CISCO中ipsec的配置
拓扑图:
配置各接口ip,在R1和R3中配置环回接口当作内网
以下贴上ipsec配置的命令
R1: crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key cisco address 23.0.0.3 crypto ipsec transform-set TS ah-md5-hmac mode tunnel crypto map ipsec 10 ipsec-isakmp set peer 23.0.0.3 set transform-set TS match address 100 access-list 100 permit ip host 1.1.1.1 host 3.3.3.3 int e0/0 crypto map ipsec R3: crypto isakmp policy 10 hash md5 authentication pre-share group 2 crypto isakmp key cisco address 12.0.0.1 crypto ipsec transform-set TS ah-md5-hmac mode tunnel crypto map ipsec 10 ipsec-isakmp set peer 12.0.0.1 set transform-set TS match address 100 access-list 100 permit ip host 3.3.3.3 host 1.1.1.1 int e0/0 crypto map ipsec
ISAKMP只是在刚开始建立链接时才有,以后通信不会在发送
从抓包中可以看出,互相进行了三次的身份认证,vpn隧道打通