cisco 实验

IPsec v*n 实验

1. 拓扑
   

2. 要求
   （1）配置IP实现全网互通
   （2）R1.R2配置ipsec v*n

3. 配置步骤
   （1）配置IP全网互通
   略
   （2）
   crypto isakmp policy 1
   encryption aes
   hash sha
   authentication pre-share
   group 2
   lifetime 86400

R1:
access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
crypto ipsec transform-set bj-set esp-aes esp-sha-hmac
crypto isakmp key 0 [email protected] address 192.168.200.254
crypto map bj-v*n 1 ipsec-isakmp
set peer 192.168.200.254
match address 100
set transform-set bj-set
int f1/0
crypto map bj-v*n

R2:
access-list 100 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
crypto ipsec transform-set sh-set esp-aes esp-sha-hmac
crypto isakmp key 6 [email protected] address 192.168.100.254
crypto map sh-v*n 1 ipsec-isakmp
set peer 192.168.100.254
match address 100
set transform-set sh-set
int f1/0
crypto map sh-v*n

4. 验证