Site to Site VPN（斯特罗姆vs格里塔）

Site to Site VPN（斯特罗姆vs格里塔）

拓扑如下HQ LAN<——>HQ Router<——>INTERNET Router<——>BR Router<——>BR LAN

配置如下

总部HQ!ip access-list extended S2Spermit ip 192.168.11.0 0.0.0.255 192.168.12.0 0.0.0.255!!crypto isakmp policy 10encr 3deshash md5authentication pre-sharegroup 5crypto isakmp key cisco address 202.202.202.1!!crypto ipsec transform-set MYTRAN esp-3des esp-md5-hmac !crypto map MYMAP 10 ipsec-isakmp set peer 202.202.202.1set transform-set MYTRAN match address S2Sreverse-route static!

ip nat inside source list NAT interface Serial1/0 overload!ip access-list extended NATdeny ip 192.168.11.0 0.0.0.255 192.168.12.0 0.0.0.255permit ip 192.168.11.0 0.0.0.255 any

分支BRip access-list extended S2Spermit ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255!!crypto isakmp policy 10encr 3deshash md5authentication pre-sharegroup 5crypto isakmp key cisco address 101.101.101.1!!crypto ipsec transform-set MYTRAN esp-3des esp-md5-hmac !crypto map MYMAP 10 ipsec-isakmp set peer 101.101.101.1set transform-set MYTRAN match address S2Sreverse-route static!

ip nat inside source list NAT interface Serial1/0 overload!ip access-list extended NATdeny ip 192.168.12.0 0.0.0.255 192.168.11.0 0.0.0.255permit ip 192.168.12.0 0.0.0.255 any

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。