传输模式config tcrypto isakmp enablecrypto isakmp policy 11encryption 3deshash shagroup 2lifetime 5000au
.
传输模式
config t
crypto isakmp enable
crypto isakmp policy 11
encryption 3des
hash sha
group 2
lifetime 5000
authentication pre-share
exit
crypto isakmp key cisco123 address 212.0.0.2
------------------------------------------------------------------
access-list 111 permit ip any any
crypto ipsec transform-set set 1 ah-sha-hmac esp-3des esp-md5=hmac
exit
crypto map map1 10 ipsec-isakmp
match address 111
set transform-set set1
set peer 212.0.0.2
exit
interface s0/0
crypto map map1
no shut
end
show crypto ipsec sa
show crypto isakmp policy
show crypto ipsec transform-set
隧道模式
enable
config t
no ip domain-lookup
ip classless
ip subnet-zero
hostname R26
interface fa0/0
ip address 211.0.0.1 255.255.255.0
no shut
interface s0/0
ip address 212.0.0.1 255.255.255.0
no shut
exit
interface tunnel0
ip address 192.168.100.1 255.255.255.0
no shut
exit
router rip
net 211.0.0.0
net 212.0.0.0
net 192.168.100.0
end
show ip route
config t
crypto isakmp enable
crypto isakmp policy 11
encryption 3des
hash sha
group 2
lifetime 5000
authentication pre-share
exit
crypto isakmp key cisco123 address 212.0.0.2
access-list 111 permit gre host 212.0.0.1 host 212.0.0.2
access-list 111 permit ip any any
crypto ipsec transform-set set 1 ah-sha-hmac esp-3des esp-md5=hmac变换级
mode tunnel
exit
crypto map map1 10 ipsec-isakmp
match address 111
set transform-set set1
set peer 212.0.0.2
exit
int s1/2
crypto map map1
no shut
interface tunnel0
tunnel source 212.0.0.1
tunnel destination 212.0.0.2
crypto map map1
no shut
end
show crypto ipsec sa
exit
