...
Current configuration : 1011 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
ip cef
no ip domain lookup
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key 6 jianglu address 200.0.10.1
crypto ipsec transform-set jianglu ah-sha-hmac esp-3des
!
crypto map jianglu 1 ipsec-isakmp
set peer 200.0.10.1
set transform-set jianglu
match address 101
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 200.0.20.1 255.255.255.252
duplex auto
speed auto
crypto map jianglu
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 200.0.20.2
access-list 101 permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255 control-plane
继续阅读
本文档为【ciso路由器配置VPN纯命令】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。