View Full Version : Tìm cấu hình mẫu VPN client qua Router có IPSEC, IP Plus
Hi mọi người,
Mình muốn tìm cấu hình mẫu (đã chạy tốt) sử dụng VPN Client quay vào Router (không xài PIX)?
Xin giúp đỡ.
Cám ơn.
admin
24-04-2004, 12:05 AM
hi
thử cấu hình này nhé:
Cấu hình host Headquarter
hostname hq
!
username cisco123 password 0 cisco123
username 123cisco password 0 123cisco
!
crypto isakmp policy 5
hash md5
authentication pre-share
crypto isakmp key cisco123 address 10.64.20.45
crypto isakmp key 123cisco address 0.0.0.0
crypto isakmp client configuration address-pool local test-pool
!
crypto ipsec transform-set testset esp-des esp-md5-hmac
mode transport
!
crypto dynamic-map test-dynamic 10
set transform-set testset
!
crypto map test client configuration address initiate
crypto map test client configuration address respond
!
crypto map test 5 ipsec-isakmp
set peer 10.64.20.45
set transform-set testset
match address 115
!
crypto map test 10 ipsec-isakmp dynamic test-dynamic
!
interface FastEthernet0/0
ip address 192.168.100.1 255.255.255.0
no ip directed-broadcast
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip address 10.64.10.44 255.255.255.0
no ip directed-broadcast
ip nat outside
no fair-queue
crypto map test
!
ip local pool test-pool 192.168.1.1 192.168.1.254
ip nat inside source route-map nonat interface Serial0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.64.10.43
ip http server
!
access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.100.0 0.0.0.255 any
access-list 115 deny ip any 192.168.100.0 0.0.0.255
access-list 115 permit ip any any
!
route-map nonat permit 10
match ip address 110
Cấu hình host Internet
hostname Internet
!
ip subnet-zero
no ip domain-lookup
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
interface Serial0
ip address 10.64.20.42 255.255.255.0
no fair-queue
clockrate 64000
!
interface Serial1
ip address 10.64.10.43 255.255.255.0
clockrate 64000
!
ip classless
ip route 10.64.10.0 255.255.255.0 Serial1
ip route 10.64.20.0 255.255.255.0 Serial0
Cấu hình host Branch
hostname Branch
!
ip subnet-zero
!
crypto isakmp policy 5
hash md5
authentication pre-share
crypto isakmp key cisco123 address 10.64.10.44
!
crypto ipsec transform-set testset esp-des esp-md5-hmac
mode transport
!
crypto map test 5 ipsec-isakmp
set peer 10.64.10.44
set transform-set testset
match address 115
!
interface Ethernet0
ip address 192.168.200.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0
ip address 10.64.20.45 255.255.255.0
no ip directed-broadcast
ip nat outside
crypto map test
!
ip nat inside source route-map nonat interface Serial0 overload
ip route 0.0.0.0 0.0.0.0 10.64.20.42
!
access-list 110 deny ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 115 deny ip any 192.168.200.0 0.0.0.255
access-list 115 permit ip any any
route-map nonat permit 10
match ip address 110
End!
Ghi chú: để có thể thử nghiệm VPN, phiên bản IOS cần là IPSec/DES.http://www.vnpro.org/forum/download.php?id=580
Powered by vBulletin® Version 4.1.9 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.