IPsec VPN¹ÊÕÏÅųýÊÖ²á
Version1.0
ÂõÆÕ¼¼Êõ·þÎñÖÐÐÄ 2008-05-01
Ò»¡¢ÂõÆÕ¹«Ë¾VPN²úÆ·¼ò½é
ÂõÆÕ¹«Ë¾VPN²úÆ·ÐͺŻ¹ÊDZȽ϶࣬°üÀ¨IPsec VPN²úÆ·ÐͺţºVPN3030¡¢ÀÏVPN3020¡¢VPN3020B¡¢VPN3010¡¢VPN3010E¡¢VPN3005B¡¢VPN3005C¡¢VPN3005C-104¡¢VRCÒÔ¼°·À»ðǽ²úÆ·ÐͺţºFW520¡¢FW505
1.1¸ù¾Ýϵͳƽ̨Çø·Ö£º
VPN3020¡¢FW520£º»ùÓÚlinux²Ù×÷ϵͳ²ÉÓÃX86¹¤¿Ø»úÓ²¼þƽ̨¡£VPN3020Ö§³ÖSSP02Ó²¼þ¼ÓÃÜ¡£FW520²»Ö§³ÖSSP02Ëã·¨£¬VPN3020ºÍFW520²»Ö§³ÖÂõÆÕCMS°ä·¢Ö¤Ê鲢ͨ¹ýÔ¤¹²Ïí·½Ê½½¨Á¢VPN¡£
FW505£º»ùÓÚlinux²Ù×÷ϵͳ²ÉÓÃ800·ÓÉÆ÷Ó²¼þƽ̨£¬FW505²»Ö§³ÖSSP02Ëã·¨¡£ VPN3020B£º»ùÓÚvxworks²Ù×÷ϵͳ²ÉÓÃ3740·ÓÉÆ÷Ó²¼þƽ̨¡£Ö§³ÖÓ²¼þͨÓüÓÃÜ¿¨¡£ VPN3005B£º»ùÓÚvxworks²Ù×÷ϵͳ²ÉÓÃ800·ÓÉÆ÷Ó²¼þƽ̨¡£²»Ö§³ÖÓ²¼þͨÓüÓÃÜ¿¨¡£ VPN3010/3010E£º»ùÓÚvxworks²Ù×÷ϵͳ²ÉÓö¨ÖƵÄ269¡ÁÓ²¼þƽ̨¡£VPN3010EÖ§³ÖÓ²¼þͨÓüÓÃÜ¿¨¡£
VPN3005C£º»ùÓÚvxworks²Ù×÷ϵͳ²ÉÓÃ2600CD·ÓÉÆ÷Ó²¼þƽ̨¡£²»Ö§³ÖÓ²¼þͨÓüÓÃÜ¿¨¡£
VPN3005C£104£º»ùÓÚvxworks²Ù×÷¡£ VRC£º´¿Èí¼þIPsec¡£Ö§³ÖWINDOWSƽ̨¡£
1.2²úÆ·ÐÎ̬(Ö»½éÉÜÄ¿Ç°ÔÚÊÛ²úÆ·)
MPSec VPN3020B¾ßÓÐ4¸ö¶à¹¦Äܲå²Û£¨MIM£©£¬±êÅä2¸öǧÕ×¹â/µç×ÔÑ¡ÒÔÌ«¿Ú£¬×î¶àÖ§³Ö6¸öÒÔÌ«½Ó¿Ú£¬ÃÜÎÄÍÌÍÂÁ¿´ïµ½200Mbps£¬Ö§³ÖË«µçÔ´ÈßÓà¡¢ÒµÎñ°å¿¨ÈȲå°Î¡£
MPSec VPN3010E±êÅä4¸ö°ÙÕ×ÒÔÌ«¿Ú£¬×î¶àÖ§³Ö4¸öÒÔÌ«½Ó¿Ú£¬ÃÜÎÄÍÌÍÂÁ¿´ïµ½50Mbps¡£
MPSec VPN3005C±êÅä2¸ö°ÙÕ×ÒÔÌ«¿Ú£¬×î¶àÖ§³Ö3¸öÒÔÌ«½Ó¿Ú£¬ÃÜÎÄÍÌÍÂÁ¿´ïµ½
10Mbps£¬²¢ÌṩVoIP²å²Û¿É²åÈëVoIPÓïÒôÄ£¿éʵÏÖVoIPÓëVPNµÄÈںϡ£
MPSec VPN3005C-104±êÅä5¸ö°ÙÕ×ÒÔÌ«¿Ú£¬ÃÜÎÄÍÌÍÂÁ¿´ïµ½2Mbps¡£
¶þ¡¢IPsecÅäÖüòҪ˵Ã÷
VPNµÄÅäÖÿÉÒÔͨ¹ýÁ½ÖÖ·½Ê½À´ÅäÖã¬Ò»ÊÇÊÖ¹¤ÅäÖã¬ÁíÍâÒ»ÖÖÊÇͨ¹ýÍø¹Ü·½Ê½»ñÈ¡ÅäÖá£Íø¹Ü·½Ê½Ïà¶Ô±È½Ï¼òµ¥£¬ÔÚÍø¹Ü·þÎñÆ÷ÉÏÌí¼Ó½Úµã²ÎÊýºÍÏà¹Ø×ÊÔ´ºó£¬Ö»ÐèÒªÔÚVPNÉ豸ÉÏÌí¼Ó¼òµ¥µÄ³õʼ»¯²ÎÊýºó¼´¿É»ñÈ¡ÅäÖá£
2.1Íø¹Ü·½Ê½VPNµÄÅäÖÃ
? ÅäÖÃÉÏÍø²ÎÊý
¸Ã´¦Ö»ÐèÒª±£Ö¤¸ÃÉ豸Äܹ»Á¬½ÓÉϹ«Íø£¬Í¬Ê±ÐèÒªÖ¸¶¨Ò»¸öĬÈÏ·ÓÉ£¬¸Ã·ÓÉÖ¸ÏòÍâ³öIP»ò½Ó¿Ú¡£
? ÅäÖÃÉϵã²ÎÊý
Çë½øÈëshellÅäÖýçÃ棬½øÈëconfigģʽ£¬È»ºóÊäÈë (config)#crypto init-config
·Ö±ðÅäÖÃuser-name£¬password£¬ÒÔ¼°ÖÐÐÄVPNµÄµØÖ·server address£¬Íê³ÉºóµÄ½á¹ûÈçÏÂ
crypto init-config server address 202.21.1.1 user-name test
password 3ee86377cf3de377€ exit
? »ñÈ¡ÉϵãÅäÖÃ
ÔÚenableģʽÏ£¬ÊäÈë start crypto init-config
Èç¹û·µ»Ø³É¹¦µÄ»°£¬¸ÃVPN¾ÍÒѾ»ñÈ¡Á˱ØÐèµÄ³õʼÅäÖã¬ÒÔ¶ÔÓ¦°²È«Óû§µÄÉí·Ý¼ÓÈëÁËPM3µÄ¹ÜÀí·¶Î§ÁË£¬×îºó±£´æÒ»ÏÂÅäÖþͿÉÒÔÁË¡£