Rootop 服务器运维与web架构

cisco 3640 配置 VPN

| 暂无评论

                                  Router VPN

r1(config)#crypto isakmp policy 1

(定义IPsec策略框架)

r1(config-isakmp)#encryption 3des

(加密方式为3des)

r1(config-isakmp)#hash sha

(哈希值函数为sha)

r1(config-isakmp)#group 2

(密钥长度group1为76位,group2为1024位)

r1(config-isakmp)#lifetime 28800

(生存时间,即密钥的有效期/秒)

r1(config-isakmp)#authentication pre-share

(认证方式为预共享密钥,/VPN两端预认证字段)

r1(config-isakmp)#exit

r1(config)#crypto isakmp identity address

r1(config)#crypto isakmp key huayu address 218.56.57.59

(标识对端IP地址及预共享密钥内容)

r1(config)#crypto ipsec transform-set huayuipsec esp-3des esp-md5-hmac

(定义IPsec转换集,名为huayuipsec)

r1(cfg-crypto-trans)#exit

配置感兴趣流量

r1(config)#access-list 101  101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

配置map

r1(config)#crypto map huayumap 10 ipsec-isakmp

(定义map图,优先级为10,优先级VPN两端匹配)

% NOTE: This new crypto map will remain disabled until a peer

        and a valid access list have been configured.

r1(config-crypto-map)#set peer 218.56.57.59

(设置对等地址)

r1(config-crypto-map)#set transform-set huayuipsec

(调用定义的转换集)

r1(config-crypto-map)#match address 101

(匹配感兴趣流量)

r1(config-crypto-map)#exit

应用到端口

r1(config)#interface e0/0

r1(config-if)#crypto map huayumap

r1(config-if)#end

*Mar  1 00:29:32.051: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

show cryto ipsec sa

原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/118.html

作者:Venus

专注于 服务器运维与web架构 E-mail:venus#rootop.org

发表评论