Router VPN
r1(config)#crypto isakmp policy 1
(定义IPsec策略框架)
r1(config-isakmp)#encryption 3des
(加密方式为3des)
r1(config-isakmp)#hash sha
(哈希值函数为sha)
r1(config-isakmp)#group 2
(密钥长度group1为76位,group2为1024位)
r1(config-isakmp)#lifetime 28800
(生存时间,即密钥的有效期/秒)
r1(config-isakmp)#authentication pre-share
(认证方式为预共享密钥,/VPN两端预认证字段)
r1(config-isakmp)#exit
r1(config)#crypto isakmp identity address
r1(config)#crypto isakmp key huayu address 218.56.57.59
(标识对端IP地址及预共享密钥内容)
r1(config)#crypto ipsec transform-set huayuipsec esp-3des esp-md5-hmac
(定义IPsec转换集,名为huayuipsec)
r1(cfg-crypto-trans)#exit
配置感兴趣流量
r1(config)#access-list 101 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
配置map
r1(config)#crypto map huayumap 10 ipsec-isakmp
(定义map图,优先级为10,优先级VPN两端匹配)
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r1(config-crypto-map)#set peer 218.56.57.59
(设置对等地址)
r1(config-crypto-map)#set transform-set huayuipsec
(调用定义的转换集)
r1(config-crypto-map)#match address 101
(匹配感兴趣流量)
r1(config-crypto-map)#exit
应用到端口
r1(config)#interface e0/0
r1(config-if)#crypto map huayumap
r1(config-if)#end
*Mar 1 00:29:32.051: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
show cryto ipsec sa
原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/118.html