cisco 基本配置2

发布网友 发布时间：2023-11-04 17:14

我来回答

共3个回答

热心网友 时间：2024-11-23 21:36

基本的接口配置，静态路由配置省略
基本的VPN：
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key cisco1 address 12.12.12.2 255.255.255.0
crypto ipsec transform-set cisco2 esp-3des esp-md5-hmac
!
crypto map cisco3 10 ipsec-isakmp
set peer 12.12.12.2
set transform-set cisco2
match address *12
ip access-list extended *12
permit ip host 1.1.1.1 host 2.2.2.2
基本的GRE_over_IPsec
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key ciscokey address 23.23.23.3
!
!
crypto ipsec transform-set my_trans esp-des
mode transport
!
crypto map gre_to_R3 10 ipsec-isakmp
set peer 23.23.23.3
set transform-set my_trans
match address 100
interface Tunnel1
ip unnumbered Serial1/1
tunnel source Serial1/1
tunnel destination 23.23.23.3
interface Serial1/1
ip address 12.12.12.1 255.255.255.0
serial restart-delay 0
crypto map gre_to_R3
access-list 100 permit gre host 12.12.12.1 host 23.23.23.3
ip route 0.0.0.0 0.0.0.0 12.12.12.2
ip route 192.168.0.0 255.255.0.0 Tunnel1

DM_VPN_SERVER端
interface Tunnel1
ip address 172.16.123.1 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 123
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp cache non-authoritative
no ip split-horizon eigrp 123
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile A
CLIENT段：
interface Tunnel3
ip address 172.16.123.3 255.255.255.0
no ip redirects
ip nhrp map 172.16.123.1 123.1.1.1
ip nhrp map multicast 123.1.1.1
ip nhrp network-id 10
ip nhrp nhs 172.16.123.1
ip nhrp cache non-authoritative
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile A

热心网友 时间：2024-11-23 21:37

PC不能ping通R2的原因是，R2上没有去往PC的路由，应该要在R2上添加两条路由，以便能到达PC。不过这是做VPN，要ping通R2意义不大吧？NAT用不上。通常情况下，全网互通，R1、R2和R3都得有4条路由（全网就4个网段）。

热心网友 时间：2024-11-23 21:37

你这样没法回答阿，VPN有很多种，配法都不一样的，而且还要看拓扑。