远程13.8.1用预共享密钥配置一个站点到站点的IPSEC

san1#show run
!
interface Serial1/2
 no ip address
 encapsulation frame-relay
 no sh
!
interface Serial1/2.1 point-to-point
 ip address 192.168.192.1 255.255.255.0
 frame-relay interface-dlci 103  
!
interface Serial1/2.2 point-to-point
 ip address 192.168.191.1 255.255.255.0
 frame-relay interface-dlci 102  
!
ip route 192.168.0.0 255.255.255.0 192.168.191.2
ip route 192.168.200.0 255.255.255.0 192.168.192.2
!
!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
london2#show run
!
crypto isakmp policy 100
 authentication pre-share
crypto isakmp key 6 cisco1234 address 192.168.192.2
!
crypto ipsec transform-set myset esp-des
!        
crypto map mymap 110 ipsec-isakmp
 set peer 192.168.192.2
 set transform-set myset
 match address 120
!
interface Loopback0
 ip address 192.168.0.1 255.255.255.0
!
interface Serial1/2
 ip address 192.168.191.2 255.255.255.0
 encapsulation frame-relay
 no sh
 crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 192.168.191.1
!
access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255
!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
singapore3#show run
!
crypto isakmp policy 100
 authentication pre-share
crypto isakmp key 6 cisco1234 address 192.168.191.2
!
!
crypto ipsec transform-set myset esp-des
!        
crypto map mymap 110 ipsec-isakmp
 set peer 192.168.191.2
 set transform-set myset
 match address 120
!
!
!
interface Loopback0
 ip address 192.168.200.1 255.255.255.0
!
interface Serial1/2
 ip address 192.168.192.2 255.255.255.0
 encapsulation frame-relay
 no sh
 crypto map mymap
!
ip route 0.0.0.0 0.0.0.0 192.168.192.1
!
access-list 120 permit ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255
!
!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r5#show run
frame-relay switching
!
interface Serial1/0
 no sh
 no ip address
 encapsulation frame-relay
 clock rate 64000
 frame-relay intf-type dce
 frame-relay route 102 interface Serial1/1 201
 frame-relay route 103 interface Serial1/2 301
!
interface Serial1/1
 no ip address
 encapsulation frame-relay
 no sh
 clock rate 64000
 frame-relay intf-type dce
 frame-relay route 201 interface Serial1/0 102
!
interface Serial1/2
 no ip address
 encapsulation frame-relay
 no sh
 clock rate 64000
 frame-relay intf-type dce
 frame-relay route 301 interface Serial1/0 103
!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
步骤:
crypto isakmp policy 100      起用IKE,使用预共享密钥做为认证方法,创建一个优先权为100的IKE策略
 authentication pre-share  
crypto isakmp key 6 cisco1234 address 192.168.191.2    配置预共享密钥和对等体地址 
show crypto isakmp policy
access-list 120 permit ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255  要封装分组
crypto ipsec transform-set myset esp-des  配置IPSEC转换集,指定DES来加密分组
crypto map mymap 110 ipsec-isakmp      使用一个名为MYMAP的映射和值为110的序列号来配置一个IPSEC密码映射
 match address 120              匹配条件
  set transform-set myset        设置转换集myset
 set peer 192.168.191.2         设置对等体
interface Serial1/2
  crypto map mymap               将密码映射mymap作用到R3接口上
show crypto ipsec sa
debug crypto ipsec
debug crypto isakmp
clear crypto sa
clear crypto isakmp
show crypto isakmp sa
 

你可能感兴趣的:(配置,密钥,远程,共享,休闲)