IT运维管理,创造商业价值!
中国IT运维网首页 | 资讯中心 | 运维管理 | 信息安全 | CIO视界 | 云计算 | 最佳案例 | 运维资源 | 专题策划 | 知识库 | 论坛

一个已经成功的ADSL+VPN的配置例子

2008年06月24日
/
  !
  version 12.2
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  !
  hostname Router-B>
  !
  enable password nesic
  !
  ip subnet-zero
  !
  !
  !
  ip audit notify log
  ip audit po max-events 100
  vpdn enable
  !
  vpdn-group cat
  request-dialin
  protocol pppoe
  !
  !
  crypto isakmp policy 1
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp key nesic address 218.20.58.184
  crypto isakmp keepalive 10
  !
  !
  crypto ipsec transform-set NESIC esp-3des esp-md5-hmac
  !
  crypto map NESICMAP 10 ipsec-isakmp
  set peer 218.20.58.184
  set transform-set NESIC
  match address 100
  !
  !
  !
  !
  !
  !
  !
  !
  fax interface-type fax-mail
  mta receive maximum-recipients 0
  !
  !
  !
  !
  interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  pppoe enable
  pppoe-client dial-pool-number 1
  !
  interface Ethernet1/0
  ip address 192.168.3.1 255.255.255.0
  half-duplex
  !
  interface Ethernet1/1
  no ip address
  half-duplex
  !
  interface Ethernet1/2
  no ip address
  shutdown
  half-duplex
  !
  interface Ethernet1/3
  no ip address
  shutdown
  half-duplex
  !
  interface Dialer1
  ip address negotiated
  ip mtu 1492
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication pap callin
  ppp pap sent-username gzDSLNAMERT@163.gd password 0 XXXXXX
  crypto map NESICMAP
  !
  router rip
  network 192.168.3.0
  !
  ip nat inside source route-map nanat interface Dialer1 overload
  ip classless
  ip route 0.0.0.0 0.0.0.0 Dialer1
  ip http server
  ip pim bidir-enable
  !
  !
  access-list 100 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 110 deny ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  access-list 110 permit ip any any
  !
  route-map nanat permit 10
  match ip address 110
  !
  call rsvp-sync
  !
  !
  mgcp profile default
  !
  dial-peer cor custom
  !
  !
  !
  !
  !
  line con 0
  line aux 0
  line vty 0 4
  password nesic
  login
  !
  !
  FW:crypto isakmp key nesic address 218.20.58.184 ------这句定义一个isakmp key为nesic,指定peer-address为218.20.58.184
  crypto map NESICMAP 10 ipsec-isakmp -------这句定义crypto map 名为NESICMAP
  set peer 218.20.58.184 ---------------这句指定一个IP Security Peer in a crypto map entry
  set transform-set NESIC ----------指定transform-set为NESIC
  match address 100 ------------这句用扩展IP访问控制列表来匹配address
发表评论请到:http://bbs.cnitom.com

相关阅读

图文热点

以不变应万变 网络虚拟化应对园区网新挑战
以不变应万变 网络虚拟化应对园区网新挑战Forrester Research的分析师Robert Whiteley认为: “十年以来,虚拟化技术与网络...
OpenShift加入更多新元素 友好面对开发者
OpenShift加入更多新元素 友好面对开发者通过网络进行程序提供的服务称之为SaaS(Software as a Service),而将服务器平台...

本类热点