欢迎来到天天文库
浏览记录
ID:41423913
大小:90.81 KB
页数:30页
时间:2019-08-24
《最详尽的ciscoVPN完全配置手册》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、1=1:详尽的ciscoVPN完全配置手册(1)VPN配置手册VpnAccessServerVPN配置之一:vpnaccessserver网络拓扑:PCRouterRouter2、:10.1.1.254/242610的IOSc2600-jk8o3s-mz.122-8.T5.binR1步骤:1.配置isakmppolicy:cryptoisakmppolicy1hashmd5authenticationpre-sharegroup22.配置vpnclient地址池cryptoisakmpclientconfigurationaddress-poollocalpool192iplocalpoolpooh92192.168.1.1192.168.1.2543.配置vpnclient有关参数cryptoisakmpdientconfigurationgro3、upvclient-group(vclient-group就是在vpnclient的连接配置中需要输入的groupauthenticationname。)keyvclient-key(vclient-key就是在vpnclient的连接配置中需要输入的groupauthenticationpasswordo)poolpool192(client的ip地址从这里选取)(以上两个参数必须配置,其他参数还包括domain,dns、wins等,根据情况进行配置。)4.配置ipsectransform-setcryptoipsectransform-setvclient-廿sesp4、-desesp-md5-hmac5.配置map模板crydynamic-maptemplate-map1settransform-setvclient-tfs(和第四步对应)6.配置vpnmapcrymapvpnmap1ipsec-isakmpdynamictemplate・map(使用第五步配置的map模板)cryptomapvpnmapisakmpauthorizationlistvclient-group(使用第三步配置的参数authorization)cryptomapvpnmapclientconfigurationaddressrespond(响应client5、分配地址的请求)说明几点:(1)vpnclient使用的ippool地址不能与Router内部网络ip地址重叠。(2)172.16.1.0网段模拟公网地址,10.1.1.0、20.1.1.0网段用于内部地址,192.168.1.0网段用于vpn通道。R1的配置:r1#r1#shrunBuildingconfiguration...Currentconfiguration:1521bytesiversion12.2servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryptio6、nihostnamer1iEnablePasswordciscoI■ipsubnet-zeroIipauditnotifylogipauditpomax-events100icryptoisakmppolicy1hashmd5authenticationpre-sharegroup2cryptoisakmpclientconfigurationaddress-poollocalpool192cryptoisakmpclientconfigurationgroupvclient-groupkeyvclient-key-ciscopoolvclient-poolIcrypto7、ipsectransform-setvclient-廿sesp-desesp-md5-hmacIcryptodynamic-maptemplate-map1settransform-setvclient-tfsicryptomapvpnmapisakmpauthorizationlistvclient-groupcryptomapvpnmapclientconfigurationaddressrespondcryptomapvpnmap1ipsec-isakmpdynamictemplate・mapi■faxinterface
2、:10.1.1.254/242610的IOSc2600-jk8o3s-mz.122-8.T5.binR1步骤:1.配置isakmppolicy:cryptoisakmppolicy1hashmd5authenticationpre-sharegroup22.配置vpnclient地址池cryptoisakmpclientconfigurationaddress-poollocalpool192iplocalpoolpooh92192.168.1.1192.168.1.2543.配置vpnclient有关参数cryptoisakmpdientconfigurationgro
3、upvclient-group(vclient-group就是在vpnclient的连接配置中需要输入的groupauthenticationname。)keyvclient-key(vclient-key就是在vpnclient的连接配置中需要输入的groupauthenticationpasswordo)poolpool192(client的ip地址从这里选取)(以上两个参数必须配置,其他参数还包括domain,dns、wins等,根据情况进行配置。)4.配置ipsectransform-setcryptoipsectransform-setvclient-廿sesp
4、-desesp-md5-hmac5.配置map模板crydynamic-maptemplate-map1settransform-setvclient-tfs(和第四步对应)6.配置vpnmapcrymapvpnmap1ipsec-isakmpdynamictemplate・map(使用第五步配置的map模板)cryptomapvpnmapisakmpauthorizationlistvclient-group(使用第三步配置的参数authorization)cryptomapvpnmapclientconfigurationaddressrespond(响应client
5、分配地址的请求)说明几点:(1)vpnclient使用的ippool地址不能与Router内部网络ip地址重叠。(2)172.16.1.0网段模拟公网地址,10.1.1.0、20.1.1.0网段用于内部地址,192.168.1.0网段用于vpn通道。R1的配置:r1#r1#shrunBuildingconfiguration...Currentconfiguration:1521bytesiversion12.2servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryptio
6、nihostnamer1iEnablePasswordciscoI■ipsubnet-zeroIipauditnotifylogipauditpomax-events100icryptoisakmppolicy1hashmd5authenticationpre-sharegroup2cryptoisakmpclientconfigurationaddress-poollocalpool192cryptoisakmpclientconfigurationgroupvclient-groupkeyvclient-key-ciscopoolvclient-poolIcrypto
7、ipsectransform-setvclient-廿sesp-desesp-md5-hmacIcryptodynamic-maptemplate-map1settransform-setvclient-tfsicryptomapvpnmapisakmpauthorizationlistvclient-groupcryptomapvpnmapclientconfigurationaddressrespondcryptomapvpnmap1ipsec-isakmpdynamictemplate・mapi■faxinterface
此文档下载收益归作者所有