CISCO中ipsec的配置

拓扑图:

 

 

配置各接口ip,在R1和R3中配置环回接口当作内网

以下贴上ipsec配置的命令

R1:
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 23.0.0.3       
crypto ipsec transform-set TS ah-md5-hmac 
 mode tunnel
crypto map ipsec 10 ipsec-isakmp 
 set peer 23.0.0.3
 set transform-set TS 
 match address 100
access-list 100 permit ip host 1.1.1.1 host 3.3.3.3
int e0/0
 crypto map ipsec

R3:
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cisco address 12.0.0.1      
crypto ipsec transform-set TS ah-md5-hmac 
 mode tunnel
crypto map ipsec 10 ipsec-isakmp 
 set peer 12.0.0.1
 set transform-set TS 
 match address 100
access-list 100 permit ip host 3.3.3.3 host 1.1.1.1
int e0/0
 crypto map ipsec

 

ISAKMP只是在刚开始建立链接时才有,以后通信不会在发送

从抓包中可以看出,互相进行了三次的身份认证,vpn隧道打通

 

posted @ 2021-01-17 23:17  f1veseven  阅读(322)  评论(0编辑  收藏  举报