星型网络Dynamic IPsec VPN

欢迎您访问我爱IT技术网，今天小编为你分享的电脑教程是网络协议方面的经验知识教程：星型网络Dynamic IPsec VPN，下面是详细的分享！

星型网络Dynamic IPsec VPN

星型网络Dynamic IPsec VPN

实验内容：

１，建立全互联拓扑。

２，以Ｒ１为中心，让Ｒ２和Ｒ３与Ｒ１分别建立邻居关系，而Ｒ２和Ｒ３之间路由不可达。

３，建立Dynamic IPsec VPN

R1#show run

!

!

crypto isakmp policy 100

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key ilovetg address 192.168.123.3

crypto isakmp key ilovetg2008 address 192.168.123.2

!

!

crypto ipsec transform-set sun1 ah-md5-hmac esp-des esp-md5-hmac comp-lzs

!

crypto dynamic-map sun123 10

set security-association lifetime kilobytes 102400

set transform-set sun1

set pfs group2

match address VPN

!

!

crypto map sun1 100 ipsec-isakmp dynamic sun123

!

interface Loopback1

ip address 1.1.1.1 255.255.255.0

!

interface FastEthernet0/0

ip address 192.168.123.1 255.255.255.0

duplex auto

speed auto

crypto map sun1

!

!

router eigrp 100

passive-interface Loopback1

network 1.1.1.1 0.0.0.0

network 192.168.123.1 0.0.0.0

no auto-summary

neighbor 192.168.123.3 FastEthernet0/0

neighbor 192.168.123.2 FastEthernet0/0

!

!

ip access-list extended VPN

permit tcp host 1.1.1.1 host 2.2.2.2

permit tcp host 1.1.1.1 host 3.3.3.3

permit ip host 1.1.1.1 host 2.2.2.2

permit ip host 1.1.1.1 host 3.3.3.3

!

!

End

R2#show run

!

crypto isakmp policy 100

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key ilovetg2008 address 192.168.123.1

!

!

crypto ipsec transform-set sun2 ah-md5-hmac esp-des esp-md5-hmac comp-lzs

!

crypto map sun2 10 ipsec-isakmp

set peer 192.168.123.1

set security-association lifetime kilobytes 102400

set transform-set sun2

set pfs group2

match address VPN

!

!

interface Loopback2

ip address 2.2.2.2 255.255.255.0

!

interface FastEthernet0/0

ip address 192.168.123.2 255.255.255.0

duplex auto

speed auto

crypto map sun2

!

!

router eigrp 100

passive-interface Loopback2

network 2.2.2.2 0.0.0.0

network 192.168.123.2 0.0.0.0

no auto-summary

neighbor 192.168.123.1 FastEthernet0/0

!

!

ip access-list extended VPN

permit tcp host 2.2.2.2 host 1.1.1.1

permit ip host 2.2.2.2 host 1.1.1.1

!

!

end

R3#show run

!

crypto isakmp policy 100

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key ilovetg address 192.168.123.1

!

!

crypto ipsec transform-set sun3 ah-md5-hmac esp-des esp-md5-hmac comp-lzs

!

crypto map sun3 10 ipsec-isakmp

set peer 192.168.123.1

set security-association lifetime kilobytes 102400

set transform-set sun3

set pfs group2

match address VPN

!

!

interface Loopback3

ip address 3.3.3.3 255.255.255.0

!

interface FastEthernet0/0

ip address 192.168.123.3 255.255.255.0

duplex auto

speed auto

crypto map sun3

!

!

router eigrp 100

network 3.3.3.3 0.0.0.0

network 192.168.123.3 0.0.0.0

no auto-summary

neighbor 192.168.123.1 FastEthernet0/0

!

!

ip access-list extended VPN

permit tcp host 3.3.3.3 host 1.1.1.1

permit ip host 3.3.3.3 host 1.1.1.1

!

!

End

R1#show crypto isakmp sa

dst src state conn-id slot status

192.168.123.1 192.168.123.2 QM_IDLE 1 0 ACTIVE

192.168.123.1 192.168.123.3 QM_IDLE 2 0 ACTIVE

R2#show cry isa sa

dst src state conn-id slot status

192.168.123.1 192.168.123.2 QM_IDLE 1 0 ACTIVE

R3#show cry isakmp sa

dst src state conn-id slot status

192.168.123.1 192.168.123.3 QM_IDLE 1 0 ACTIVE

以上就是关于星型网络Dynamic IPsec VPN的网络协议知识分享，更多电脑教程请移步到>>电脑教程。