国产探花免费观看_亚洲丰满少妇自慰呻吟_97日韩有码在线_资源在线日韩欧美_一区二区精品毛片,辰东完美世界有声小说,欢乐颂第一季,yy玄幻小说排行榜完本

首頁 > 學院 > 網絡通信 > 正文

cisco 實現動態vpn的一個例子

2019-11-05 00:04:22
字體:
來源:轉載
供稿:網友

  最近看vpn的東西比較多,發現現在很多廠家都在關注中小企業的基于動態ip地址的vpn的實現。
  
  當然cisco也不例外,在他的 ios 12.3 (4) T 中開始支持動態的地址解析vpn peer 的方式。
  
  來看個例子
  
  現在Cisco IOS 12.3(4)T中新增了根據DNS名稱來建立VPN peer 的命令,借助希網(3322.org)、
  
  有一個動態地址Site-to-Site VPN的案例,你自己改一下配置就可以了
  
  總部:pix 525 adsl靜態ip,內部ip地址168.98.0.0
  分部:cisco 2621 adsl動態ip ,內部ip地址168.98.1.0
  要求,總部,分部,均VPN連接
  可上網,分部168.98.1.0網段訪問總部168.98.0.0網段時,自動建立
  
  總部的防火墻配置:
  : Saved
  : Written by enable_
  15 at 16:16:19.510 UTC Sun J
  ul 25 2004
  
  PIX Version 6.3(3)
  interface ethernet0 auto
  interface ethernet1 auto
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable passWord 2KFQnbNIdI.2KYOU encrypted
  hostname pixfirewall
  domain-name localdomain
  fixup PRotocol dns maximum-length 512
  fixup protocol FTP 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol SKINny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  object-group service http2 tcp
  port-object eq www
  port-object range 9080 9090
  access-list nonat permit ip 168.98.0.0 255.255.255.0 168.98.1.0 255.255.255.0
  
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip address outside a.b.c.d 255.255.255.128
  
  ip address inside 168.98.0.254 255.255.255.0
  
  
  ip audit info action alarm
  ip audit attack action alarm
  no failover
  failover timeout 0:00:00
  failover poll 15
  no failover ip address outside
  no failover ip address inside
  pdm location 168.98.0.250 255.255.255.255 inside
  
  pdm location 168.98.1.0 255.255.255.0 outside
  
  
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list nonat
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  conduit permit icmp any any
  conduit permit tcp any object-group http2 any
  
  
  route outside 0.0.0.0 0.0.0.0 電信網關1
  timeout xlate 3:00:00
  timeout conn 1:00:00
  half-closed 0:10:00 udp 0:0
  2:00 rpc 0:10:00 h225 1:00:00
  
  timeout h323 0:05:00 mgcp 0:05:00 si
  p 0:30:00 sip_media 0:02:00
  
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server LOCAL protocol local
  http server enable
  http 168.98.0.250 255.255.255.255 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  crypto ipsec transform-set router-se
  t esp-des esp-md5-hmac
  
  crypto dynamic-map c
  isco 1 set transform-set rou
  ter-set
  
  crypto map dyn-map 1
  0 ipsec-isakmp dynamic cisco
  
  
  crypto map dyn-map interface outside
  isakmp enable outside
  isakmp key cisco123 address 0.0.0.0
  netmask 0.0.0.0
  
  isakmp policy 10 authentication pre-share
  isakmp policy 10 encryption des
  isakmp policy 10 hash md5
  isakmp policy 10 group 1
  isakmp policy 10 lifetime 86400
  telnet 168.98.0.250
  255.255.255.255 inside
  
  
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  username pixuser pas
  sword 70BnAnxaMBm181Wa encry
  pted privilege 2
  
  terminal width 80
  Cryptochecksum:a44fafd4f70dd9e548cd5
  fd61a6d20ff
  
  : end
  
  分部的路由器配置:
  
  !
  version 12.3
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  !
  hostname Router
  !
  boot-start-marker
  boot-end-marker
  !
  enable secret 5 $s
  PqPwW1GX.TXw8RGSHEvqa2.
  
  
  !
  no aaa new-model
  ip subnet-zero
  !
  !
  !
  !
  no ip domain lookup
  ip audit notify log
  ip audit po max-events 100
  ip ssh break-string
  vpdn enable
  !
  vpdn-group pppoe
  request-dialin
  protocol pppoe
  !
  no ftp-server write-enable
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  crypto isakmp policy 1
  hash md5
  authentication pre-share
  crypto isakmp key cisco123 address a
  .b.c.d
  
  !
  !
  crypto ipsec transfo
  rm-set pix-set esp-des esp-m
  d5-hmac
  
  !
  crypto map pix 10 ipsec-isakmp
  set peer a.b.c.d
  set transform-set pix-set
  match address 101
  !
  !
  !
  !
  !
  !
  !
  interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  pppoe enable
  pppoe-client dial-pool-number 1
  !
  interface FastEthernet0/1
  ip address 168.98.1.254 255.255.255.0
  ip nat inside
  ip tcp adjust-mss 1450
  duplex auto
  speed auto
  !
  interface Dialer1
  ip address negotiated
  ip mtu 1492
  ip nat outside
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp pap sent-username ddd password 0 ddd
  crypto map pix
  !
  ip nat inside source
  route-map nonat interface D
  ialer1 overload
  
  ip classless
  ip route 0.0.0.0 0.0.0.0 Dialer1
  !
  no ip http server
  no ip http secure-server
  !
  !
  access-list 101 permit ip 168.98.1.0
  0.0.0.255 168.98.0.0 0.0.0.255
  
  access-list 110 deny
  ip 168.98.1.0 0.0.0.255 168
  .98.0.0 0.0.0.255
  
  access-list 110 permit ip 168.98.1.0
  0.0.0.255 any
  
  !
  route-map nonat permit 10
  match ip address 110
  !
  !
  !
  control-plane
  !
  !
  !
  !
  !
  !
  !
  !
  !
  line con 0
  line aux 0
  line vty 0 4
  password cisco
  login
  !
  !
  !
  end
  
  這是一個site to site 的vpn的實現,很多中國的企業,也在用軟件的方式來實現這些功能,同時也支持移動用戶的方式。

  一般來講,就是在中心點(總部,同樣可以是動態ip地址)安裝一個vpn軟件的服務器版本,然后在遠端的lan上安裝一個vpn 網關,移動用戶安裝vpn 移動客戶端。
  但是感覺速度永遠是一個瓶頸,大家自己衡量吧。

發表評論 共有條評論
用戶名: 密碼:
驗證碼: 匿名發表
主站蜘蛛池模板: 城固县| 巨野县| 眉山市| 泉州市| 南岸区| 罗甸县| 梧州市| 商丘市| 报价| 内乡县| 阆中市| 庄河市| 金湖县| 许昌县| 亚东县| 盐源县| 舞钢市| 镶黄旗| 白银市| 麟游县| 金秀| 新乐市| 桑植县| 霍州市| 民乐县| 延安市| 龙里县| 施甸县| 苗栗县| 庆阳市| 丰原市| 安龙县| 南丹县| 祁阳县| 北宁市| 巴林右旗| 马龙县| 阿克苏市| 邵武市| 常宁市| 武鸣县|