注册 | 登录 忘记密码? 51cto首页 | 博客 | 论坛 | 招聘
热点文章 IB客座主编(四)美国西蒙公..
 帮助
《案例精解企业级网络构建》赠书活动开始啦!  最新活动:“Web安全大家谈”有奖征文 博主的更多文章>>

一点对多点的VPN配置体验(转载)

2007-05-21 16:28:06
 标签:VPN配置   [推送到技术圈]

点对多点的VPN配置体验(欢迎指教)
如图:自己画了拓扑,有些乱。

[ 本帖最后由 冰雪寒 于 2006-6-9 13:44 编辑 ]

 


access-list 101 permit ip host 111.111.111.1 255.255.255.0 222.222.222.1 255.255.255.0
access-list 102 permit ip host 100.100.100.1 255.255.255.0 222.222.222.1 255.255.255.0

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 20 ipsec-isakmp
crypto map newmap 20 match address 101
crypto map newmap 20 set peer 111.111.111.1
crypto map newmap 20 set transform-set myset

crypto map newmap 30 ipsec-isakmp
crypto map newmap 30 match address 102
crypto map newmap 30 set peer 100.100.100.1
crypto map newmap 30 set transform-set myset
crypto map newmap interface outside
isakmp enable outside
isakmp key ******** address 111.111.111.1 netmask 255.255.255.255
no-xauth no-config-mode
isakmp key ******** address 100.100.100.1 netmask 255.255.255.255
no-xauth no-config-mode
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
access-list 110 permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 110
crypto map newmap 10 set peer 222.222.222.1
crypto map newmap 10 set transform-set myset
crypto map newmap interface outside
isakmp enable outside
isakmp key ******** address 222.222.222.1 netmask 255.255.255.255
no-xauth no-config-mode
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
access-list 110 permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 110
crypto map newmap 10 set peer 222.222.222.1
crypto map newmap 10 set transform-set myset
crypto map newmap interface outside
isakmp enable outside
isakmp key ******** address 222.222.222.1  netmask 255.255.255.255
no-xauth no-config-mode
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 1000
转载自冰雪寒的文章http://bbs.51cto.com/thread-20620-1-1.html




    相关文章
站点间动态IP地址实现VPN配置实例
Cisco路由器VPN配置
Mobile IP + NAT实现VPN配置1例[ITAA网络实..
Windows 2003 + ISA 2006+单网卡VPN配置(4)
Windows 2003 + ISA 2006+单网卡VPN配置(5)
Windows 2003 + ISA 2006+单网卡VPN配置(3)
Windows 2003 + ISA 2006+单网卡VPN配置(1)
站点到站点VPN配置不完整解决方案
vpn配置
Cisco Hub-Spoke三层VPN配置指导
    文章评论
 
 

发表评论

昵   称:
验证码:  点击图片可刷新验证码  博客过2级,无需填写验证码
内   容: