本文共 950 字,大约阅读时间需要 3 分钟。
配置模板:
interface e0/0
nameif inside
security-level 100
ip address x.x.x.x 255.255.255.0(修改为本地内网 IP 及掩码 )
!
interface e0/1
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248 (修改为本地公网 IP 及掩码 )
!
interface Ethernet0/2
!
interface Ethernet0/3
!
access-list 101 extended permit ip x.x.x.x 255.255.255.0 x.x.0.0 255.255.0.0 (修改为本地内网 IP 及掩码 )
route outside 0.0.0.0 0.0.0.0 x.x.x.x (修改为本地公网网关 )
crypto ipsec transform-set 名称1 esp-3des esp-md5-hmac(定义字符集)
crypto map test 1 match address 101(定义兴趣流)
crypto map test 1 set peer x.x.x.x(远端公网IP)
crypto map test 1 set transform-set 名称1
crypto map test interface outside (接口调用策略)
crypto isakmp enable outside(开启IKE协商)
crypto isakmp policy 10(IKE安全策略)
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
!
tunnel-group x.x.x.x type ipsec-l2l //定义×××的形式以peer
tunnel-group x.x.x.x ipsec-attributes//进入ipsec-***的属性配置
pre-shared-key xxx认证密钥
转载于:https://blog.51cto.com/livetony/2407690