IPSec transport mode配置

R1
Router>enable
Router#configure terminal
Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#service timestamps debug datetime localtime
R1(config)#service timestamps log datetime localtime
R1(config)#interface f0/1
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface f0/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface loop0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 12.1.1.2

R1(config)#interface tunnel10
R1(config-if)#tunnel source 12.1.1.1
R1(config-if)#tunnel destination 23.1.1.3
R1(config-if)# ip address 172.16.1.1 255.255.255.0
R1(config-if)#tunnel mode gre ip
R1(config-if)#no shutdown

R1(config)#ip route 192.168.1.0 255.255.255.0 tunnel10

R1(config)#crypto isakmp policy 10
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#encryption des
R1(config-isakmp)#group 2
R1(config-isakmp)#hash md5
R1(config-isakmp)#exit
R1(config)#crypto isakmp key 6 cisco address 23.1.1.3 255.255.255.0

R1(config)#crypto ipsec transform-set cisco esp-des esp-md5-hmac
R1(cfg-crypto-trans)#mode tunnel
R1(cfg-crypto-trans)#exit

R1(config)#ip access-list extended interested
R1(config-ext-nacl)#permit gre host 12.1.1.1 host 23.1.1.3
R1(config-ext-nacl)#exit

R1(config)#crypto map IPSecvpn 10 ipsec-isakmp
R1(config-crypto-map)#set peer 23.1.1.3
R1(config-crypto-map)#set transform-set cisco
R1(config-crypto-map)#match address interested
R1(config-crypto-map)#exit
R1(config)#interface f0/0
R1(config-if)#crypto map IPSecvpn

R1(config)#ip access-list extended nat
R1(config-ext-nacl)#10 permit ip 1.1.1.0 0.0.0.255 any
R1(config-ext-nacl)#exit
R1(config)#int loop0
R1(config-if)#ip nat inside
R1(config-if)#int s0/0
R1(config-if)#ip nat outside
R1(config-if)#exit
R1(config)#ip nat inside source list nat int f0/0 overload

R3
Router>enable
Router#configure terminal
Router(config)#hostname R3
R3(config)#no ip domain-lookup
R3(config)#service timestamps debug datetime localtime
R3(config)#service timestamps log datetime localtime
R3(config)#interface f0/0
R3(config-if)#ip address 192.168.1.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface f0/1
R3(config-if)#ip address 23.1.1.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit

R3(config)#ip route 0.0.0.0 0.0.0.0 23.1.1.2
R3(config)#interface tunnel11
R3(config-if)#tunnel source 23.1.1.3
R3(config-if)#tunnel destination 12.1.1.1
R3(config-if)# ip address 172.16.1.3 255.255.255.0
R3(config-if)#tunnel mode gre ip
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#ip route 10.1.1.0 255.255.255.0 tunnel11

R3(config)#crypto isakmp policy 10
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#encryption des
R3(config-isakmp)#group 2
R3(config-isakmp)#hash md5
R3(config-isakmp)#exit
R3(config)#crypto isakmp key 6 cisco address 12.1.1.1 255.255.255.0

R3(config)#crypto ipsec transform-set cisco esp-des esp-md5-hmac
R3(cfg-crypto-trans)#mode tunnel
R3(cfg-crypto-trans)#exit

R3(config)#ip access-list extended interested
R3(config-ext-nacl)#permit gre host 23.1.1.3 host 12.1.1.1
R3(config-ext-nacl)#exit

R3(config)#crypto map IPSecvpn 10 ipsec-isakmp
R3(config-crypto-map)#set peer 12.1.1.1
R3(config-crypto-map)#set transform-set cisco
R3(config-crypto-map)#match address interested
R3(config-crypto-map)#exit

R3(config)#interface serial 0/1
R3(config-if)#crypto map IPSecvpn

时间： 2024-10-10 10:44:35

IPSec transport mode配置

IPSec transport mode配置的相关文章

IPSEC VPN 的配置实例

Cisco 3640系列IPsec VPN简单配置

H3C ipsec ike 协商配置

7200的GRE（隧道）+ipsec(传输模式+pre-share)配置

ASA 5520（IOS version 8.4） IKEv2 IPSEC VPN实验配置

IPSec VPN经典配置

ip-sec VPN 基本配置实验

Cisco路由器配置GRE over IPsec

华为USG防火墙 IPsec VPN配置