1.基本配置sw1envldvl2exitconftintrangef0/10,f0/1swmodaccswaccvl2endR1enconfthoR1intlo0ipadd1.1.1.1255.25
.
1.基本配置
sw1
en
vl d
vl 2
exit
conf t
int range f0/10 , f0/1
sw mod acc
sw acc vl 2
end
R1
en
conf t
ho R1
int lo0
ip add 1.1.1.1 255.255.255.0
int f0/0
ip add 10.1.1.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 10.1.1.10
end
R2
en
conf t
ho R2
int lo0
ip add 2.2.2.2 255.255.255.0
int f0/0
ip add 20.1.1.1 255.255.255.0
no sh
exit
ip route 0.0.0.0 0.0.0.0 20.1.1.10
end
ASA
en
conf t
int e0
nameif outside
security-level 0
ip add 10.1.1.10 255.255.255.0
no sh
int e1
nameif inside
security-level 100
ip add 20.1.1.10 255.255.255.0
no sh
exit
route outside 1.1.1.0 255.255.255.0 10.1.1.10
route inside 2.2.2.0 255.255.255.0 20.1.1.10
2.配置ipsec ***
R1
en
conf t
crypto isakmp po 10
g 2
en 3
authen pre-share
exit
crypto isakmp key 0 cisco add 10.1.1.10
access-list 100 permit 100 ip host 1.1.1.1 host 2.2.2.2
crypto ipsec transform-set myset esp-3des esp-md5
exit
crypto map cisco 10 ipsec-isakmp
match add 100
set transform-set myset
ser peer 10.1.1.10
exit
int f0/0
crypto map cisco
end
sh cry eng connec ac
ASA
en
conf t
crypto isakmp po 10
enc 3
g 2
authen pre
exit
tunnel group 10.1.1.1 ipsec type-121
tunnel group 10.1.1.1 ipsec-attr
crypto isakmp enable outside
crypto isakmp id add
crypto ipsec transform-set myset esp-3 esp-m
exit
access-list *** permit ip host 2.2.2.2 host 1.1.1.1
crypto map cisco 10 match add ***
crypto map cisco 10 set transform-set myset
crypto map cisco 10 set peer 10.1.1.1
crypto map cisco interface outside
sh crypto ips sa
.
