《2022年EasyVPN配置命令 .pdf》由会员分享,可在线阅读,更多相关《2022年EasyVPN配置命令 .pdf(9页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、#1、配置 easy server启动 aaa 认证7200B(config)#username fenghao privilege 15 password 0cisco 7200B(config)#aaa new-model 7200B(config)#aaa authentication login vpn_xauth_list local 7200B(config)#aaa authorization exec default local 7200B(config)#aaa authorization network vpn_group_list local 7200B(config)#
2、aaa session-id common#2、IKE 阶段 1.7200B(config)#crypto isakmp policy 1 7200B(config-isakmp)#encryption aes 128 7200B(config-isakmp)#authentication pre-share 7200B(config-isakmp)#group 2#注意,这里不需要设置预共享密钥#3、IKE 阶段 1.5 7200B(config)#crypto isakmp xauth timeout 15 7200B(config)#crypto isakmp client config
3、uration group it#注意:IT 是组名7200B(config-isakmp-group)#key cisco#登陆用的密码名师资料总结-精品资料欢迎下载-名师精心整理-第 1 页,共 9 页 -7200B(config-isakmp-group)#dns 192.168.1.103#dns服务器 IP 7200B(config-isakmp-group)#pool client_pool#client分配的 IP 地址池7200B(config)#ip local pool client_pool 172.16.1.100 172.16.1.200#设置池范围#4、IKE 阶段
4、 2 7200B(config)#crypto ipsec transform-set fenghao esp-aes 128 esp-sha-hmac#5、动态映射7200B(config)#crypto dynamic-map fenghao_dynmap 1 7200B(config-crypto-map)#set transform-set fenghao 7200B(config-crypto-map)#reverse-route 7200B(config)#crypto map fenghao_map client authentication list vpn_xauth_lis
5、t 7200B(config)#crypto map fenghao_map isakmp authorization list vpn_group_list 7200B(config)#crypto map fenghao_map client configuration address respond 7200B(config)#crypto map fenghao_map 10 ipsec-isakmp dynamic fenghao_dynmap名师资料总结-精品资料欢迎下载-名师精心整理-第 2 页,共 9 页 -#6、应用映射到接口7200B(config-if)#crypto m
6、ap fenghao_map#接口为 VPN 的入口#OK,到此完毕!Client端口设置Host:应用映射的端口,我的是192.168.1.101 Group Authentication Name:it Password:cisco Confirm Password:cisco 暂时不支持切分通道!一下是我的 show run 7200B#show run Building configuration.Current configuration:1844 bytes!version 12.3 service timestamps debug datetime msec service ti
7、mestamps log datetime msec no service password-encryption!hostname 7200B 名师资料总结-精品资料欢迎下载-名师精心整理-第 3 页,共 9 页 -!boot-start-marker boot-end-marker!enable password cisco!aaa new-model!aaa authentication login vpn_xauth_list local aaa authorization exec default local aaa authorization network vpn_group_l
8、ist local aaa session-id common ip subnet-zero!ip cef!名师资料总结-精品资料欢迎下载-名师精心整理-第 4 页,共 9 页 -!username fenghao privilege 15 password 0 cisco!crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp xauth timeout 15!crypto isakmp client configuration group it key cisco dns 192.168.
9、1.103 pool client_pool 名师资料总结-精品资料欢迎下载-名师精心整理-第 5 页,共 9 页 -!crypto ipsec transform-set fenghao esp-aes esp-sha-hmac!crypto dynamic-map fenghao_dynmap 1 set transform-set fenghao reverse-route!crypto map fenghao_map client authentication list vpn_xauth_list crypto map fenghao_map isakmp authorization
10、 list vpn_group_list crypto map fenghao_map client configuration address respond crypto map fenghao_map 10 ipsec-isakmp dynamic fenghao_dynmap!interface FastEthernet0/0 名师资料总结-精品资料欢迎下载-名师精心整理-第 6 页,共 9 页 -ip address 192.168.10.101 255.255.255.0 duplex half crypto map fenghao_map!interface Serial1/0
11、ip address 192.168.100.2 255.255.255.0 serial restart-delay 0 clock rate 64000!interface Serial1/1 no ip address shutdown serial restart-delay 0!interface Serial1/2 no ip address shutdown serial restart-delay 0!interface Serial1/3 no ip address shutdown 名师资料总结-精品资料欢迎下载-名师精心整理-第 7 页,共 9 页 -serial res
12、tart-delay 0!ip local pool client_pool 172.16.1.100 172.16.1.200 ip classless ip http server no ip http secure-server!gatekeeper shutdown!line con 0 stopbits 1 line aux 0 名师资料总结-精品资料欢迎下载-名师精心整理-第 8 页,共 9 页 -stopbits 1 line vty 0 4 exec-timeout 0 0 password cisco logging synchronous line vty 5 1869 exec-timeout 0 0 password cisco logging synchronous!end名师资料总结-精品资料欢迎下载-名师精心整理-第 9 页,共 9 页 -