一、基本配置:ip
r1(config)#int fa0/0
r1(config-if)#no shutdown
r1(config-if)#ip add 199.1.1.1 255.255.255.0
r1(config-if)#int loo 0
r1(config-if)#ip add 10.1.1.100 255.255.255.0
r1(config-if)#no shutdown
r1(config-if)#ip add 199.1.1.1 255.255.255.0
r1(config-if)#int loo 0
r1(config-if)#ip add 10.1.1.100 255.255.255.0
r2(config)#int fa0/0
r2(config-if)#no shutdown
r2(config-if)#ip add 199.1.1.2 255.255.255.0
r2(config-if)#int fa1/0
r2(config-if)#no shutdown
r2(config-if)#ip add 200.1.1.1 255.255.255.0
r2(config-if)#no shutdown
r2(config-if)#ip add 199.1.1.2 255.255.255.0
r2(config-if)#int fa1/0
r2(config-if)#no shutdown
r2(config-if)#ip add 200.1.1.1 255.255.255.0
r3(config)#int fa0/0
r3(config-if)#no shutdown
r3(config-if)#ip add 200.1.1.2 255.255.255.0
r3(config-if)#int fa1/0
r3(config-if)#no sh
r3(config-if)#ip add 201.1.1.1 255.255.255.0
r3(config-if)#int fa2/0
r3(config-if)#no shutdown
r3(config-if)#ip add 202.1.1.1 255.255.255.0
r3(config-if)#int fa3/0
r3(config-if)#no shutdown
r3(config-if)#ip add 203.1.1.1 255.255.255.0
r3(config-if)#no shutdown
r3(config-if)#ip add 200.1.1.2 255.255.255.0
r3(config-if)#int fa1/0
r3(config-if)#no sh
r3(config-if)#ip add 201.1.1.1 255.255.255.0
r3(config-if)#int fa2/0
r3(config-if)#no shutdown
r3(config-if)#ip add 202.1.1.1 255.255.255.0
r3(config-if)#int fa3/0
r3(config-if)#no shutdown
r3(config-if)#ip add 203.1.1.1 255.255.255.0
r4(config)#int fa0/0
r4(config-if)#no shutdown
r4(config-if)#ip add 201.1.1.2 255.255.255.0
r4(config-if)#int loo 0
r4(config-if)#ip add 172.16.1.100 255.255.255.0
r4(config-if)#no shutdown
r4(config-if)#ip add 201.1.1.2 255.255.255.0
r4(config-if)#int loo 0
r4(config-if)#ip add 172.16.1.100 255.255.255.0
r5(config)#int fa0/0
r5(config-if)#no shutdown
r5(config-if)#ip add 202.1.1.2 255.255.255.0
r5(config-if)#int loo 0
r5(config-if)#ip add 172.16.2.100 255.255.255.0
r5(config-if)#no shutdown
r5(config-if)#ip add 202.1.1.2 255.255.255.0
r5(config-if)#int loo 0
r5(config-if)#ip add 172.16.2.100 255.255.255.0
r6(config)#int fa0/0
r6(config-if)#no shutdown
r6(config-if)#ip add 203.1.1.2 255.255.255.0
r6(config-if)#int loo 0
r6(config-if)#ip add 172.16.3.100 255.255.255.0
r6(config-if)#no shutdown
r6(config-if)#ip add 203.1.1.2 255.255.255.0
r6(config-if)#int loo 0
r6(config-if)#ip add 172.16.3.100 255.255.255.0
二、路由协议宣告:
r1(config)#ip route 0.0.0.0 0.0.0.0 fa0/0
r4(config)#ip route 0.0.0.0 0.0.0.0 fa0/0
r5(config)#ip route 0.0.0.0 0.0.0.0 fa0/0
r6(config)#ip route 0.0.0.0 0.0.0.0 fa0/0
r2(config)#router ospf 1
r2(config-router)#network 199.1.1.0 0.0.0.255 area 1
r2(config-router)#network 200.1.1.0 0.0.0.255 area 0
r2(config-router)#network 199.1.1.0 0.0.0.255 area 1
r2(config-router)#network 200.1.1.0 0.0.0.255 area 0
r3(config)#router ospf 1
r3(config-router)#network 200.1.1.0 0.0.0.255 area 0
r3(config-router)#network 201.1.1.0 0.0.0.255 area 2
r3(config-router)#network 202.1.1.0 0.0.0.255 area 3
r3(config-router)#network 203.1.1.0 0.0.0.255 area 4
r3(config-router)#network 200.1.1.0 0.0.0.255 area 0
r3(config-router)#network 201.1.1.0 0.0.0.255 area 2
r3(config-router)#network 202.1.1.0 0.0.0.255 area 3
r3(config-router)#network 203.1.1.0 0.0.0.255 area 4
三、在总部公司配置:
r1(config)#crypto isakmp enable
r1(config)#crypto isakmp policy 1
r1(config-isakmp)#authentication pre-share
r1(config-isakmp)#encryption des
r1(config-isakmp)#group 1
r1(config-isakmp)#exit
r1(config)#crypto isakmp key 6 abc123 address 201.1.1.2
r1(config-isakmp)#authentication pre-share
r1(config-isakmp)#encryption des
r1(config-isakmp)#group 1
r1(config-isakmp)#exit
r1(config)#crypto isakmp key 6 abc123 address 201.1.1.2
r1(config)#crypto isakmp policy 2
r1(config-isakmp)#authentication pre-share
r1(config-isakmp)#encryption 3des
r1(config-isakmp)#hash md5
r1(config-isakmp)#group 2
r1(config)#crypto isakmp key 6 abc123456 address 202.1.1.2
r1(config-isakmp)#authentication pre-share
r1(config-isakmp)#encryption 3des
r1(config-isakmp)#hash md5
r1(config-isakmp)#group 2
r1(config)#crypto isakmp key 6 abc123456 address 202.1.1.2
r1(config)#crypto isakmp policy 3
r1(config-isakmp)#authentication pre-share
r1(config-isakmp)#encryption des
r1(config-isakmp)#hash sha
r1(config-isakmp)#group 5
r1(config)#crypto isakmp key 6 abc123456789 address 203.1.1.2
r1(config-isakmp)#authentication pre-share
r1(config-isakmp)#encryption des
r1(config-isakmp)#hash sha
r1(config-isakmp)#group 5
r1(config)#crypto isakmp key 6 abc123456789 address 203.1.1.2
r1(config)#access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
r1(config)#crypto ipsec transform-set abc1 esp-des
r1(cfg-crypto-trans)#mode tunnel
r1(cfg-crypto-trans)#exit
r1(config)#crypto ipsec transform-set abc1 esp-des
r1(cfg-crypto-trans)#mode tunnel
r1(cfg-crypto-trans)#exit
r1(config)#crypto map sunwei 1 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r1(config-crypto-map)#set peer 201.1.1.2
r1(config-crypto-map)#set transform-set abc1
r1(config-crypto-map)#match address 101
r1(config-crypto-map)#set pfs group1
r1(config-crypto-map)#exit
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r1(config-crypto-map)#set peer 201.1.1.2
r1(config-crypto-map)#set transform-set abc1
r1(config-crypto-map)#match address 101
r1(config-crypto-map)#set pfs group1
r1(config-crypto-map)#exit
r1(config)#access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.2.0 0.0.0.255
r1(config)#crypto ipsec transform-set abc2 esp-3des esp-md5-hmac
r1(cfg-crypto-trans)#mode tunnel
r1(cfg-crypto-trans)#exit
r1(cfg-crypto-trans)#mode tunnel
r1(cfg-crypto-trans)#exit
r1(config)#crypto map sunwei 2 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r1(config-crypto-map)#set peer 202.1.1.2
r1(config-crypto-map)#set transform-set abc2
r1(config-crypto-map)#match address 102
r1(config-crypto-map)#set pfs group2
r1(config-crypto-map)#exit
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r1(config-crypto-map)#set peer 202.1.1.2
r1(config-crypto-map)#set transform-set abc2
r1(config-crypto-map)#match address 102
r1(config-crypto-map)#set pfs group2
r1(config-crypto-map)#exit
r1(config)#access-list 103 permit ip 10.1.1.0 0.0.0.255 172.16.3.0 0.0.0.255
r1(config)#crypto ipsec transform-set abc3 esp-des esp-sha-hmac
r1(cfg-crypto-trans)#mode tunnel
r1(cfg-crypto-trans)#exit
r1(config)#crypto map sunwei 3 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r1(config-crypto-map)#set peer 203.1.1.2
r1(config-crypto-map)#set transform-set abc3
r1(config-crypto-map)#match address 103
r1(config-crypto-map)#set pfs group5
r1(config-crypto-map)#exit
r1(config)#crypto ipsec transform-set abc3 esp-des esp-sha-hmac
r1(cfg-crypto-trans)#mode tunnel
r1(cfg-crypto-trans)#exit
r1(config)#crypto map sunwei 3 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r1(config-crypto-map)#set peer 203.1.1.2
r1(config-crypto-map)#set transform-set abc3
r1(config-crypto-map)#match address 103
r1(config-crypto-map)#set pfs group5
r1(config-crypto-map)#exit
r1(config)#int fa0/0
r1(config-if)#crypto map sunwei
r1(config-if)#crypto map sunwei
四、在分部公司配置:
r4(config)#crypto isakmp enable
r4(config)#crypto isakmp policy 1
r4(config-isakmp)#authentication pre-share
r4(config-isakmp)#encryption des
r4(config-isakmp)#group 1
r4(config)#crypto isakmp key 6 abc123 address 199.1.1.1
r4(config)#crypto isakmp policy 1
r4(config-isakmp)#authentication pre-share
r4(config-isakmp)#encryption des
r4(config-isakmp)#group 1
r4(config)#crypto isakmp key 6 abc123 address 199.1.1.1
r4(config)#access-list 101 permit ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
r4(config)#crypto ipsec transform-set abc1 esp-des
r4(cfg-crypto-trans)#mode tunnel
r4(cfg-crypto-trans)#exit
r4(config)#crypto ipsec transform-set abc1 esp-des
r4(cfg-crypto-trans)#mode tunnel
r4(cfg-crypto-trans)#exit
r4(config)#crypto map sunwei 1 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r4(config-crypto-map)#set peer 199.1.1.1
r4(config-crypto-map)#set transform-set abc1
r4(config-crypto-map)#match address 101
r4(config-crypto-map)#set pfs group1
r4(config-crypto-map)#exit
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r4(config-crypto-map)#set peer 199.1.1.1
r4(config-crypto-map)#set transform-set abc1
r4(config-crypto-map)#match address 101
r4(config-crypto-map)#set pfs group1
r4(config-crypto-map)#exit
r4(config)#int fa0/0
r4(config-if)#crypto map sunwei
r4(config-if)#crypto map sunwei
r5(config)#crypto isakmp policy 2
r5(config-isakmp)#authentication pre-share
r5(config-isakmp)#encryption 3des
r5(config-isakmp)#hash md5
r5(config-isakmp)#group 2
r5(config-isakmp)#exit
r5(config)#crypto isakmp key 6 abc123456 address 199.1.1.1
r5(config)#access-list 102 permit ip 172.16.2.0 0.0.0.255 10.1.1.0 0.0.0.255
r5(config)#crypto ipsec transform-set abc2 esp-3des esp-md5-hmac
r5(cfg-crypto-trans)#mode tunnel
r5(cfg-crypto-trans)#exit
r5(config)#crypto ipsec transform-set abc2 esp-3des esp-md5-hmac
r5(cfg-crypto-trans)#mode tunnel
r5(cfg-crypto-trans)#exit
r5(config)#crypto map sunwei 2 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r5(config-crypto-map)#set peer 199.1.1.1
r5(config-crypto-map)#set transform-set abc2
r5(config-crypto-map)#match address 102
r5(config-crypto-map)#set pfs group2
r5(config-crypto-map)#exit
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r5(config-crypto-map)#set peer 199.1.1.1
r5(config-crypto-map)#set transform-set abc2
r5(config-crypto-map)#match address 102
r5(config-crypto-map)#set pfs group2
r5(config-crypto-map)#exit
r5(config)#int fa0/0
r5(config-if)#crypto map sunwei
r5(config-if)#crypto map sunwei
r6(config)#crypto isakmp enable
r6(config)#crypto isakmp policy 3
r6(config-isakmp)#authentication pre-share
r6(config-isakmp)#encryption des
r6(config-isakmp)#hash sha
r6(config-isakmp)#group 5
r6(config-isakmp)#exit
r6(config)#crypto isakmp key 6 abc123456789 address 199.1.1.1
r6(config)#crypto isakmp policy 3
r6(config-isakmp)#authentication pre-share
r6(config-isakmp)#encryption des
r6(config-isakmp)#hash sha
r6(config-isakmp)#group 5
r6(config-isakmp)#exit
r6(config)#crypto isakmp key 6 abc123456789 address 199.1.1.1
r6(config)#access-list 103 permit ip 172.16.3.0 0.0.0.255 10.1.1.0 0.0.0.255
r6(config)#crypto ipsec transform-set abc3 esp-des esp-sha-hmac
r6(cfg-crypto-trans)#mode tunnel
r6(cfg-crypto-trans)#exit
r6(config)#crypto ipsec transform-set abc3 esp-des esp-sha-hmac
r6(cfg-crypto-trans)#mode tunnel
r6(cfg-crypto-trans)#exit
r6(config)#crypto map sunwei 3 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r6(config-crypto-map)#set peer 199.1.1.1
r6(config-crypto-map)#set transform-set abc3
r6(config-crypto-map)#set pfs group5
r6(config-crypto-map)#exit
r6(config)#int fa0/0
r6(config-if)#crypto map sunwei
% NOTE: This new crypto map will remain disabled until a peer
and a valid access list have been configured.
r6(config-crypto-map)#set peer 199.1.1.1
r6(config-crypto-map)#set transform-set abc3
r6(config-crypto-map)#set pfs group5
r6(config-crypto-map)#exit
r6(config)#int fa0/0
r6(config-if)#crypto map sunwei
转载于:https://blog.51cto.com/swsj1314520/803976
2129
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
