DM***+EZ***
互联基本配置
!Internet:
int f0/0
ip add 100.1.1.1 255.255.255.0
no shut
exit
int f1/1
ip add 200.1.1.1 255.255.255.0
no shut
exit
int f1/0
ip add 210.1.1.1 255.255.255.0
no shut
exit
int f2/0
ip add 220.1.1.1 255.255.255.0
no shut
exit
!Beijing-Center:
int f0/0
ip add 100.1.1.2 255.255.255.0
no shut
exit
int f1/0
ip add 1.1.1.1 255.255.255.0
no shut
exit
!Shanghai分部:
int f0/0
ip add 210.1.1.2 255.255.255.0
no shut
exit
int f1/0
ip add 2.2.2.2 255.255.255.0
no shut
exit
!PC2
ip 2.2.2.1/24 2.2.2.2
!ShenZhen分部:
int f0/0
ip add 220.1.1.2 255.255.255.0
no shut
exit
int f1/0
ip add 3.3.3.3 255.255.255.0
no shut
exit
PC3
ip 3.3.3.1/24 3.3.3.3
!VMware 虚拟机安装的XP系统,VPCS做客户端EZ×××拨入后无法ping通内网段,只能使用虚拟机。
NoteBook
ip 200.1.1.2/24 200.1.1.1
BeiJing-Center:
ip route 0.0.0.0 0.0.0.0 100.1.1.1
ShangHai:
ip route 0.0.0.0 0.0.0.0 210.1.1.1
ShenZhen:
ip route 0.0.0.0 0.0.0.0 220.1.1.1
!======BeiJing-center=============EZ×××部分===================================
username cisco password 0 cisco
aaa new-model
!
!
!--- Xauth is configured for local authentication.
aaa authentication login userauthen local
aaa authorization network naton local
!--- Create an ISAKMP policy for Phase 1 negotiations.
!--- This policy is for Easy ××× Clients.
crypto isakmp policy 20
hash md5
authentication pre-share
group 2
exit
!
!--- ××× Client configuration for group "naton"
!--- (this name is configured in the ××× Client).
crypto isakmp client configuration group naton
key naton
dns 1.1.11.10 1.1.11.11
wins 1.1.11.12 1.1.11.13
domain cisco.com
pool natonpool
exit
!--- Profile for ××× Client connections, matches the
!--- "hw-client-group" group and defines the XAuth properties.
crypto isakmp profile ×××client
match identity group naton
client authentication list userauthen
isakmp authorization list naton
client configuration address respond
exit
!--- Create the Phase 2 policy for actual data encryption.
crypto ipsec transform-set strong esp-3des esp-md5-hmac
mode transport
exit
!
!--- This dynamic crypto map references the ISAKMP
!--- Profile ××× Client above.
!--- Reverse route injection is used to provide the
!--- DM××× networks access to any Easy ××× Client networks.
crypto dynamic-map dynmap 10
set transform-set strong
set isakmp-profile ×××client
reverse-route
exit
!
!
!--- Crypto map only references the dynamic crypto map above.
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0/0
crypto map dynmap
exit
!
ip local pool natonpool 1.1.11.60 1.1.11.80
!=====BeiJing-center============DM×××部分=============================
!--- Keyring that defines the wildcard pre-shared key.
crypto keyring dm***spokes
pre-shared-key address 0.0.0.0 0.0.0.0 key naton123
exit
!
!--- Create an ISAKMP policy for Phase 1 negotiations.
!--- This policy is for DM××× spokes.
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
exit
!
!--- Profile for LAN-to-LAN connection, references
!--- the wildcard pre-shared key and a wildcard
!--- identity (this is what is broken in
!--- Cisco bug ID CSCea77140)
!--- and no XAuth.
crypto isakmp profile DM×××
keyring dm***spokes
match identity address 0.0.0.0
exit
!
!
crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac
mode transport
exit
!--- Create an IPsec profile to be applied dynamically to the
!--- generic routing encapsulation (GRE) over IPsec tunnels.
crypto ipsec profile naton-dm-ips
set security-association lifetime seconds 120
set transform-set naton-dm
set isakmp-profile DM×××
exit
!
!
!--- Create a GRE tunnel template which is applied to
!--- all the dynamically created GRE tunnels.
router eigrp 10
network 1.1.1.0 0.0.0.255
network 10.0.0.0 0.0.0.255
no auto-summary
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication naton123
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 300
no ip split-horizon eigrp 10
no ip next-hop-self eigrp 10
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile naton-dm-ips
exit
!
=====ShangHai============DM×××部分=============================
!--- Create an ISAKMP policy for Phase 1 negotiations.
!--- This policy is for DM××× spokes.
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
exit
!
!
crypto isakmp key naton123 address 0.0.0.0 0.0.0.0
crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac
mode transport
exit
!--- Create an IPsec profile to be applied dynamically to the
!--- generic routing encapsulation (GRE) over IPsec tunnels.
crypto ipsec profile naton-dm-ips
set security-association lifetime seconds 120
set transform-set naton-dm
exit
router eigrp 10
network 2.2.2.0 0.0.0.255
network 10.0.0.0 0.0.0.255
no auto-summary
interface Tunnel0
ip address 10.0.0.2 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication naton123
ip nhrp map 10.0.0.1 100.1.1.2
ip nhrp map multicast 100.1.1.2
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 10.0.0.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile naton-dm-ips
=====ShenZhen============DM×××部分=============================
!--- Create an ISAKMP policy for Phase 1 negotiations.
!--- This policy is for DM××× spokes.
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
exit
!
!
crypto isakmp key naton123 address 0.0.0.0 0.0.0.0
crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac
mode transport
exit
!--- Create an IPsec profile to be applied dynamically to the
!--- generic routing encapsulation (GRE) over IPsec tunnels.
crypto ipsec profile naton-dm-ips
set security-association lifetime seconds 120
set transform-set naton-dm
exit
router eigrp 10
network 3.3.3.0 0.0.0.255
network 10.0.0.0 0.0.0.255
no auto-summary
interface Tunnel0
ip address 10.0.0.3 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication naton123
ip nhrp map 10.0.0.1 100.1.1.2
ip nhrp map multicast 100.1.1.2
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 10.0.0.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile naton-dm-ips
测试iPS:
Beijing-Cent:
#sh crypto ips sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 100.1.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (100.1.1.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (210.1.1.2/255.255.255.255/47/0)
current_peer 210.1.1.2 port 500
protected vrf: (none)
local ident (addr/mask/prot/port): (100.1.1.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (220.1.1.2/255.255.255.255/47/0)
current_peer 220.1.1.2 port 500
ShangHai:
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 210.1.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (210.1.1.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (100.1.1.2/255.255.255.255/47/0)
current_peer 100.1.1.2 port 500
Shenzhen:
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 220.1.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (220.1.1.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port
BeiJing-Center#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
100.1.1.2 220.1.1.2 QM_IDLE 1002 ACTIVE
100.1.1.2 210.1.1.2 QM_IDLE 1001 ACTIVE
ShangHai#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
100.1.1.2 210.1.1.2 QM_IDLE 1001 ACTIVE
ShenZhen#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
100.1.1.2 220.1.1.2 QM_IDLE 1001 ACTIVE
BeiJing-Center#sh crypto engine connections activ
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
139 IPsec 3DES+SHA 0 13 13 100.1.1.2
140 IPsec 3DES+SHA 13 0 0 100.1.1.2
141 IPsec 3DES+SHA 0 3 3 100.1.1.2
142 IPsec 3DES+SHA 2 0 0 100.1.1.2
1001 IKE MD5+3DES 0 0 0 100.1.1.2
1002 IKE MD5+3DES 0 0 0 100.1.1.2
BeiJing-Center##ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/98/232 ms
BeiJing-Center##ping 3.3.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/78/100 ms
NoteBook
进入虚拟机添加IP地址200.1.1.2 255.255.255.0 200.1.1.1,安装cisco ××× Client 配置如下(name:naton,password:naton):
双击***,输入用户名cisco,密码cisco,显示拨入成功;
ping 总部服务器地址全通,Easy ×××配置成功。
本实验全部完成,请提出意见或建议,谢谢。
转载于:https://blog.51cto.com/aluna/1714988
DM***+EZ***相关推荐
- How to list/dump dm thin pool metadata device?
2019独角兽企业重金招聘Python工程师标准>>> See: How to create metadata-snap for thin tools using? I don't ...
- 数据库迁移_【干货分享】DM数据库迁移方法(物理迁移)
在数据库的维护过程中,可能涉及换服务器,或者需要现网数据库环境测试的情况,这时,最简单快速的办法就是将源数据库相关的文件拷贝到目标主机,然后注册数据库实例服务.这就是数据库的物理迁移过程,可以是从wi ...
- Ez*** on ASA
Ez*** on ASA 拓扑: PC/64.1.1.1-------64.1.1.10/Internet/202.1.1.10------202.1.1.1/ASA/10.1.1.1------10 ...
- 一步一步搭架子(DM层与Service层)
首先分享一点自己最近的感悟:讨厌你的人总可以找到理由去讨厌你 正文开始 如果您是初次阅读这个系列,请先去<Index & Writing Plan>查找并阅读"架构设计系 ...
- DM达梦数据库 - 设置忽略关键字方法,login关键字处理实例演示
实例 sql 语句如下: INSERT INTO INTELLIV_USER (ID, LOGIN, PASSWORD_HASH, FIRST_NAME, LAST_NAME, EMAIL, IMAG ...
- 数据分层/ODS/DW/DM
数据分层/ODS/DW/DM 数据分层 数据分层的目的 ODS层 (Operational Data Store 又称数据运营层) DW层(data warehouse 数据仓库) DM层 (data ...
- mysql数据迁移到teradata_Mysql迁移到达梦数据库-Mysql到DM的应用迁移-给自增列赋值-GroupBy语法不兼容...
现象描述 把基于Mysql 的应用移植到达梦数据库,我们进程碰到下面两个问题. 场景一: 在完成了数据和应用系统的移植后,应用一启动,看到日志框框报错:无法给自增列赋值. [仅当指定列列表,且 SET ...
- sysdba 默认密码_干货分享|DM数据库密码策略和登录限制设置
在数据库的用户安全中,口令复杂度策略和资源限制是用户安全重要的一部分.在DM数据库中,口令策略分为系统口令策略和用户口令策略.只有安全版本才支持对每个用户设置口令策略(即用户口令策略),非安全版本,只 ...
- 惠普微型计算机怎么样,垃圾佬的养成①日记之惠普HP 400G3 DM迷你小主机入手日记...
垃圾佬的养成①日记之惠普HP 400G3 DM迷你小主机入手日记 2019-12-20 10:00:00 243点赞 1523收藏 434评论 购买理由 本人数码爱好者,pc行业几乎和我无关,但是我曾 ...
最新文章
- 数据结构学习(十三)、快速排序
- 真爱!微软宣布新开源网站,由 Jekyll 一键生成,代码所见即所得
- Python学习笔记(十五):类基础
- 记一次MySQL AUTO_INCREMENT的故障
- php mysql修改命令_PHP编程:mysql alter table命令修改表结构实例详解
- 图像梯度增强_使用梯度增强机在R中进行分类
- java在控制台输出空心正方形,菱形,空心菱形
- oracle 复制数据 insert into、as select
- 默认conf指向位置
- 不会写漂亮代码不是优秀的程序员,没有钢铁侠之躯不是合格的程序员
- 2021全国大学生数学建模竞赛E题思路
- 联想硬盘保护系统计算机名,联想硬盘保护系统EDU7.0安装方法
- php压缩html文件,压缩html_PHP压缩html的函数代码
- 【VOIP】yate sip客户端直接呼叫
- h5学习笔记 横排导航
- Qt:十六进制字符串和十六进制互转
- 混淆矩阵 confusion matrices
- 什么是域名(Domain Name ) ?
- eclipse使用技巧——备注格式的定义与模板
- Thinkpad X61驱动下载及安装方法 for windows XP
热门文章
- Python进程和线程保姆式教学,1个台机子多只手干活的秘籍
- 有效地使用计算机操作系统的教学设计与反思,《操作系统的基础知识(1)》教学设计及反思...
- c 语言set用法,使用
- xshell查询日志命令_Polysh命令实现多日志查询的方法示例
- android 使用jar里 aidl,Android Studio中用gradle打包带AIDL文件的jar文件
- 【Java工具类】使用Random类对象生成随机整数
- 主席树 + 树上倍增 ---- codeforces 587C[树上倍增或者主席树]
- codeforces432D[kmp的next数组的运用]
- hosts文件连接服务器失败,ssh连接远程服务器出现Host key验证失败的解决方案
- P1972 [SDOI2009]HH的项链(离线树状数组)