完成之后,如果需要修改,可以在主界面编辑和修改。
下面是上述配置后路由器的执行结果。
| Building configuration… Current configuration : 3336 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable password cisco ! aaa new-model ! !— In order to set AAA authentication at login, use the aaa authentication login !— command in global configuration mode . aaa authentication login default local !— Here, list name “sdm_vpn_xauth_ml_1” is specified for !— the authentication of the clients. aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ! resource policy ! ! ip cef ! !— The RSA certificate generates after the !— ip http secure-server command is enabled. crypto pki trustpoint TP-self-signed-392370502 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-392370502 revocation-check none rsakeypair TP-self-signed-392370502 ! ! crypto pki certificate chain TP-self-signed-392370502 certificate self-signed 01 3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 (省略) quit ! !— Creates a user account with all privileges. username sdmsdm privilege 15 password 0 sdmsdm ! ! !— Creates an isakmp policy 1 with parameters like !— 3des encryption, pre-share key authentication, and DH group 2. crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp client configuration group vpn !— Defines the pre-shared key as sdmsdm. key sdmsdm pool SDM_POOL_1 netmask 255.255.255.0 ! !— Defines transform set parameters. crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! !— Specifies the crypto map parameters. crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! interface Ethernet0/0 no ip address shutdown half-duplex ! interface FastEthernet1/0 ip address 10.77.241.157 255.255.255.192 duplex auto speed auto ! interface Serial2/0 ip address 10.1.1.1 255.255.255.0 no fair-queue !— Applies the crypto map SDM_CMAP1 to the interface. crypto map SDM_CMAP_1 ! interface Serial2/1 no ip address shutdown ! interface Serial2/2 no ip address shutdown ! interface Serial2/3 no ip address shutdown !— Creates a local pool named SDM_POOL_1 for issuing IP !— addresses to clients. ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5 !— Commands for enabling http and https required to launch SDM. ip http server ip http secure-server ! control-plane ! line con 0 line aux 0 line vty 0 4 password cisco ! end |
我们一直都在努力坚持原创.......请不要一声不吭,就悄悄拿走。
我原创,你原创,我们的内容世界才会更加精彩!
【所有原创内容版权均属TechTarget,欢迎大家转发分享。但未经授权,严禁任何媒体(平面媒体、网络媒体、自媒体等)以及微信公众号复制、转载、摘编或以其他方式进行使用。】
微信公众号
TechTarget
官方微博
TechTarget中国
作者
相关推荐
-
VPN技术的发展将如何改变远程访问?
VPN(虚拟专用网络)已经存在一段时间了。在过去二十年中,随着VPN的发展,这项技术已经从方便远程访问的点对点连接技术,转变成为基于复杂安全性的多点连接。
-
无视IPv6连接?后果自负!
如果你无视IPv6在你网络的影响,你可能给你自己带来更大的伤害。此外,你还需要考虑的是,IPv6连接不只是“网络的事”。
-
不暴露才安全:飞鱼星视频监控安全解决之道
我们不能抑制企业远程访问内网的需求,也不能指望一串复杂密码保卫一切,那么,最行之有效的方法就是不给企业信息暴露在互联网的机会,要做到这点,企业只需采用具有VPN功能的网络设备。
-
一个优质的VPN:危险网络世界中的生存之道
在这个越来越危险的网络世界中,一个值得信赖的虚拟专用网络(VPN)比任何时候都来得重要。