Cisco 路由器 VPN典型配置

本文通过VPN技术实现对两部分网络的互联，模拟ISP，贴近实用性，文章主要向我们展示了具体的操作步骤，主要是输入的基本命令。

本实验借助于Cisco 2600 路由器，通过VPN技术实现蓝色学苑，一分部和二分部之间的网络互联，为了贴近实用性，中间仍然通过Cisco 3640 模拟ISP 。

通过在网络基础部分的介绍，各位应该对VPN技术有了一定的认识，在VPN的实现中主要有两个方面：建立VPN Tunnel和IPSec的加密

Cisco 2600 with GRE Tunnel
Current configuration
!
version 12.0
sevice timestamps debug uptime
sevice timestamps log uptime
sevice password-encryption
!
hostname bluestudy1
!
enable passsword cisco
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
no ip directed-broadcast
ip mtu 1467
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
!
interface serial0/0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
frame-relay lmi-type ansi
!
interface serial0/0.1 point-to-point
description connected to internet
ip address 199.1.1.2 255.255.255.248
no ip directed-broadcast
ip nat outside
no arp frame-relay
frame-relay interface-dlci 111
!
!
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
router eigrp 100
network 172.16.0.0
!
router rip
version 2
network 172.16.0.0
no auto-summary
!
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 srial0/0.1
ip http server
!
access-list 2 permit 172.16.1.0 0.0.0.255
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password cisco
login
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end#p#

Cisco 2600 Configuration with IPSec
Current configuration
!
version 12.0
sevice timestamps debug uptime
sevice timestamps log uptime
sevice password-encryption
!
hostname bluestudy1
!
enable passsword cisco
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
crypto isakmp key policy 1
authentication pre-share
group 2
crypto isakmp key slurpee-machine address 172.16.101.2
!
crypto ipsec transform-set test ah-sha-hmac esp-des esp-sha-hmac
!
set transform-set test
!
crypto map bluestudy 10 ipsec-isakmp
set peer 172.16.101.2
set transform-set test
match address 101
!
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
no ip directed-broadcast
ip mtu 1467
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
crypto map bluestudy
!
interface serial0/0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
frame-relay lmi-type ansi
!
interface serial0/0.1 point-to-point
description connected to internet
ip address 199.1.1.2 255.255.255.248
no ip directed-broadcast
ip nat outside
no arp frame-relay
frame-relay interface-dlci 111
!
!
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
router eigrp 100
network 172.16.0.0
!
router rip
version 2
network 172.16.0.0
no auto-summary
!
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 srial0/0.1
ip http server
!
access-list 2 permit 172.16.1.0 0.0.0.255
access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255(对方网络，只有到这个网络的信息包才加密)
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password cisco
login
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end

【编辑推荐】

1. 思科精睿系列网络产品煤炭行业解决方案
2. 思科助力天津大学打造稳定网络
3. Avaya频推新品 紧盯微软与思科
4. 思科：把握移动互联网产业契机
5. 思科将最新网络架构引入区域市场