zoukankan      html  css  js  c++  java

  • ipsec_笔记

    1.基础IP配置
    R1 

    int f0/1
    ip add 12.1.1.1 255.255.255.0
    no sh
    int f0/0
    ip add 13.1.1.1 255.255.255.0
    no sh
    int loo 0
    ip add 1.1.1.1 255.255.255.255
    R2:
    int f0/1
    ip add 12.1.1.2 255.255.255.0
    no sh
    int f0/0
    ip add 192.168.1.254 255.255.255.0
    no sh
    ip access-list 100 deny ip per 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    ip access-list 100 permit ip any any
    int f0/1
    ip nat outside
    int f0/0
    ip nat inside
    ip nat inside list 100 int f0/1 over
    R3:
    int f0/0
    ip add 13.1.1.3 255.255.255.0
    no sh
    int f0/1
    ip add 192.168.2.254 255.255.255.0
    no sh
    ip access-list 100 deny ip per 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
    ip access-list 100 permit ip any any
    int f0/0
    ip nat outside
    int f0/1
    ip nat inside 
    ip nat inside list 100 inside int f0/0 over
    R4:
    int f0/0
    ip add 192.168.1.1 255.255.255.0
    no sh
    no ip routing
    ip default gateway 192.168.1.254
    R5:
    int f0/1
    ip add 192.168.2.1 255.255.255.0
    no sh
    no ip routing
    ip default gateway 192.168.2.254
    2.ipsec配置
    R3:
    第一阶段
    show crypto isakmp policy

    crypto isakmp policy 10
    encryption aes
    hash md5
    authentication per-share
    group 2
    lifetime 3600
    show crypto isakmp policy

     (config)#crypto isakmp key 6 CCIE55 address 12.1.1.2 


    第二阶段:
    crypto ipsec transform-set CCIE55 esp-aes esp-md5-hmac
    mode tunnel
    crypto map CCIE55MAP  10 ipsec-isakmp 
    =======================================
    access-list 101 per ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
    =======================================
     set peer 12.1.1.2
    set transform-set CCIE55
    match address 101 
    在R2上做类似配置:
    R2配置如下:
    access-list 101 per ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
    crypto isakmp policy 10
    encryption aes
    hash md5
    authentication per-share
    group 2
    lifetime 3600
    crypto isakmp key 6 CCIE55 address 13.1.1.3 
    crypto ipsec transform-set CCIE55 esp-aes esp-md5-hmac
    mode tunnel
    crypto map CCIE55MAP  10 ipsec-isakmp 
     set peer 13.1.1.3
    set transform-set CCIE55
    match address 101 
    在R3上调用:
    R3:
    int f0/0 
    crypto map CCIE55MAP
    R2:
    int f0/1
    crypto map CCIE55MAP

    验证ipsec :
    第一阶段:show crypto isakmp sa(如果没有表项,可以ping一下,流量触发)
    show crypto isakmp key
    第二阶段:show crypto ipsec sa
    R2:show crypto ipsec sa

     

    R3:show crypto ipsec sa
     
  • 相关阅读:
    CDQ分治·学习笔记
    高斯消元板子
    [HEOI2012]朋友圈
    [CTSC2008]祭祀
    Medium | LeetCode 140. 单词拆分 II | 回溯(递归)
    Hard | LeetCode 212. 单词搜索 II | 回溯 + 前缀树
    Medium | LeetCode 131. 分割回文串 | 回溯 + 动态规划预处理
    Hard | LeetCode 329. 矩阵中的最长递增路径 | 矩阵+DFS
    Hard | LeetCode 76. 最小覆盖子串 | 滑动窗口
    Medium | LeetCode 130. 被围绕的区域 | 矩阵 + DFS
  • 原文地址:https://www.cnblogs.com/paddingtoneyes/p/13296799.html
Copyright © 2011-2022 走看看