cisco 2911 策略***
aaa authentication login remote localaaa authorization network remote local
crypto isakmp client configuration group test
key sdfiengi!@$&^
pool dhpool
acl test_acl
save-password
crypto isakmp profile test_pro
match> client authentication list remote
isakmp authorization list remote
client configuration address respond
virtual-template 100
crypto ipsec transform-set test_tran esp-des esp-md5-hmac
crypto ipsec profile test_ipsec_pro
set transform-set test_tran
set isakmp-profile test_pro
interface GigabitEthernet0/0
ip address 115.123.80.3 255.255.255.224
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface Virtual-Template100 type tunnel
ip unnumbered GigabitEthernet0/0
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile test_ipsec_pro
ip local pool dhpool 172.29.254.100 172.29.254.200
ip access-list extended test_acl
permit ip 172.29.0.0 0.0.255.255 any
permit ip any 172.29.0.0 0.0.255.255
页:
[1]