案例拓扑图
思科(3640)实现
Step 1:A路由器的基本配置
A(config)#do sho run
Building configuration...
Current configuration : 1410 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key 123 address 61.130.132.1
crypto isakmp key 123 address 61.130.133.1
!
!
crypto ipsec transform-set vpnc ah-md5-hmac esp-des esp-md5-hmac
crypto ipsec transform-set vpnb ah-md5-hmac esp-des esp-md5-hmac
!
crypto map vpn-set 100 ipsec-isakmp
set peer 61.130.132.1
set transform-set vpnb
match address 110
crypto map vpn-set 200 ipsec-isakmp
set peer 61.130.133.1
set transform-set vpnc
match address 120
!
!
!
!
!
interface Loopback0
ip address 192.168.1.254 255.255.255.0
!
interface FastEthernet0/0
ip address 61.130.131.1 255.255.255.252
duplex auto
speed auto
crypto map vpn-set
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 61.130.131.2
!
!
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End
Step 2:路由器B的配置
B(config)#do sho run
Building configuration...
Current configuration : 1125 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key 123 address 61.130.131.1
!
!
crypto ipsec transform-set vpna ah-md5-hmac esp-des esp-md5-hmac
!
crypto map vpn-set 100 ipsec-isakmp
set peer 61.130.131.1
set transform-set vpna
match address 110
!
!
!
!
interface Loopback0
ip address 192.168.2.254 255.255.255.0
!
interface FastEthernet0/0
ip address 61.130.132.1 255.255.255.252
duplex auto
speed auto
crypto map vpn-set
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 61.130.132.2
!
!
access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End
Step 3:路由器C的配置
C(config)#do sho run
Building configuration...
Current configuration : 1125 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
ip domain name lab.local
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key 123 address 61.130.131.1
!
!
crypto ipsec transform-set vpna ah-md5-hmac esp-des esp-md5-hmac
!
crypto map vpn-set 100 ipsec-isakmp
set peer 61.130.131.1
set transform-set vpna
match address 110
!
!
!
!
interface Loopback0
ip address 192.168.3.254 255.255.255.0
!
interface FastEthernet0/0
ip address 61.130.133.1 255.255.255.252
duplex auto
speed auto
crypto map vpn-set
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 61.130.133.2
!
!
access-list 110 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
End
Step 4:ISP配置,核心配置就是三个接口地址
interface FastEthernet0/0
ip address 61.130.131.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 61.130.132.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 61.130.133.2 255.255.255.252
duplex auto
speed auto
!
Step 5:测试
从路由器A使用扩展PING,ping 路由器B
从路由器A使用扩展PING,ping 路由器C
本文转自 chenming421 51CTO博客,原文链接:http://blog.51cto.com/wnqcmq/1180931