文章来源: CISCO中文社区
使用CISCO客户端的EZVPN配置方法,近日整理了一下,发上来,好的话请支持哈。
EZVPN server的配置 部分图片不能转载原文请参见 :http://www.51chongdian.com/52network/dispbbs.asp?boardid=124&id=12659
EZVPN server的配置:
hostname SERVER
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Wo/W$hfrOeI3NxEM0m8sFiegdS/
!
username cisco password 0 cisco
memory-size iomem 5
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ezvpn local
aaa authorization network ezvpn local
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
!
!
ip cef
ip ips po max-events 100
no ftp-server write-enable
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group ccie
key itmop
dns 10.10.10.110
domain cisco.com
pool ccie
acl 100
save-password
crypto ipsec transform-set ccnp esp-3des esp-sha-hmac
crypto dynamic-map dezvpn 10
set transform-set ccnp
reverse-route
crypto map abc client authentication list ezvpn
crypto map abc isakmp authorization list ezvpn
crypto map abc client configuration address respond
crypto map abc 10 ipsec-isakmp dynamic dezvpn
interface Ethernet0/0
no ip address
shutdown
half-duplex
!
interface Ethernet0/1
ip address 172.16.23.3 255.255.255.0
half-duplex
crypto map abc
!
interface Ethernet0/2
ip address 10.10.10.100 255.255.255.0
half-duplex
!
ip local pool ccie 192.168.1.50 192.168.1.100
ip http server
no ip http secure-server
ip classless
ip route 172.16.0.0 255.255.255.0 172.16.23.2
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
End
中间router:
r2#sh run
Building configuration...
Current configuration : 846 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r2
no ip domain lookup
ip cef
ip ips po max-events 100
no ftp-server write-enable
interface Ethernet0/0
no ip address
shutdown
half-duplex
!
interface Ethernet0/1
ip address 172.16.23.2 255.255.255.0
half-duplex
!
interface Ethernet0/2
ip address 172.16.0.1 255.255.255.0
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
ip http server
no ip http secure-server
ip classless
control-plane
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
End
PC做的VPN客户端
监控:
r3#sh crypto ipsec sa
interface: Ethernet0/1
Crypto map tag: abc, local addr. 172.16.23.3
protected vrf:
local
ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.1.52/255.255.255.255/0/0)
current_peer: 172.16.0.105:500
PERMIT, flags={}
#pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 172.16.23.3, remote crypto endpt.: 172.16.0.105
path mtu 1500, media mtu 1500
current outbound spi: 861DEEFF
inbound esp sas:
spi: 0x4A4FD3F3(1246745587)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2000, flow_id: 3, crypto map: abc
crypto engine type: Software, engine_id: 1
sa timing: remaining key lifetime (k/sec): (4524103/1165)
ike_cookies: 4A903E7A D86EEA22 40900E13 9BF9B7C9
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x861DEEFF(2250108671)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2001, flow_id: 4, crypto map: abc
crypto engine type: Software, engine_id: 1
sa timing: remaining key lifetime (k/sec): (4524102/1165)
ike_cookies: 4A903E7A D86EEA22 40900E13 9BF9B7C9
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
r3#sh crypto isakmp sa
dst src state conn-id slot
172.16.23.3 172.16.0.105 QM_IDLE 2 0
r3#sh crypto session
Crypto session current status
Interface: Ethernet0/1
Session status: UP-ACTIVE
Peer: 172.16.0.105/500
IKE SA: local 172.16.23.3/500 remote 172.16.0.105/500 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 192.168.1.52
Active SAs: 2, origin: dynamic crypto map
CISCO EZVPN 配置 VPN IOS CCSP 网络安全
8512
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
