思科防火墙PIX8.0 L2LVPN解决地址重叠测试(2)(3)
2013-07-04 01:41
浏览:
也可以写得更详细:
access-list VPN extended permit ip host 172.16.1.2 host 10.1.2.2
④配置crypto map并应用:
crypto map crymap 10 match address VPN
crypto map crymap 10 set peer 202.100.2.1
crypto map crymap 10 set transform-set transet
crypto map crymap interface Outside
⑤在接口启用isakmp:
crypto isakmp enable Outside
B.PIX80_Branch防火墙:
①第一阶段策略:
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
tunnel-group 202.100.1.1 type ipsec-l2l
tunnel-group 202.100.1.1 ipsec-attributes
pre-shared-key cisco
②第二阶段转换:
crypto ipsec transform-set transet esp-des esp-md5-hmac
③感兴趣流:
access-list VPN extended permit ip 10.1.2.0 255.255.255.0 172.16.1.0 255.255.0.0
也可以写得更详细:
access-list VPN extended permit ip host 10.1.2.2 host 172.16.1.2
④配置crypto map并应用:
crypto map crymap 10 match address VPN
crypto map crymap 10 set peer 202.100.1.1
crypto map crymap 10 set transform-set transet
crypto map crymap interface Outside
⑤在接口启用isakmp:
crypto isakmp enable Outside
七.测试:
A.连接公网测试:
①ERP_HQ路由器:
ERP_HQ#ping 202.100.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.100.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/94/292 ms
ERP_HQ#
Internet#debug ip icmp
ICMP packet debugging is on
Internet#
*Mar 2 07:36:11.648: ICMP: echo reply sent, src 202.100.1.10, dst 202.100.1.1
*Mar 2 07:36:11.768: ICMP: echo reply sent, src 202.100.1.10, dst 202.100.1.1
*Mar 2 07:36:11.856: ICMP: echo reply sent, src 202.100.1.10, dst 202.100.1.1
*Mar 2 07:36:12.096: ICMP: echo reply sent, src 202.100.1.10, dst 202.100.1.1
*Mar 2 07:36:12.132: ICMP: echo reply sent, src 202.100.1.10, dst 202.100.1.1
②ERP_Brach路由器:
ERP_Branch#ping 202.100.2.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.100.2.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/92/344 ms
ERP_Branch#
Internet#debug ip icmp
- -
-
- 相关推荐
-
- ADSL并用CISCO路由器自建PPPoe Server上网
- 双线接入下的cisco路由器和交换机的配置方法
- 思科Easy VPN的运用
- cisco 2960如何保存配置到本地,适用其他思科路由
- 用思科做HSRP
- 思科路由器L2L、EzVPN旁挂方式部署测试
- CCNA证书实验一(CISCO路由器的基本操作)
- CISCO组播RPF逆向路径转发实验原理
- IPv6在路由、PC上的配置教程
- Cisco 3640系列IPsec VPN简单配置
- 实例讲解 思科RIP动态路由基本配置
- 思科防火墙PIX8.0 L2LVPN解决地址重叠测试(2)
- 【实例】CCNA EIGRP路由协议的配置
- Cisco 配置STP与VTP
- 思科默认路由以及浮动路由
- 半年热点
-
【视频教程】迅捷(Fast)路由器如何设置?
浏览: 104
【视频】如何通过手机设置TP-LINK无线路由器上网
浏览: 127
自己家里的wifi密码怎么改
浏览: 95
melogin.cn页面进不去怎么办
浏览: 196
手机如何设置TP-LINK路由器?
浏览: 97
华为荣耀路由Pro2使用设置方法
浏览: 164
遇到无法登录tplogin.cn的情况,怎么办?
浏览: 119
【教程】怎么在手机上修改路由器的WIFI密码
浏览: 147
192.168.1.1打不开怎么办(二)
浏览: 174
192.168.1.1打不开怎么办(一)
浏览: 158
【教程】华为TC5200路由器怎么设置
浏览: 196
