Center#sh run
Building configuration...
Current configuration : 2253 bytes
!
! Last configuration change at 13:34:02 CET Fri Apr 25 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Center
!
boot-start-marker
boot-end-marker
!
!
enable password cisco
!
aaa new-model
!
!
aaa authentication login noacs line none
aaa authentication login xauth-authen local
aaa authorization network mcfg-author local
!
!
!
!
!
aaa session-id common
!
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
username ipsecuser password 0 yeslabccies
username cisco privilege 0 password 0 cisco
!设置用户,0等级没有任何权限 只能登陆EZ×××
username admin password 0 admin
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group ipsecgroup
key yeslabccies
!EZ×××客户端设置的组名和密码
pool ippool
save-password
!
!
crypto ipsec transform-set ez***set esp-des esp-md5-hmac
!
!
!
crypto dynamic-map dymap 10
set transform-set ez***set
!
!
crypto map cry-map client authentication list xauth-authen
crypto map cry-map isakmp authorization list mcfg-author
crypto map cry-map client configuration address respond
crypto map cry-map 10 ipsec-isakmp dynamic dymap
!
!
!
!
!
interface Ethernet0/0
ip address 61.128.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
crypto map cry-map
!
interface Ethernet0/1
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
ip local pool ippool 123.1.1.100 123.1.1.200
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list natout interface Ethernet0/0 overload
ip route 0.0.0.0 0.0.0.0 61.128.1.10
!
ip access-list extended natout
deny ip any 123.0.0.0 0.255.255.255
permit ip 10.1.1.0 0.0.0.255 any
!注意NAT 剔除访问EZ×××流量
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication noacs
line aux 0
login authentication noacs
line vty 0 4
password cisco
transport input all
!
!
end
Center#
转载于:https://blog.51cto.com/zhangshj/1592017