中国IT动力,最新最全的IT技术教程
最新100篇 | 推荐100篇 | 专题100篇 | 排行榜 | 搜索 | 在线API文档 | 网通镜像
首 页 | 程序开发 | 操作系统 | 软件应用 | 图形图象 | 网络应用 | 精文荟萃 | 教育认证 | 硬件维护 | 未整理篇 | 站长教程
ASP JS PHP工程 ASP.NET 网站建设 UML J2EESUN .NET VC VB VFP 网络维护 数据库 DB2 SQL2000 Oracle Mysql
服务器 Win2000 Office C DreamWeaver FireWorks Flash PhotoShop 上网宝典 CorelDraw 协议大全 网络安全 微软认证
硬件维护  CPU  主板  硬盘  内存  显卡  显示器  键盘鼠标  声卡音箱  打印机  机箱电源  BIOS  网卡  C#  Java  Delphi  vs.net2005
  当前位置:> 教育认证 > 思科认证 > CISCO其他
IPSec和NAT配合使用的实验
作者:佚名 时间:2004-12-26 10:57 出处:互连网 责编:chinaitpower
              摘要:IPSec和NAT配合使用的实验

  刚做完的实验,贴出来大家分享,虽然不是Cisco的设备,命令几乎完全相同,大家理解就行了。
  环境:两台博达2750路由器(1*E,1*FE),两台PC实验目的:两台路由器通过E0/1连接,实现IPSec VPN,使两台PC互访,并且都能分别通过路由器的NAT访问互联网。
  
  配置:
  RouterARouterA#sh run
  Building configuration...
  
  Current configuration:
  !
  !version 1.3.1E
  service timestamps log date
  service timestamps debug date
  no service password-encryption
  !
  hostname RouterA
  !
  !
  
  
  
  !
  crypto ipsec transform-set one
  !
  crypto map aaa 100 ipsec-manual
  set peer 192.0.0.2
  set security-association inbound esp 256 cipher abcdabcdabcdabcd
  set security-association outbound esp 1257 cipher 1234123412341234
  set transform-set one
  match address test
  !
  !
  interface FastEthernet0/0
  ip address 172.16.1.1 255.255.255.0
  no ip directed-broadcast
  ip nat inside
  !
  interface Ethernet0/1
  ip address 192.0.0.1255.255.255.0
  no ip directed-broadcast
  crypto map aaa
  duplex half
  ip nat outside
  !
  interface Serial0/0
  no ip address
  no ip directed-broadcast
  !
  interface Async0/0
  no ip address
  no ip directed-broadcast
  !
  !
  ip route default 192.0.0.3
  !
  !
  !
  !
  !
  ip access-list standard nat-2
  permit 172.16.1.0 255.255.255.0
  !
  ip access-list extended test
  permit ip 192.0.0.1255.255.255.0 192.0.0.2 255.255.255.0!
  !
  !
  !
  ip nat outside source static 192.0.0.2 172.16.2.2
  ip nat inside source static 172.16.1.2 192.0.0.1
  ip nat inside source list nat-2 interface Ethernet0/1
  !
  !
  !
  
  
  
  RouterB:
  
  
  RouterB#sh run
  Building configuration...
  
  Current configuration:
  !
  !version 1.3.1E
  service timestamps log date
  service timestamps debug date
  no service password-encryption
  !
  hostname RouterB
  !
  !
  !
  crypto ipsec transform-set one
  !
  crypto map aaa 100 ipsec-manual
  set peer 192.0.0.1
  set security-association inbound esp 1257 cipher 1234123412341234
  set security-association outbound esp 256 cipher abcdabcdabcdabcd
  set transform-set one
  match address test
  !
  !
  interface FastEthernet0/0
  ip address 172.16.2.1 255.255.255.0
  no ip directed-broadcast
  duplex half
  ip nat inside
  !
  interface Ethernet0/1
  ip address 192.0.0.2 255.255.255.248
  no ip directed-broadcast
  crypto map aaa
  ip nat outside
  !
  interface Serial0/0
  no ip address
  no ip directed-broadcast
  !
  interface Async0/0
  no ip address
  no ip directed-broadcast
  !
  !
  ip route default 192.0.0.3
  !
  !
  !
  !
  !
  ip access-list standard internet
  permit 172.16.2.0 255.255.255.0
  !
  ip access-list extended test
  permit ip 192.0.0.2 255.255.255.0 192.0.0.1 255.255.255.0
  !
  !
  !
  !
  ip nat inside source static 172.16.2.2 192.0.0.2
  ip nat outside source static 192.0.0.1 172.16.1.2
  ip nat inside source list internet interface Ethernet0/1
  !
  !
  !
  
  
关闭本页
 
首页 | 投资与合作 | 服务条款 | 隐私政策 | 收藏本站 | 设为首页 | 新用户注册 | 免责声明 | 使用帮助
Copyright ©2005-2008 chinaitpower.com All rights reserved. www.chinaitpower.com 版权所有