防火墙与入侵检测技术实验五pix防火墙ipsec与vpn的配置

《防火墙与入侵检测技术实验五pix防火墙ipsec与vpn的配置》由会员上传分享，免费在线阅读，更多相关内容在行业资料-天天文库。

1、实验五PIX防火墙IPSec与VPN的配置一、实验目的通过该实验掌握PIX防火墙IPSec与VPN的配置。二、实验任务l配置PIX防火墙IPSecl配置PIX防火墙VPNl验证实验结果三、实验设备PIX5505防火墙两台，CISCO2950交换机两台，控制线一根，网络连接线若干，PC机若干，Sniffer软件一套四、实验拓扑图及内容在FW1和FW2之间建立100PIX1配置：interfaceEthernet1nameifinsidesecurity-level100ipaddress10.1.1.254255.255.255.0!interf

2、aceEthernet2nameifoutsidesecurity-level0ipaddress12.1.1.1255.255.255.0!routeoutside20.1.1.0255.255.255.012.1.1.21！cryptoipsectransform-setmysetesp-aesesp-sha-hmaccryptomapmymap1matchaddress100cryptomapmymap1setpeer12.1.1.2cryptomapmymap1settransform-setmysetcryptomapmymapint

3、erfaceoutsidecryptoisakmpenableoutsidecryptoisakmppolicy10authenticationpre-shareencryptionaeshashshagroup2lifetime86400！tunnel-group12.1.1.2typeipsec-l2ltunnel-group12.1.1.2ipsec-attributespre-shared-key*//access-list100extendedpermitiphost10.1.1.1host20.1.1.1PIX2配置：interfa

4、ceEthernet2nameifinsidesecurity-level100ipaddress20.1.1.254255.255.255.0!interfaceEthernet1nameifoutsidesecurity-level0ipaddress12.1.1.2255.255.255.0!routeoutside10.1.1.0255.255.255.012.1.1.11！cryptoipsectransform-setmysetesp-aesesp-sha-hmaccryptomapmymap1matchaddress100cryp

5、tomapmymap1setpeer12.1.1.1cryptomapmymap1settransform-setmysetcryptomapmymapinterfaceoutsidecryptoisakmpenableoutsidecryptoisakmppolicy10authenticationpre-shareencryptionaeshashshagroup2lifetime86400！tunnel-group12.1.1.1typeipsec-l2ltunnel-group12.1.1.1ipsec-attributespre-sh

6、ared-key*R1配置：interfaceFastEthernet0/0ipaddress10.1.1.1255.255.255.0duplexautospeedauto!iproute0.0.0.00.0.0.010.1.1.254R2配置：interfaceFastEthernet0/0ipaddress20.1.1.1255.255.255.0duplexautospeedauto！iproute0.0.0.00.0.0.020.1.1.254一、实验总结使用VPN技术，可以保证数据通信的机密性，完整性，有效性。当配置VPN时，需要注

7、意路由问题，本端通讯点需要知道对端通讯点的路由。本端加密点，需要知道本端通讯点，对端加密点和对端通讯点的路由。使用100，只要符合感兴趣数据流的流量，都会被加密。