[CCNP认证实验之三]Remote access vpn 
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://im9527.blog.51cto.com/61250/73300 |
结合之前的文章,更加深入地掌握easy vpn的配置. 网络拓扑图:
 VPN-Server配置:
VPN-Server#
*Apr 24 12:00:31: %SYS-5-CONFIG_I: Configured from console by consolec Building configuration... Current configuration : 2510 bytes
! version 12.4 service timestamps debug datetime service timestamps log datetime service password-encryption ! hostname VPN-Server ! boot-start-marker boot-end-marker ! enable password 7 082A ! aaa new-model ! ! aaa authentication login VPN-LOGIN local aaa authorization network remote-vpn-group local ! aaa session-id common ! resource policy ! clock timezone China 8 ip subnet-zero ! ! ip cef no ip domain lookup no ip dhcp use vrf connected ip dhcp excluded-address 10.1.100.1 10.1.100.10 ! ip dhcp pool remote-vpn network 10.1.100.0 255.255.255.0 subnet prefix-length 24 dns-server 202.96.128.166 domain-name gdhlt.vpn ! ! no ip bootp server ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! username dika password 7 0512091A20424A041C ! ! ! crypto isakmp policy 100 hash md5 authentication pre-share group 2 crypto isakmp keepalive 20 10 crypto isakmp xauth timeout 60 !
crypto isakmp client configuration group remote-vpn-group key cisco domain gdhlt.vpn pool VPN-POOL acl 101 ! ! crypto ipsec transform-set remote-vpn esp-des esp-md5-hmac ! crypto dynamic-map remote-vpn 1 set transform-set remote-vpn reverse-route ! ! crypto map VPN-MAP client authentication list VPN-LOGIN crypto map VPN-MAP isakmp authorization list remote-vpn-group crypto map VPN-MAP client configuration address respond crypto map VPN-MAP 1 ipsec-isakmp dynamic remote-vpn ! ! ! ! interface Loopback0 ip address 10.1.200.1 255.255.255.0 secondary ip address 10.1.100.1 255.255.255.0 ! interface FastEthernet0/0 no ip address shutdown duplex half ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! interface FastEthernet2/0 ip address 10.1.1.11 255.255.255.0 duplex auto speed auto crypto map VPN-MAP ! interface FastEthernet2/1 no ip address shutdown duplex auto speed auto ! ip local pool VPN-POOL 10.1.200.30 10.1.200.40 ip classless ! no ip http server no ip http secure-server ! ! access-list 101 permit ip 10.1.100.0 0.0.0.255 any access-list 101 permit ip 10.1.200.0 0.0.0.255 any ! ! ! ! control-plane ! ! ! ! ! ! gatekeeper shutdown ! alias exec s cop run startup-config alias exec c sh run alias exec a sh ip int bri alias exec r sh ip route ! line con 0 VPN-Client的配置:
  查看本地IP地址:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter 本地连接 9:
Connection-specific DNS Suffix . : gdhlt.vpn
IP Address. . . . . . . . . . . . : 10.1.200.33 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : fe80::205:9aff:fe3c:7800%12 Default Gateway . . . . . . . . . : 查看本地路由表:
C:\>route print
=========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 18 de 19 9c 8f ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Deterministic Network Enhancer Miniport 0x3 ...00 16 41 aa 35 82 ...... Intel(R) PRO/1000 PL Network Connection - Deterministic Network Enhancer Miniport 0x4 ...00 60 73 e2 2a b4 ...... SonicWALL VPN Adapter - Deterministic Network Enhancer Miniport 0x5 ...00 ff 54 dc a9 3f ...... TAP-Win32 Adapter V9 - Deterministic Network Enhancer Miniport 0x40007 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Deterministic Network Enhancer Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.1.1.254 10.1.1.60 1 10.1.1.0 255.255.255.0 10.1.1.60 10.1.1.60 20 10.1.1.11 255.255.255.255 10.1.1.60 10.1.1.60 1 10.1.1.60 255.255.255.255 127.0.0.1 127.0.0.1 20 10.1.100.0 255.255.255.0 10.1.200.1 10.1.200.33 1 10.1.200.0 255.255.255.0 10.1.200.33 10.1.200.33 20 10.1.200.0 255.255.255.0 10.1.200.1 10.1.200.33 1 10.1.200.33 255.255.255.255 127.0.0.1 127.0.0.1 20  C:\>ping 10.1.200.1
Pinging 10.1.200.1 with 32 bytes of data:
Reply from 10.1.200.1: bytes=32 time=55ms TTL=255
Reply from 10.1.200.1: bytes=32 time=44ms TTL=255 Reply from 10.1.200.1: bytes=32 time=70ms TTL=255 Reply from 10.1.200.1: bytes=32 time=50ms TTL=255 Ping statistics for 10.1.200.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 44ms, Maximum = 70ms, Average = 54ms C:\>ping 10.1.100.1
Pinging 10.1.100.1 with 32 bytes of data:
Reply from 10.1.100.1: bytes=32 time=42ms TTL=255
Reply from 10.1.100.1: bytes=32 time=67ms TTL=255 Reply from 10.1.100.1: bytes=32 time=67ms TTL=255 Reply from 10.1.100.1: bytes=32 time=54ms TTL=255 Ping statistics for 10.1.100.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 42ms, Maximum = 67ms, Average = 57ms C:\>
查看路由器的状态:
VPN-Server#sh crypto isakmp sa
dst src state conn-id slot status 10.1.1.11 10.1.1.60 QM_IDLE 2 0 ACTIVE VPN-Server#sh crypto engine connections active
ID Interface IP-Address State Algorithm Encrypt Decrypt
1 FastEthernet2/0 10.1.1.11 alloc NONE 0 0 2 FastEthernet2/0 10.1.1.11 set HMAC_MD5+DES_56_CB 0 0 2001 FastEthernet2/0 10.1.1.11 set DES+MD5 0 68 2002 FastEthernet2/0 10.1.1.11 set DES+MD5 3 0 2003 FastEthernet2/0 10.1.1.11 set DES+MD5 0 64 2004 FastEthernet2/0 10.1.1.11 set DES+MD5 12 0 本文出自 “永不停息的脚步” 博客,请务必保留此出处http://im9527.blog.51cto.com/61250/73300 本文出自 51CTO.COM技术博客 |
netocool
博客统计信息
热门文章
最新评论
友情链接