vpn案例之四client连接ASA的vpn
主要的代码:
ISP:
conf t
hostname ISP
int f1/0
ip add 100.0.0.6 255.255.255.252
no sh
int f3/0
ip add 100.0.0.1 255.255.255.252
no sh
int f2/0
ip add 200.0.0.2 255.255.255.252
no sh
exit
GZASA:
conf t
username dragon password qwe123
int e0/0
nameif inside
ip add 192.168.1.254 255.255.255.0
no sh
int e0/1
nameif outside
ip add 100.0.1.5 255.255.255.0
no sh
exit
route outside 0 0 100.0.1.6
crypto isakmp enable outside
crypto isakmp policy 10
encryption 3des
hash sha
authentication pre-share
group 2
exit
ip local pool dragon-pool 192.168.2.200-192.168.2.210
group-policy test-group internal
tunnel-group dragon-group type ipsec-ra
tunnel-group dragon-group general-attributes
address-pool dragon-pool
default-group-policy test-group
exit
tunnel-group dragon-group ipsec-attributes
pre-shared-key 123456
exit
crypto ipsec transform-set dragon-set esp-3des esp-sha-hmac
crypto dynamic-map dragon-dymap 1 set transform-set dragon-set
crypto map jingtai 1000 ipsec-isakmp dynamic dragon-dymap
crypto map jingtai int outside
access-list split permit ip 192.168.1.0 255.255.255.0 any
group-policy test-group attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
dns-server value 200.0.0.1
GZROUTER:
conf t
hostname GZ
int f1/0
ip add 100.0.1.6 255.255.255.0
no sh
int f2/0
ip add 100.0.0.5 255.255.255.252
no sh
exit
ip route 0.0.0.0 0.0.0.0 100.0.0.6
ip route 192.168.1.0 255.255.255.0 100.0.1.5
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 permit ip any any
ip nat inside source list 100 int f2/0 overload
int f2/0
ip nat outside
int f1/0
ip nat inside
exit
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip nat inside source list 101 interface f2/0 overload
ip nat inside source static udp 100.0.1.5 4500 interface f2/0 4500
ip nat inside source static udp 100.0.1.5 500 interface f2/0 500
实验效果:
本文出自 “龙爱雪琪” 博客,请务必保留此出处http://dragon123.blog.51cto.com/9152073/1574256
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
