您好,登錄后才能下訂單哦!
配置模板:
interface e0/0
nameif inside
security-level 100
ip address x.x.x.x 255.255.255.0(修改為本地內(nèi)網(wǎng) IP 及掩碼 )
!
interface e0/1
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248 (修改為本地公網(wǎng) IP 及掩碼 )
!
interface Ethernet0/2
!
interface Ethernet0/3
!
access-list 101 extended permit ip x.x.x.x 255.255.255.0 x.x.0.0 255.255.0.0 (修改為本地內(nèi)網(wǎng) IP 及掩碼 )
route outside 0.0.0.0 0.0.0.0 x.x.x.x (修改為本地公網(wǎng)網(wǎng)關(guān) )
crypto ipsec transform-set 名稱1 esp-3des esp-md5-hmac(定義字符集)
crypto map test 1 match address 101(定義興趣流)
crypto map test 1 set peer x.x.x.x(遠端公網(wǎng)IP)
crypto map test 1 set transform-set 名稱1
crypto map test interface outside (接口調(diào)用策略)
crypto isakmp enable outside(開啟IKE協(xié)商)
crypto isakmp policy 10(IKE安全策略)
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
!
tunnel-group x.x.x.x type ipsec-l2l //定義×××的形式以peer
tunnel-group x.x.x.x ipsec-attributes//進入ipsec-***的屬性配置
pre-shared-key xxx認證密鑰
免責聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。