可编辑
IPsec VPN isakmp aggressive mode实验配置
Aggressive mode 通常用于IPsec VPN一端为拨号接入没有固定IP,另一端无法指定对端IP,以及无法通过IP作为ID标识对端pre-key。路由器SPOKE,VPNHUB loopback接口模拟内部网络。SPOKE s1/1接口IP172.16.1.1模拟拨号接入动态获取的(此处略掉拨号接入—pppoe配置)。ISP路由器模拟internet网络。
SPOKE configuration
SPOKE#sh run
Building configuration...
Current configuration : 1448 bytes !
version 12.4
service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption !
hostname SPOKE !
boot-start-marker boot-end-marker ! !
no aaa new-model memory-size iomem 5 ! !
ip cef
no ip domain lookup ! ! !
精品文档,欢迎下载
可编辑
! ! ! !
crypto isakmp policy 10 hash md5
authentication pre-share group 2 !
crypto isakmp peer address 172.16.2.1 set aggressive-mode password xinjialove
set aggressive-mode client-endpoint fqdn xinjialove ! !
crypto ipsec transform-set xinjialove esp-des esp-md5-hmac !
crypto map xinjialove 10 ipsec-isakmp set peer 172.16.2.1
set transform-set xinjialove match address 100 ! ! ! !
interface Loopback0
ip address 1.1.1.1 255.255.255.255 !
interface FastEthernet0/0 no ip address shutdown duplex auto speed auto !
interface Serial1/0 no ip address shutdown
serial restart-delay 0 !
interface Serial1/1
ip address 172.16.1.1 255.255.255.0 serial restart-delay 0 crypto map xinjialove !
interface Serial1/2 no ip address shutdown
serial restart-delay 0
精品文档,欢迎下载
可编辑
!
interface Serial1/3 no ip address shutdown
serial restart-delay 0 !
interface FastEthernet2/0 no ip address shutdown duplex auto speed auto !
no ip http server
no ip http secure-server !
ip route 0.0.0.0 0.0.0.0 Serial1/1 ! !
access-list 100 permit ip host 1.1.1.1 host 3.3.3.3 ! !
control-plane ! ! ! ! ! ! !
line con 0
logging synchronous line aux 0 line vty 0 4 ! ! end
VPNHUB configuration
VPNHUB#sh run
Building configuration...
Current configuration : 1338 bytes !
version 12.4
service timestamps debug datetime msec
精品文档,欢迎下载
IPsec-VPN-isakmp-aggressive-mode实验配置
