cisco vpn管理端设置

发布时间:2017-03-21 14:00

网络交换机的设置方法那是比较多的,要视具体情况而定,有不少网友不知道cisco vpn管理端怎么设置?下面小编为大家讲解具体设置方法,供你参考!

cisco vpn管理端设置命令

R1的配置

基本端口配置

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#int fa 0/0

Router(config-if)#ip add 172.16.0.1 255.255.0.0

Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

Router(config-if)#int fa 1/0

Router(config-if)#ip add 100.0.0.1 255.255.255.252

Router(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to down

Router(config-if)#exit

Router(config)#host

Router(config)#hostname R1

R1(config)#

默认路由

R1(config)#ip route 0.0.0.0 0.0.0.0 100.0.0.2

NAT的配置

R1(config)#acc 1 per172.16.10.0 0.0.0.255

R1(config)#acc 1 deny 172.16.0.0 0.0.255.0

R1(config)#ip nat pool xinbin 100.0.0.1 100.0.0.1 netmask 255.255.255.252

R1(config)#ip nat inside source list 1 p

R1(config)#ip nat inside source list 1 pool xinbin o

R1(config)#ip nat inside source list 1 pool xinbin overload

R1(config)#int fa 0/0

R1(config-if)#ip nat inside

R1(config-if)#int fa 1/0

R1(config-if)#ip nat outside

R1(config-if)#exit

ACL的配置

R1(config)#acc 110 per ip 172.16.10.0 0.0.0.255 10.10.33.0 0.0.0.255

R1(config)#acc 110 deny ip 172.16.0.0 0.0.255.255 10.10.33.0 0.0.0.255

R1(config-if)#acc 110 per ip any any

R1(config)#int fa 0/0

R1(config-if)#ip acc 110 in

R1(config-if)#int fa 1/0

R1(config-if)#ip acc 110 out

VPN的配置

R1(config)#crypto isakmp p 1

R1(config-isakmp)#cry

R1(config-isakmp)#g 2

R1(config-isakmp)#a p

R1(config-isakmp)#exit

R1(config)#cry

R1(config)#crypto key xinbin add 200.0.0.1

^

% Invalid input detected at '^' marker.

R1(config)#cry

R1(config)#crypto is

R1(config)#crypto isakmp key xinbin add 200.0.0.1

R1(config)#cry

R1(config)#cry ip

R1(config)#cry ipsec t

R1(config)#cry ipsec transform-set ah-m

R1(config)#cry ipsec transform-set ah-m

R1(config)#cry ipsec transform-set ah-md

R1(config)#cry ipsec transform-set vpntag ha

R1(config)#cry ipsec transform-set vpntag ah-m

R1(config)#cry ipsec transform-set vpntag ah-md5-hmac esp-des

R1(config)#cry ipsec transform-set vpntag ah-md5-hmac esp-des

R1(config)#access-list 10 per 172.16.10.0 0.0.0.255

R1(config)#cry map vpndemo 10 ipsec

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.

R1(config-crypto-map)#set peer 200.0.0.1

R1(config-crypto-map)#set transform-set vpntag

R1(config-crypto-map)#match address 101

R1(config-crypto-map)#exit

R1(config)#int t 0

%LINK-5-CHANGED: Interface Tunnel0, changed state to up

R1(config-if)#ip add 192.168.1.1 255.255.255.0

R1(config-if)#tunn s fa 1/0

R1(config-if)#tun d 200.0.0.1

R1(config-if)#exit

R1(config)#

R1(config)#int fa 0/0

R1(config-if)#cry map vpndemo

*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R1(config-if)#exit

^

% Invalid input detected at '^' marker.

R1(config-if)#exit

R1(config)#int fa 1/0

R1(config-if)#cry map vpndemo

R1(config-if)#exit

R1(config)#

Router(config)#ip route 0.0.0.0 0.0.0.0 100.0.0.2

Router(config)#ip route 10.10.33.0 255.255.255.0 192.168.1.2

Router(config)#access-list 101 permit gre host 100.0.0.1 host 200.0.0.1

R2的配置

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hos R2

R2(config)#int fa 4/0

R2(config-if)#ip add 100.0.0.2 255.255.255.252

R2(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet4/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4/0, changed state to up

R2(config)#int fa 5/0

R2(config-if)#ip add 200.0.0.2 255.255.255.252

R2(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet5/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/0, changed state to up

R2(config-if)#

配置默认路由

R2(config)#ip route 172.16.0.0 255.255.0.0 100.0.0.1

R2(config)#ip route 10.10.33.0 255.255.255.0 200.0.0.1

R3的配置

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hos R3

R3(config)#int fa 0/0

R3(config-if)#ip add 10.10.33.1 255.255.255.0

R3(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R3(config-if)#exit

R3(config)#int fa 1/0

R3(config-if)#ip add 200.0.0.1 255.255.255.252

R3(config-if)#no shut

%LINK-5-CHANGED: Interface FastEthernet1/0, changed state to down

R3(config-if)#exit

R3(config)#ip route 0.0.0.0 0.0.0.0 200.0.0.2

R3(config)#

VPN的配置

R3(config)#crypto isa policy 1

R3(config-isakmp)#a p

R3(config-isakmp)#g 2

R3(config-isakmp)#exit

R3(config)#crypto is

R3(config)#crypto isakmp key xinbin address 100.0.0.1

R3(config)#crypto ipsec t

R3(config)#crypto ipsec transform-set vpntag ah-m

R3(config)#crypto ipsec transform-set vpntag ah-md5-hmac esp-des

R3(config)#access 10 per 10.10.33.0 0.0.0.255

R3(config)#crypto map vpndemo 10 ipsec

% NOTE: This new crypto map will remain disabled until a peer

and a valid access list have been configured.

R3(config-crypto-map)#set pee 100.0.0.1

R3(config-crypto-map)#set t

R3(config-crypto-map)#set transform-set vpntag

R3(config-crypto-map)#match add 101

R3(config-crypto-map)#exit

R3(config)#

R3(config)#int t 0

%LINK-5-CHANGED: Interface Tunnel0, changed state to up

R3(config-if)#ip add 192.168.1.2 255.255.255.0

R3(config-if)#tunn s fa 1/0

R3(config-if)#tun d 100.0.0.1

R3(config-if)#exit

R3(config)#int fa 0/0

R3(config-if)#cry map vpndemo

*Jan 3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R3(config-if)#exit

R3(config)#int fa 1/0

R3(config-if)#cry

R3(config-if)#crypto ma

R3(config-if)#crypto map vpndemo

R3(config-if)#

Router(config)#ip route 0.0.0.0 0.0.0.0 200.0.0.2

Router(config)#ip route 172.16.10..0 255.255.255.0 192.168.1.1

Router(config)#access-list 101 permit gre host 200.0.0.1 host 100.0.0.1

小编分享了cisco vpn管理端怎么设置的解决方法,希望大家喜欢。

cisco vpn管理端设置的评论条评论