欢迎来到天天文库
浏览记录
ID:40659187
大小:141.50 KB
页数:16页
时间:2019-08-05
《103实验指导(1对多 Site To Site VPN)》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、实验指导(1对多SiteToSiteVPN)一、实验任务uR1:RotuerA、R2:Internet、R3:RotuerB、R4:RotuerCuRouterB、RouterC采用VPN和总部连接u总部和不同分部之间的VPN采用不同的参数、密码u要保证三个site之间都可以互相通信二、实验步骤1、R1、R2、R3上如图配置IP地址,打开接口,配置路由:Switch(S1):Switch(config)#intf0/0Switch(config-if)#shutdownRouterA(R1):ints1/1noshutdownclockrate128000ipadd2
2、02.96.134.1255.255.255.252intloopback0ipadd10.1.1.1255.255.255.0iproute0.0.0.00.0.0.0s1/1Internet(R2):ints1/0noshutdownclockrate128000ipadd202.96.134.2255.255.255.252ints1/1noshutdownclockrate128000ipadd61.0.0.1255.255.255.252inte0/0noshutdownduplexfullipadd198.133.0.1255.255.255.252Rou
3、terB(R3):ints1/0noshutdownclockrate128000ipadd61.0.0.02255.255.255.252intloopback0ipadd10.2.2.2255.255.255.0iproute0.0.0.00.0.0.0s1/0RouterC(R4):inte0/0noshutdownduplexfullipadd198.133.0.2255.255.255.252intloopback0ipadd10.3.3.3255.255.255.0iproute0.0.0.00.0.0.0198.133.0.11、RouterA:和Rou
4、terB之间联通的配置:!cryptoisakmppolicy10hashmd5authenticationpre-share!cryptoisakmpkey0cisco1234address61.0.0.2!cryptoipsectransform-setSITE2esp-desesp-md5-hmac!cryptomapTEST-MAP10ipsec-isakmpsetpeer61.0.0.2settransform-setSITE2matchaddress110!interfaceSerial1/1cryptomapTEST-MAP!access-list110
5、permitip10.1.1.00.0.0.25510.2.2.00.0.0.255!1、RouterB:和RouterA之间联通的配置:!cryptoisakmppolicy10hashmd5authenticationpre-share!cryptoisakmpkey0cisco1234address202.96.134.1!cryptoipsectransform-setSITE1esp-desesp-md5-hmac!cryptomapTEST-MAP10ipsec-isakmpsetpeer202.96.134.1settransform-setSITE1m
6、atchaddress110!interfaceSerial1/0cryptomapTEST-MAP!access-list110permitip10.2.2.00.0.0.25510.1.1.00.0.0.255!2、RouterA:和RouterC之间联通的配置:!cryptoisakmppolicy20encryaeshashshagroup2authenticationpre-share!cryptoisakmpkey0123456address198.133.0.2!cryptoipsectransform-setSITE3esp-3desesp-sha!c
7、ryptomapTEST-MAP20ipsec-isakmpsetpeer198.133.0.2settransform-setSITE3matchaddress120!interfaceSerial1/1cryptomapTEST-MAP!access-list120permitip10.1.1.00.0.0.25510.3.3.00.0.0.2553、RouterC:和RouterA之间联通的配置:!cryptoisakmppolicy10encryaeshashshagroup2authenticationpre-share!cryptoisa
此文档下载收益归作者所有