互联基本配置

!Internet:

int f0/0

ip add 100.1.1.1 255.255.255.0

no shut

exit

int f1/1

ip add 200.1.1.1 255.255.255.0

no shut

exit

int f1/0

ip add 210.1.1.1 255.255.255.0

no shut

exit

int f2/0

ip add 220.1.1.1 255.255.255.0

no shut

exit

!Beijing-Center:

int f0/0

ip add 100.1.1.2 255.255.255.0

no shut

exit

int f1/0

ip add 1.1.1.1 255.255.255.0

no shut

exit

!Shanghai分部:

int f0/0

ip add 210.1.1.2 255.255.255.0

no shut

exit

int f1/0

ip add 2.2.2.2 255.255.255.0

no shut

exit

!PC2

ip 2.2.2.1/24 2.2.2.2

!ShenZhen分部:

int f0/0

ip add 220.1.1.2 255.255.255.0

no shut

exit

int f1/0

ip add 3.3.3.3 255.255.255.0

no shut

exit

PC3

ip 3.3.3.1/24 3.3.3.3

!VMware 虚拟机安装的XP系统,VPCS做客户端EZ×××拨入后无法ping通内网段,只能使用虚拟机。

NoteBook

ip 200.1.1.2/24 200.1.1.1

BeiJing-Center:

ip route 0.0.0.0 0.0.0.0 100.1.1.1

ShangHai:

ip route 0.0.0.0 0.0.0.0 210.1.1.1

ShenZhen:

ip route 0.0.0.0 0.0.0.0 220.1.1.1

!======BeiJing-center=============EZ×××部分===================================

username cisco password 0 cisco

aaa new-model

!

!

!--- Xauth is configured for local authentication.

aaa authentication login userauthen local

aaa authorization network naton local

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for Easy ××× Clients.

crypto isakmp policy 20

hash md5

authentication pre-share

group 2

exit

!

!--- ××× Client configuration for group "naton"

!--- (this name is configured in the ××× Client).

crypto isakmp client configuration group naton

key naton

dns 1.1.11.10 1.1.11.11

wins 1.1.11.12 1.1.11.13

domain cisco.com

pool natonpool

exit

!--- Profile for ××× Client connections, matches the

!--- "hw-client-group" group and defines the XAuth properties.

crypto isakmp profile ×××client

match identity group naton

client authentication list userauthen

isakmp authorization list naton

client configuration address respond

exit

!--- Create the Phase 2 policy for actual data encryption.

crypto ipsec transform-set strong esp-3des esp-md5-hmac

mode transport

exit

!

!--- This dynamic crypto map references the ISAKMP

!--- Profile ××× Client above.

!--- Reverse route injection is used to provide the

!--- DM××× networks access to any Easy ××× Client networks.

crypto dynamic-map dynmap 10

set transform-set strong

set isakmp-profile ×××client

reverse-route

exit

!

!

!--- Crypto map only references the dynamic crypto map above.

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

!

interface FastEthernet0/0

crypto map dynmap

exit

!

ip local pool natonpool 1.1.11.60 1.1.11.80

!=====BeiJing-center============DM×××部分=============================

!--- Keyring that defines the wildcard pre-shared key.

crypto keyring dm***spokes

pre-shared-key address 0.0.0.0 0.0.0.0 key naton123

exit

!

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DM××× spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

!

!--- Profile for LAN-to-LAN connection, references

!--- the wildcard pre-shared key and a wildcard

!--- identity (this is what is broken in

!--- Cisco bug ID CSCea77140)

!--- and no XAuth.

crypto isakmp profile DM×××

keyring dm***spokes

match identity address 0.0.0.0

exit

!

!

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

set isakmp-profile DM×××

exit

!

!

!--- Create a GRE tunnel template which is applied to

!--- all the dynamically created GRE tunnels.

router eigrp 10

network 1.1.1.0 0.0.0.255

network 10.0.0.0 0.0.0.255

no auto-summary

interface Tunnel0

ip address 10.0.0.1 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 300

no ip split-horizon eigrp 10

no ip next-hop-self eigrp 10

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

exit

!

=====ShangHai============DM×××部分=============================

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DM××× spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

!

!

crypto isakmp key naton123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

exit

router eigrp 10

network 2.2.2.0 0.0.0.255

network 10.0.0.0 0.0.0.255

no auto-summary

interface Tunnel0

ip address 10.0.0.2 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map 10.0.0.1 100.1.1.2

ip nhrp map multicast 100.1.1.2

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

=====ShenZhen============DM×××部分=============================

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DM××× spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

!

!

crypto isakmp key naton123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

exit

router eigrp 10

network 3.3.3.0 0.0.0.255

network 10.0.0.0 0.0.0.255

no auto-summary

interface Tunnel0

ip address 10.0.0.3 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map 10.0.0.1 100.1.1.2

ip nhrp map multicast 100.1.1.2

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

测试iPS:

Beijing-Cent:

#sh crypto ips sa

interface: Tunnel0

Crypto map tag: Tunnel0-head-0, local addr 100.1.1.2

protected vrf: (none)

local  ident (addr/mask/prot/port): (100.1.1.2/255.255.255.255/47/0)

remote ident (addr/mask/prot/port): (210.1.1.2/255.255.255.255/47/0)

current_peer 210.1.1.2 port 500

protected vrf: (none)

local  ident (addr/mask/prot/port): (100.1.1.2/255.255.255.255/47/0)

remote ident (addr/mask/prot/port): (220.1.1.2/255.255.255.255/47/0)

current_peer 220.1.1.2 port 500

ShangHai:

interface: Tunnel0

Crypto map tag: Tunnel0-head-0, local addr 210.1.1.2

protected vrf: (none)

local  ident (addr/mask/prot/port): (210.1.1.2/255.255.255.255/47/0)

remote ident (addr/mask/prot/port): (100.1.1.2/255.255.255.255/47/0)

current_peer 100.1.1.2 port 500

Shenzhen:

interface: Tunnel0

Crypto map tag: Tunnel0-head-0, local addr 220.1.1.2

protected vrf: (none)

local  ident (addr/mask/prot/port): (220.1.1.2/255.255.255.255/47/0)

remote ident (addr/mask/prot/port

BeiJing-Center#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

100.1.1.2       220.1.1.2       QM_IDLE           1002 ACTIVE

100.1.1.2       210.1.1.2       QM_IDLE           1001 ACTIVE

ShangHai#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

100.1.1.2       210.1.1.2       QM_IDLE           1001 ACTIVE

ShenZhen#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

100.1.1.2       220.1.1.2       QM_IDLE           1001 ACTIVE

BeiJing-Center#sh crypto engine connections activ

Crypto Engine Connections

ID  Type    Algorithm           Encrypt  Decrypt LastSeqN IP-Address

139  IPsec   3DES+SHA                  0       13       13 100.1.1.2

140  IPsec   3DES+SHA                 13        0        0 100.1.1.2

141  IPsec   3DES+SHA                  0        3        3 100.1.1.2

142  IPsec   3DES+SHA                  2        0        0 100.1.1.2

1001  IKE     MD5+3DES                  0        0        0 100.1.1.2

1002  IKE     MD5+3DES                  0        0        0 100.1.1.2

BeiJing-Center##ping 2.2.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 56/98/232 ms

BeiJing-Center##ping 3.3.3.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 56/78/100 ms

NoteBook

进入虚拟机添加IP地址200.1.1.2 255.255.255.0 200.1.1.1,安装cisco ××× Client 配置如下(name:naton,password:naton):

双击***,输入用户名cisco,密码cisco,显示拨入成功;

ping 总部服务器地址全通,Easy ×××配置成功。

本实验全部完成,请提出意见或建议,谢谢。

转载于:https://blog.51cto.com/aluna/1714988

DM***+EZ***相关推荐

  1. How to list/dump dm thin pool metadata device?

    2019独角兽企业重金招聘Python工程师标准>>> See: How to create metadata-snap for thin tools using? I don't ...

  2. 数据库迁移_【干货分享】DM数据库迁移方法(物理迁移)

    在数据库的维护过程中,可能涉及换服务器,或者需要现网数据库环境测试的情况,这时,最简单快速的办法就是将源数据库相关的文件拷贝到目标主机,然后注册数据库实例服务.这就是数据库的物理迁移过程,可以是从wi ...

  3. Ez*** on ASA

    Ez*** on ASA 拓扑: PC/64.1.1.1-------64.1.1.10/Internet/202.1.1.10------202.1.1.1/ASA/10.1.1.1------10 ...

  4. 一步一步搭架子(DM层与Service层)

    首先分享一点自己最近的感悟:讨厌你的人总可以找到理由去讨厌你 正文开始 如果您是初次阅读这个系列,请先去<Index & Writing Plan>查找并阅读"架构设计系 ...

  5. DM达梦数据库 - 设置忽略关键字方法,login关键字处理实例演示

    实例 sql 语句如下: INSERT INTO INTELLIV_USER (ID, LOGIN, PASSWORD_HASH, FIRST_NAME, LAST_NAME, EMAIL, IMAG ...

  6. 数据分层/ODS/DW/DM

    数据分层/ODS/DW/DM 数据分层 数据分层的目的 ODS层 (Operational Data Store 又称数据运营层) DW层(data warehouse 数据仓库) DM层 (data ...

  7. mysql数据迁移到teradata_Mysql迁移到达梦数据库-Mysql到DM的应用迁移-给自增列赋值-GroupBy语法不兼容...

    现象描述 把基于Mysql 的应用移植到达梦数据库,我们进程碰到下面两个问题. 场景一: 在完成了数据和应用系统的移植后,应用一启动,看到日志框框报错:无法给自增列赋值. [仅当指定列列表,且 SET ...

  8. sysdba 默认密码_干货分享|DM数据库密码策略和登录限制设置

    在数据库的用户安全中,口令复杂度策略和资源限制是用户安全重要的一部分.在DM数据库中,口令策略分为系统口令策略和用户口令策略.只有安全版本才支持对每个用户设置口令策略(即用户口令策略),非安全版本,只 ...

  9. 惠普微型计算机怎么样,垃圾佬的养成①日记之惠普HP 400G3 DM迷你小主机入手日记...

    垃圾佬的养成①日记之惠普HP 400G3 DM迷你小主机入手日记 2019-12-20 10:00:00 243点赞 1523收藏 434评论 购买理由 本人数码爱好者,pc行业几乎和我无关,但是我曾 ...

最新文章

  1. 数据结构学习(十三)、快速排序
  2. 真爱!微软宣布新开源网站,由 Jekyll 一键生成,代码所见即所得
  3. Python学习笔记(十五):类基础
  4. 记一次MySQL AUTO_INCREMENT的故障
  5. php mysql修改命令_PHP编程:mysql alter table命令修改表结构实例详解
  6. 图像梯度增强_使用梯度增强机在R中进行分类
  7. java在控制台输出空心正方形,菱形,空心菱形
  8. oracle 复制数据 insert into、as select
  9. 默认conf指向位置
  10. 不会写漂亮代码不是优秀的程序员,没有钢铁侠之躯不是合格的程序员
  11. 2021全国大学生数学建模竞赛E题思路
  12. 联想硬盘保护系统计算机名,联想硬盘保护系统EDU7.0安装方法
  13. php压缩html文件,压缩html_PHP压缩html的函数代码
  14. 【VOIP】yate sip客户端直接呼叫
  15. h5学习笔记 横排导航
  16. Qt:十六进制字符串和十六进制互转
  17. 混淆矩阵 confusion matrices
  18. 什么是域名(Domain Name ) ?
  19. eclipse使用技巧——备注格式的定义与模板
  20. Thinkpad X61驱动下载及安装方法 for windows XP

热门文章

  1. Python进程和线程保姆式教学,1个台机子多只手干活的秘籍
  2. 有效地使用计算机操作系统的教学设计与反思,《操作系统的基础知识(1)》教学设计及反思...
  3. c 语言set用法,使用
  4. xshell查询日志命令_Polysh命令实现多日志查询的方法示例
  5. android 使用jar里 aidl,Android Studio中用gradle打包带AIDL文件的jar文件
  6. 【Java工具类】使用Random类对象生成随机整数
  7. 主席树 + 树上倍增 ---- codeforces 587C[树上倍增或者主席树]
  8. codeforces432D[kmp的next数组的运用]
  9. hosts文件连接服务器失败,ssh连接远程服务器出现Host key验证失败的解决方案
  10. P1972 [SDOI2009]HH的项链(离线树状数组)