{"id":150,"date":"2010-12-10T23:43:37","date_gmt":"2010-12-10T15:43:37","guid":{"rendered":"http:\/\/www.microwolf.net\/?p=150"},"modified":"2010-12-10T23:43:37","modified_gmt":"2010-12-10T15:43:37","slug":"cisco-vpn%e8%bf%9e%e6%8e%a5%e9%85%8d%e7%bd%ae%e5%ae%9e%e4%be%8b","status":"publish","type":"post","link":"http:\/\/www.microwolf.net\/?p=150","title":{"rendered":"Cisco VPN\u8fde\u63a5\u914d\u7f6e\u5b9e\u4f8b"},"content":{"rendered":"\n\n
\u5728\u516c\u53f8\u7684\u5357\u4eac\u529e\u4e8b\u5904\u4e0e\u4e0a\u6d77\u529e\u4e8b\u5904\u4e4b\u95f4\u5efa\u7acbVPN\u8054\u63a5\u3002
\n \u5357\u4eac\u529e\u4e8b\u5904\u7f51\u7edc\u8bbe\u7f6e\uff1a
\n \u5185\u7f51IP 10.1.1.0\/24

\n \u5916\u7f51IP 202.102.1.5\/24

\n \u4e0a\u6d77\u529e\u4e8b\u5904\u7f51\u7edc\u8bbe\u7f6e\uff1a
\n \u5185\u7f51IP 10.1.2.0\/24

\n \u5916\u7f51IP 202.102.1.6\/24<\/p>\n

\n \u5357\u4eac\u8def\u7531\u5668\u914d\u7f6e
\n !
\n service timestamps debug uptime

\n service timestamps log uptime

\n no service password-encryption

\n !
\n hostname nanjing

\n !
\n enable cisco

\n !
\n !
\n !——\u4ee5\u4e0b\u914d\u7f6e\u52a0\u5bc6——–
\n crypto isakmp policy 1 \u751f\u6210iskamp policy number 1

\n encryption des \u9009\u62e9\u7528DES encryption\u4e5f\u53ef\u75283DES\u6307\u5b9a\u4e09\u500dDES\u52a0\u5bc6

\n hash sha \u6307\u5b9a\u4f7f\u7528\u7684\u6563\u5217\u7b97\u6cd5\uff0c\u4e5f\u53ef\u4ee5\u662fmd5(\u4e8c\u7aef\u4fdd\u6301\u4e00\u81f4)

\n authentication pre-share

\n group 1 \u6307\u5b9a\u4e3aDiffie-Hellman\u7ec4,1\u8868\u793a768\u4f4d,2\u8868\u793a1024\u4f4d

\n lifetime 14400 \u6307\u5b9a\u5b89\u5168\u5173\u8054\u7684\u6709\u6548\u671f\uff0c\u4e0d\u8bbe\u5c31\u4e3a\u9ed8\u8ba4\u503c

\n ——\u4ee5\u4e0b\u914d\u7f6e\u5bc6\u94a5\u65b9\u6cd5—–
\n crypto isakmp identity address \u6307\u5b9a\u4e0e\u8fdc\u7a0b\u8def\u7531\u5668\u901a\u4fe1\u65f6\u4f7f\u7528isakmp\u6807\u8bc6

\n crypto isakmp key 654321 address 202.102.1.6 \u5bf9\u8fdc\u7a0b\u8def\u7531\u5668\u7aef\u53e3202.102.1.6\u4f7f\u7528\u5bc6\u94a5654321

\n crypto isakmp key 654321 address 192.168.1.2 \u5bf9\u8fdc\u7a0b\u8def\u7531\u5668\u96a7\u9053\u7aef\u53e3192.168.1.2\u4f7f\u7528\u5bc6\u94a5654321

\n !
\n ——\u4ee5\u4e0b\u5b9a\u4e49\u4e00\u4e2a\u8f6c\u6362\u96c6—–
\n crypto ipsec transform-set tset1 ah-md5-hmac esp-des esp-md5-hmac \u53ef\u4ee5\u5b9a\u4e49\u4e00\u4e2a\u6216\u591a\u4e2a\u96c6

\n !
\n !
\n ——-\u4ee5\u4e0b\u5efa\u7acb\u52a0\u5bc6\u56fe——
\n crypto map cmap1 local-address serial 0 \u5b9a\u4e49\u52a0\u5bc6\u56fecmap1\u5e76\u6307\u5b9as0\u4e3a\u672c\u5730\u5730\u5740

\n crypto map cmap1 1 ipsec-isakmp \u7528\u5e8f\u53f71\u8bbe\u7f6e\u52a0\u5bc6\u56fe

\n set peer 202.102.1.6 \u8bbe\u5b9a\u76ee\u6807\u5730\u5740

\n set peer 192.168.1.2

\n set transform-set test1 \u6307\u5b9a\u8f6c\u6362\u96c6

\n match address 111 \u6307\u5b9a\u52a0\u5bc6\u8bbf\u95ee\u5217\u8868111\u4e2d\u7684\u5730\u5740

\n !
\n !
\n process-max-time 200

\n !
\n ——-\u4ee5\u4e0b\u8bbe\u7f6e\u96a7\u9053\u7aef\u53e3——
\n interface Tunnel0

\n ip address 192.168.1.1 255.255.255.0

\n tunnel source 202.102.1.5

\n tunnel destination 202.102.1.6

\n crypto map cmap

\n !
\n ——-\u4ee5\u4e0b\u8bbe\u7f6e\u5185\u7f51\u53e3——
\n interface Ethernet0

\n ip address 10.1.1.1 255.255.255.0

\n !
\n ——-\u4ee5\u4e0b\u8bbe\u7f6e\u5916\u7f51\u53e3——
\n interface serial0

\n ip address 202.102.1.5 255.255.255.0

\n no ip mroute-cache

\n no fair-queue

\n crypto map cmap

\n !
\n ip classless

\n !
\n ——-\u4ee5\u4e0b\u5efa\u7acb\u8bbf\u95ee\u5217\u8868111——
\n access-list 111 permit ip host 202.102.1.5 host 202.102.1.6

\n access-list 111 permit ip host 202.102.1.6 host 202.102.1.5

\n access-list 111 permit ip 10.1.1.0 0.0.0.255 202.102.1.0 0.0.0.255

\n access-list 111 permit ip 10.1.2.0 0.0.0.255 202.102.1.0 0.0.0.255

\n access-list 111 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255

\n access-list 111 permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255

\n !
\n line con 0

\n line aux 0

\n line vty 0 4

\n password cisco

\n login
\n !
\n end
\n !<\/p>\n

\u4e0a\u6d77\u8def\u7531\u5668\u914d\u7f6e
\n !
\n service timestamps debug uptime

\n service timestamps log uptime

\n no service password-encryption

\n !
\n hostname shanghai

\n !
\n enable cisco

\n !
\n !
\n !——\u4ee5\u4e0b\u914d\u7f6e\u52a0\u5bc6——–
\n crypto isakmp policy 1 \u751f\u6210iskamp policy number 1

\n encryption des \u9009\u62e9\u7528DES encryption\u4e5f\u53ef\u75283DES\u6307\u5b9a\u4e09\u500dDES\u52a0\u5bc6

\n hash sha \u6307\u5b9a\u4f7f\u7528\u7684\u6563\u5217\u7b97\u6cd5\uff0c\u4e5f\u53ef\u4ee5\u662fmd5(\u4e8c\u7aef\u4fdd\u6301\u4e00\u81f4)

\n authentication pre-share

\n group 1 \u6307\u5b9a\u4e3aDiffie-Hellman\u7ec4,1\u8868\u793a768\u4f4d,2\u8868\u793a1024\u4f4d

\n lifetime 14400 \u6307\u5b9a\u5b89\u5168\u5173\u8054\u7684\u6709\u6548\u671f\uff0c\u4e0d\u8bbe\u5c31\u4e3a\u9ed8\u8ba4\u503c

\n ——\u4ee5\u4e0b\u914d\u7f6e\u5bc6\u94a5\u65b9\u6cd5—–
\n crypto isakmp identity address \u6307\u5b9a\u4e0e\u8fdc\u7a0b\u8def\u7531\u5668\u901a\u4fe1\u65f6\u4f7f\u7528isakmp\u6807\u8bc6

\n crypto isakmp key 654321 address 202.102.1.5 \u5bf9\u8fdc\u7a0b\u8def\u7531\u5668\u7aef\u53e3202.102.1.6\u4f7f\u7528\u5bc6\u94a5654321

\n crypto isakmp key 654321 address 202.102.1.6 \u5bf9\u8fdc\u7a0b\u8def\u7531\u5668\u7aef\u53e3202.102.1.6\u4f7f\u7528\u5bc6\u94a5654321

\n crypto isakmp key 654321 address 192.168.1.1 \u5bf9\u8fdc\u7a0b\u8def\u7531\u5668\u96a7\u9053\u7aef\u53e3192.168.1.2\u4f7f\u7528\u5bc6\u94a5654321

\n !
\n ——\u4ee5\u4e0b\u5b9a\u4e49\u4e00\u4e2a\u8f6c\u6362\u96c6—–
\n crypto ipsec transform-set tset1 ah-md5-hmac esp-des esp-md5-hmac \u53ef\u4ee5\u5b9a\u4e49\u4e00\u4e2a\u6216\u591a\u4e2a\u96c6

\n !
\n !
\n ——-\u4ee5\u4e0b\u5efa\u7acb\u52a0\u5bc6\u56fe——
\n crypto map cmap1 local-address serial 0 \u5b9a\u4e49\u52a0\u5bc6\u56fecmap1\u5e76\u6307\u5b9as0\u4e3a\u672c\u5730\u5730\u5740

\n crypto map cmap1 1 ipsec-isakmp \u7528\u5e8f\u53f71\u8bbe\u7f6e\u52a0\u5bc6\u56fe

\n set peer 202.102.1.5 \u8bbe\u5b9a\u76ee\u6807\u5730\u5740

\n set peer 202.102.1.6

\n set peer 192.168.1.1

\n set transform-set test1 \u6307\u5b9a\u8f6c\u6362\u96c6

\n match address 111 \u6307\u5b9a\u52a0\u5bc6\u8bbf\u95ee\u5217\u8868111\u4e2d\u7684\u5730\u5740

\n !
\n !
\n process-max-time 200

\n !
\n ——-\u4ee5\u4e0b\u8bbe\u7f6e\u96a7\u9053\u7aef\u53e3——
\n interface Tunnel0

\n ip address 192.168.1.2 255.255.255.0

\n tunnel source 202.102.1.6

\n tunnel destination 202.102.1.5

\n crypto map cmap

\n !
\n ——-\u4ee5\u4e0b\u8bbe\u7f6e\u5185\u7f51\u53e3——
\n interface Ethernet0

\n ip address 10.1.2.1 255.255.255.0

\n !
\n ——-\u4ee5\u4e0b\u8bbe\u7f6e\u5916\u7f51\u53e3——
\n interface serial0

\n ip address 202.102.1.6 255.255.255.0

\n no ip mroute-cache

\n no fair-queue

\n crypto map cmap

\n !
\n ip classless

\n !
\n ——-\u4ee5\u4e0b\u5efa\u7acb\u8bbf\u95ee\u5217\u8868111——
\n access-list 111 permit ip host 202.102.1.5 host 202.102.1.6

\n access-list 111 permit ip host 202.102.1.6 host 202.102.1.5

\n access-list 111 permit ip 10.1.1.0 0.0.0.255 202.102.1.0 0.0.0.255

\n access-list 111 permit ip 10.1.2.0 0.0.0.255 202.102.1.0 0.0.0.255

\n access-list 111 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255

\n access-list 111 permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255

\n !
\n line con 0

\n line aux 0

\n line vty 0 4

\n password cisco

\n login
\n !
\n end
\n !<\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

\u5728\u516c\u53f8\u7684\u5357\u4eac\u529e\u4e8b\u5904\u4e0e\u4e0a\u6d77\u529e\u4e8b\u5904\u4e4b\u95f4\u5efa\u7acbVPN\u8054\u63a5\u3002 \u5357\u4eac\u529e\u4e8b\u5904\u7f51\u7edc\u8bbe\u7f6e\uff1a \u5185\u7f51IP 10.1.1.0\/24 \u5916 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"_links":{"self":[{"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/posts\/150"}],"collection":[{"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=150"}],"version-history":[{"count":2,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/posts\/150\/revisions"}],"predecessor-version":[{"id":152,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=\/wp\/v2\/posts\/150\/revisions\/152"}],"wp:attachment":[{"href":"http:\/\/www.microwolf.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=150"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.microwolf.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}