完成Easy VPN配置
完成之后,如果需要修改,可以在主界面编辑和修改。
下面是上述配置后路由器的执行结果。
Building configuration...
Current configuration : 3336 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
aaa new-model
!
!--- In order to set AAA authentication at login, use the aaa authentication login
!--- command in global configuration mode
.
aaa authentication login default local
!--- Here, list name "sdm_vpn_xauth_ml_1" is specified for
!--- the authentication of the clients.
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
!
ip cef
!
!--- The RSA certificate generates after the
!--- ip http secure-server command is enabled.
crypto pki trustpoint TP-self-signed-392370502
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-392370502
revocation-check none
rsakeypair TP-self-signed-392370502
!
!
crypto pki certificate chain TP-self-signed-392370502
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
(省略)
quit
!
!--- Creates a user account with all privileges.
username sdmsdm privilege 15 password 0 sdmsdm
!
!
!--- Creates an isakmp policy 1 with parameters like
!--- 3des encryption, pre-share key authentication, and DH group 2.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vpn
!--- Defines the pre-shared key as sdmsdm.
key sdmsdm
pool SDM_POOL_1
netmask 255.255.255.0
!
!--- Defines transform set parameters.
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!--- Specifies the crypto map parameters.
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
interface Ethernet0/0
no ip address
shutdown
half-duplex
!
interface FastEthernet1/0
ip address 10.77.241.157 255.255.255.192
duplex auto
speed auto
!
interface Serial2/0
ip address 10.1.1.1 255.255.255.0
no fair-queue
!--- Applies the crypto map SDM_CMAP1 to the interface.
crypto map SDM_CMAP_1
!
interface Serial2/1
no ip address
shutdown
!
interface Serial2/2
no ip address
shutdown
!
interface Serial2/3
no ip address
shutdown
!--- Creates a local pool named SDM_POOL_1 for issuing IP
!--- addresses to clients.
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5
!--- Commands for enabling http and https required to launch SDM.
ip http server
ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password cisco
!
end
