cisco VPN基本配置-快答二

cisco VPN基本配置

的有关信息介绍如下：

cisco VPN基本配置

PC不能ping通R2的原因是，R2上没有去往PC的路由，应该要在R2上添加两条路由，以便能到达PC。不过这是做VPN，要ping通R2意义不大吧？NAT用不上。通常情况下，全网互通，R1、R2和R3都得有4条路由（全网就4个网段）。

基本的接口配置，静态路由配置省略

基本的VPN：

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

crypto isakmp key cisco1 address 12.12.12.2 255.255.255.0

crypto ipsec transform-set cisco2 esp-3des esp-md5-hmac

crypto map cisco3 10 ipsec-isakmp

set peer 12.12.12.2

set transform-set cisco2

match address vpn12

ip access-list extended vpn12

permit ip host 1.1.1.1 host 2.2.2.2

基本的GRE_over_IPsec

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key ciscokey address 23.23.23.3

crypto ipsec transform-set my_trans esp-des

mode transport

crypto map gre_to_R3 10 ipsec-isakmp

set peer 23.23.23.3

set transform-set my_trans

match address 100

interface Tunnel1

ip unnumbered Serial1/1

tunnel source Serial1/1

tunnel destination 23.23.23.3

interface Serial1/1

ip address 12.12.12.1 255.255.255.0

serial restart-delay 0

crypto map gre_to_R3

access-list 100 permit gre host 12.12.12.1 host 23.23.23.3

ip route 0.0.0.0 0.0.0.0 12.12.12.2

ip route 192.168.0.0 255.255.0.0 Tunnel1

DM_VPN_SERVER端

interface Tunnel1

ip address 172.16.123.1 255.255.255.0

no ip redirects

no ip next-hop-self eigrp 123

ip nhrp map multicast dynamic

ip nhrp network-id 10

ip nhrp cache non-authoritative

no ip split-horizon eigrp 123

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 123

tunnel protection ipsec profile A

CLIENT段：

interface Tunnel3

ip address 172.16.123.3 255.255.255.0

no ip redirects

ip nhrp map 172.16.123.1 123.1.1.1

ip nhrp map multicast 123.1.1.1