扫一扫
关注微信公众号

一个已经成功的ADSL+VPN的配置例子
2008-06-24   

  !
  version 12.2
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname Router-B>
  !
  enable password nesic
  !
  ip subnet-zero
  !
  !
  !
  ip audit notify log
  ip audit po max-events 100
  vpdn enable
  !
  vpdn-group cat
  request-dialin
  protocol pppoe
  !
  !
  crypto isakmp policy 1
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp key nesic address 218.20.58.184
  crypto isakmp keepalive 10
  !
  !
  crypto ipsec transform-set NESIC esp-3des esp-md5-hmac
  !
  crypto map NESICMAP 10 ipsec-isakmp
  set peer 218.20.58.184
  set transform-set NESIC
  match address 100
  !
  !
  !
  !
  !
  !
  !
  !
  fax interface-type fax-mail
  mta receive maximum-recipients 0
  !
  !
  !
  !
  interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  pppoe enable
  pppoe-client dial-pool-number 1
  !
  interface Ethernet1/0
  ip address 192.168.3.1 255.255.255.0
  half-duplex
  !
  interface Ethernet1/1
  no ip address
  half-duplex
  !
  interface Ethernet1/2
  no ip address
  shutdown
  half-duplex
  !
  interface Ethernet1/3
  no ip address
  shutdown
  half-duplex
  !
  interface Dialer1
  ip address negotiated
  ip mtu 1492
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication pap callin
  ppp pap sent-username gzDSLNAMERT@163.gd password 0 XXXXXX
  crypto map NESICMAP
  !
  router rip
  network 192.168.3.0
  !
  ip nat inside source route-map nanat interface Dialer1 overload
  ip classless
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  ip pim bidir-enable
  !
  !
  access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 110 permit ip any any
  !
  route-map nanat permit 10
  match ip address 110
  !
  call rsvp-sync
  !
  !
  mgcp profile default
  !
  dial-peer cor custom
  !
  !
  !
  !
  !
  line con 0
  line aux 0
  line vty 0 4
  password nesic
  login
  !
  !
  FW:crypto isakmp key nesic address 218.20.58.184 ------这句定义一个isakmp key为nesic,指定peer-address为218.20.58.184
  crypto map NESICMAP 10 ipsec-isakmp -------这句定义crypto map 名为NESICMAP
  set peer 218.20.58.184 ---------------这句指定一个IP Security Peer in a crypto map entry
  set transform-set NESIC ----------指定transform-set为NESIC
  match address 100 ------------这句用扩展IP访问控制列表来匹配address

热词搜索:

上一篇:VPN问题学习之VPN=VIP
下一篇:某项目的CISCO产品测试报告基于IS-IS的MPLS/VPN实验

分享到: 收藏
评论内容