配置基于硬件的Ez×××（使用dynamic crypto map）

最新推荐文章于 2024-02-21 22:20:01 发布

weixin_34101229

最新推荐文章于 2024-02-21 22:20:01 发布

阅读量310

点赞数

原文链接：http://blog.51cto.com/somejunbao/534296

版权

R1#sh run
Building configuration...

Current configuration : 1506 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login noacs line none
aaa authentication login remote local
aaa authorization network remote local
!
aaa session-id common
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username remote password 0 cisco
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group ez***
key cisco
pool remotepool
crypto isakmp profile IsaProfile
   match identity group ez***
   client authentication list remote
   isakmp authorization list remote
   client configuration address respond
!
!
crypto ipsec transform-set Trans esp-des esp-md5-hmac
!
crypto dynamic-map Dymap 10
set transform-set Trans
set isakmp-profile IsaProfile
reverse-route
!
!
crypto map StaticMap 10 ipsec-isakmp dynamic Dymap
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 121.233.1.1 255.255.255.0
duplex auto
speed auto
crypto map StaticMap
!
ip local pool remotepool 192.168.1.150 192.168.1.200
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication noacs
line aux 0
login authentication noacs
line vty 0 4
!
!
end

R1#

=====================================================

R2#sh run
Building configuration...

Current configuration : 937 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto ipsec client ez*** cisco
connect auto
group ez*** key cisco
mode client
peer 121.233.1.1
xauth userid mode interactive
!
!
!
!
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
crypto ipsec client ez*** cisco inside
!
interface Loopback1
ip address 192.168.1.150 255.255.255.255
!
interface FastEthernet0/0
ip address 121.233.1.2 255.255.255.0
duplex auto
speed auto
crypto ipsec client ez*** cisco
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end