中心CISCO配置建立VPN配置

Username: admin Password:  Router>en Password:  Router#show run Building configuration... Current configuration : 2060 bytes ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY ! no aaa new-model ! ip cef ! ! ! ip dhcp excluded-address 192.168.0.165 ip dhcp excluded-address 192.168.0.180 ip dhcp excluded-address 192.168.0.201 ! ip dhcp pool vlan101  network 192.168.0.0 255.255.255.0  default-router 192.168.0.1   dns-server 219.141.136.10  ! ! ! no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! license udi pid CISCO2921/K9 sn FGL170812WS ! !          username admin password 0 cisco ! redundancy ! ! crypto isakmp policy 1  encr 3des  hash md5 authentication pre-share  group 2 crypto isakmp key 123456 address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac ! crypto dynamic-map DYNMAP 100                     //创建动态保密图  set transform-set ESP-3DES-MD5              //使用上面定义的变换集ESP-3DES-MD5  match address 100        crypto map OUTSIDE_MAP 10000 ipsec-isakmp dynamic DYNMAP interface Embedded-Service-Engine0/0  no ip address  shutdown ! interface GigabitEthernet0/0  description connect internet  ip address 124.126.246.210 255.255.255.252  ip nat outside  ip virtual-reassembly in  duplex full  speed 100 crypto map OUTSIDE_MAP      ! interface GigabitEthernet0/1  description connect neiwang  ip address 192.168.0.1 255.255.255.0  ip nat inside  ip virtual-reassembly in  duplex full  speed 100 ! interface GigabitEthernet0/2  no ip address  shutdown  duplex auto  speed auto ! interface FastEthernet0/0/0  no ip address  shutdown  duplex auto  speed auto ! interface FastEthernet0/0/1  no ip address  shutdown  duplex auto  speed auto ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list 101 interface GigabitEthernet0/0 overload ip nat inside source static 192.168.0.165 219.143.223.152 ip nat inside source static 192.168.0.180 219.143.223.153 ip nat inside source static 192.168.0.201 219.143.223.154 ip route 0.0.0.0 0.0.0.0 124.126.246.209 ! access-list 100 permit ip 192.168.0.0 0.0.255.255 192.168.2.0 0.255.255.255   //定义VPN Station 1受保护的流量 access-list 100 permit ip 192.168.0.0 0.0.255.255 192.168.3.0 0.255.255.255   //定义VPN Station 2受保护的流量 access-list 101 deny   ip 192.168.0.0 0.0.255.255 192.168.2.0 0.255.255.255  access-list 101 deny   ip 192.168.0.0 0.0.255.255 192.168.3.0 0.255.255.255     //定义NAT规则访问列表 access-list 101 permit ip 192.168.0.0 0.0.255.255 any ! ! ! control-plane ! ! ! line con 0  password cisco  login line aux 0 line 2  no activation-character  no exec  transport preferred none  transport input all  transport output pad telnet rlogin lapb-ta mop udptn v120 ssh  stopbits 1 line vty 0 4  login local  transport input all ! scheduler allocate 20000 1000 ! end