ASA配置L2L 虚拟隧道
R1配置:
interface FastEthernet0/0
ip address 12.1.1.1 255.255.255.0
interface FastEthernet0/1
ip address 202.100.1.1 255.255.255.0
R2配置:
interface Loopback0
ip address 2.2.2.2 255.255.255.0
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.1.1.1
R2 虚拟隧道配置:
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key cisco address 202.100.1.10
ip access-list extended vpn
permit ip 2.2.2.0 0.0.0.255 3.3.3.0 0.0.0.255
crypto ipsec transform-set cisco esp-3des esp-sha-hmac
crypto map cisco 10 ipsec-isakmp
set peer 202.100.1.10
set transform-set cisco
match address vpn
interface FastEthernet0/0
crypto map cisco
R3配置
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface FastEthernet0/0
ip address 13.1.1.3 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.1.1.10
ASA配置:
interface GigabitEthernet0
nameif outside
security-level 0
ip address 202.100.1.10 255.255.255.0
no shutdown
interface GigabitEthernet1
nameif inside
security-level 100
ip address 10.1.1.10 255.255.255.0
no shutdown
route outside 0 0 202.100.1.1
route inside 3.3.3.0 255.255.255.0 10.1.1.3
ASA 虚拟隧道 配置:
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 5
tunnel-group 12.1.1.2 type ipsec-l2l
tunnel-group 12.1.1.2 ipsec-attributes
ikev1 pre-shared-key cisco
crypto ipsec ikev1 transform-set cisco esp-3des esp-sha-hmac
crypto map cisco 10 match address vpn
crypto map cisco 10 set peer 12.1.1.2
crypto map cisco 10 set ikev1 transform-set cisco
crypto map cisco interface outside
测试:R3 环回口 ping R2 环回口
R3#ping 2.2.2.2 source 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 mseconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
6232
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
