先说下实验背景。远程用户希望通过×××技术,安全访问总部的内部服务器。实验拓扑图如下:Router1模拟总部路由,Router4模拟远程路由,Router3模拟分部路由。实验红色注解的地方,大家详看。PC0模拟内部服务器。理论部分见我的×××分类上篇博文)
实验结果验证:PC0 PING PC1(说明:在没有做×××之前,PC0是不能PINGPC1的,完成实验后,在PC0 PING PC1的开始阶段属于协商阶段会丢包,属于正常现象,等会就好了。)
PC0 IP:192.168.1.2 ga:192.168.1.1 PC1: IP:192.168.2.2 ga:192.168.2.1
实验结果验证:PC0 PINGPC1
实验结果附件已经上传。
 
Zongbu 路由配置: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#host zongbu
zongbu(config)#int f 0/0
zongbu(config-if)#ip add 100.1.1.1 255.255.255.0
zongbu(config-if)#no shut
zongbu(config-if)#exit
zongbu(config)#int f 0/1
zongbu(config-if)#ip add 200.1.1.1 255.255.255.0
zongbu(config-if)#no shut
zongbu(config-if)#exit
      
fengbu 路由配置:

       Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#host fengbu
fengbu(config)#int f 0/1
fengbu(config-if)#ip add 192.168.1.1 255.255.255.0
fengbu(config-if)#no shut
fengbu(config-if)#exit
fengbu(config)#int f 0/0
fengbu(config-if)#ip add 100.1.1.2 255.255.255.0
fengbu(config-if)#no shut
fengbu(config)#crypto isakmp policy 10

fengbu(config-isakmp)#encryption 3des

fengbu(config-isakmp)#hash md5

fengbu(config-isakmp)#authentication pre-share

fengbu(config)#crypto isakmp key tom address 200.1.1.2

fengbu(config)#crypto ipsec transform-set jizhen esp-3des esp-md5-hmac

fengbu(config)#crypto map tom 10 ipsec-isakmp ?

fengbu(config-crypto-map)#set peer 200.1.1.2

fengbu(config-crypto-map)#set transform-set jizhen

fengbu(config-crypto-map)#match address 101

fengbu(config-crypto-map)#exit

fengbu(config)#access-list 101 permit ip 192.168.1.0 <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />0.0.0.255 192.168.2.0 0.0.0.255

fengbu(config)#int f 0/0
fengbu(config-if)#crypto map tom
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
fengbu(config-if)#no shut
fengbu(config-if)#exit
fengbu(config)#ip route 0.0.0.0 0.0.0.0 100.1.1.1

 

yuancheng 路由配置:

outer>en
Router#conf t
Router(config)#:host yuancheng
yuancheng(config)#int f 0/1
yuancheng(config-if)#ip add 200.1.1.2 255.255.255.0
yuancheng(config-if)#no shut
yuancheng(config-if)#exit
yuancheng(config)#int f 0/0
yuancheng(config-if)#ip add 192.168.2.1 255.255.255.0
yuancheng(config-if)#no shut
yuancheng(config-if)#exit
yuancheng(config)#crypto isakmp policy 10

yuancheng(config-isakmp)#encryption 3des

yuancheng(config-isakmp)#hash md5

yuancheng(config-isakmp)#authentication pre-share

yuancheng(config)#crypto isakmp key tom address 100.1.1.2

yuancheng(config)#crypto ipsec transform-set jizhen esp-3des esp-md5-hmac

yuancheng(config)#crypto map tom 10 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer

        and a valid access list have been configured.

yuancheng(config-crypto-map)#set transform-set jizhen

yuancheng(config-crypto-map)#set peer 100.1.1.2

yuancheng(config-crypto-map)#match address 101

yuancheng(config-crypto-map)#exit

yuancheng(config)#access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

yuancheng(config)#int f 0/1
yuancheng(config-if)#crypto map tom
*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
yuancheng(config-if)#no shut
yuancheng(config-if)#exit
yuancheng(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.1