本文共 2746 字,大约阅读时间需要 9 分钟。
1.拓扑图:
参照秦珂老师的博文:
2.接口配置:
R1:int f0/0 ip add 10.1.1.1 255.255.255.0 no shR2:int f0/0 ip add 10.1.1.2 255.255.255.0 no shint f0/1 ip add 202.100.1.2 255.255.255.0 no shR3:int f0/0 ip add 202.100.1.3 255.255.255.0 no shint f0/1 ip add 202.100.2.3 255.255.255.0 no shR4:int f0/0 ip add 202.100.2.4 255.255.255.0 no shint f0/1 ip add 20.1.1.4 255.255.255.0 no shR5:int f0/0 ip add 20.1.1.5 255.255.255.0 no shPC:ip address 202.100.1.100/243.路由配置:R1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2R2(config)#ip route 0.0.0.0 0.0.0.0 202.100.1.3R4(config)#ip route 0.0.0.0 0.0.0.0 202.100.2.3R5(config)#ip route 0.0.0.0 0.0.0.0 20.1.1.44.Ez***服务器配置①第一阶段:crypto isakmp policy 10 authentication pre-share en des group 2 hash md5crypto isakmp client configuration group ipsecgroup key cisco②第1.5阶段XAUTH配置aaa new-model aaa authentication login noacs line noneline console 0 login authentication noacsline aux 0 login authentication noacsusername xll password xllaaa authentication login xauth-authen local③第1.5阶段MODE-CFG配置ip local pool ippool 123.1.1.100 123.1.1.200aaa authorization network mcfg-author localcrypto isakmp client configuration group ipsecgroup pool ippool④第2阶段转换集与动态map配置crypto ipsec transform-set ez***set esp-des esp-md5-hmaccrypto dynamic-map dymap 10 set transform-set ez***set⑤第2阶段crypto map配置crypto map cry-map client authentication list xauth-authencrypto map cry-map isakmp authorization list mcfg-authorcrypto map cry-map client configuration address respondcrypto map cry-map 10 ipsec-isakmp dynamic dymapinterface fastEthernet 0/0 crypto map cry-map5.Ez***硬件客户端配置
①Ez***基本配置crypto ipsec client ez*** Ez-Client connect manual group ipsecgroup key cisco mode client peer 202.100.2.4interface FastEthernet 0/0 crypto ipsec client ez*** Ez-Client insideinterface FastEthernet 0/1 crypto ipsec client ez*** Ez-Client outside②手动触发Ez***连接R2#crypto ipsec client ez*** connectR2#*Mar 1 00:19:58.175: EZ***(Ez-Client): Pending XAuth Request, Please enter the following command:*Mar 1 00:19:58.175: EZ***: crypto ipsec client ez*** xauthR2#crypto ipsec client ez*** xauthUsername: xllPassword: R2#*Mar 1 00:20:11.035: %CRYPTO-6-EZ***_CONNECTION_UP: (Client) User= Group=ipsecgroup Client_public_addr=202.100.1.2 Server_public_addr=202.100.2.4 Assigned_client_addr=123.1.1.101 R2#*Mar 1 00:20:12.543: %LINK-3-UPDOWN: Interface Loopback10000, changed state to up*Mar 1 00:20:13.543: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10000, changed state to upR2#show ip int brInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 10.1.1.2 YES NVRAM up up FastEthernet0/1 202.100.1.2 YES NVRAM up up NVI0 unassigned NO unset up up Loopback10000 123.1.1.101 YES manual up up
转载地址:http://jhajx.baihongyu.com/