close

 pic000.png 

 

說明:這只是個Packet Tracer的簡單Lab,無聊複習用而已吧!

   感覺怎麼出Lab都覺得只是把簡單的Lab擴大化而已,

   這次會把Remote Access VPN需要打的指令標出來,

   但不做指令解釋,在前一篇已有解釋。

   這次只PO RO_A的,因為其它台的覺得沒什麼重要,就不PO囉

   為了減少行數,刪除不必要之設定

 

實作條件:

一、ISP的4顆Router要跑EIGRP協定

二、RO_A、RO_B建GRE並跑OSPF協定。

三、PC要能夠Remote Access VPN進RO_A。

四、其它就看圖應該大概知道了,也就不詳細明講囉。


先附上不專業PKT檔:選我選我 ( 載點失效,請回報 )


RO_A Show Run如下:

RO_A#sh run

Building configuration...

 

Current configuration : 1751 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname RO_A

!

ip dhcp pool LAN_POOL

 network 192.168.10.0 255.255.255.0

 default-router 192.168.10.254

 dns-server 44.44.44.1

!

aaa new-model

aaa authentication login VPN local

aaa authorization network VPN local

!

username cater password 0 cater

username coolking password 0 coolking

User要創一個出來做驗證用

!

crypto isakmp policy 10

 encr 3des

 hash md5

 authentication pre-share

 group 2

!

crypto isakmp client configuration group EZVPN

 key CISCO

 pool VPN_POOL

!

crypto ipsec transform-set 3DES_MD5 esp-3des esp-md5-hmac

!

crypto dynamic-map DYNAMIC 10

 set transform-set 3DES_MD5

 reverse-route

!

crypto map VPN client authentication list VPN

crypto map VPN isakmp authorization list VPN

crypto map VPN client configuration address respond

crypto map VPN 20 ipsec-isakmp dynamic DYNAMIC

!

interface Tunnel10

 ip address 10.10.10.1 255.255.255.0

 tunnel source FastEthernet0/0

 tunnel destination 33.33.33.1

!

interface FastEthernet0/0

 ip address dhcp

 ip nat outside

 duplex auto

 speed auto

 crypto map VPN

!

interface FastEthernet0/1

 ip address 192.168.10.254 255.255.255.0

 ip nat inside

 duplex auto

 speed auto

!

interface Vlan1

 no ip address

 shutdown

!

router ospf 1

 log-adjacency-changes

 redistribute static metric 100 subnets

 network 192.168.10.0 0.0.0.255 area 1

 network 10.10.10.0 0.0.0.255 area 1

 network 172.16.10.0 0.0.0.255 area 1

!

ip local pool VPN_POOL 172.16.10.1 172.16.10.200

ip nat inside source list 1 interface FastEthernet0/0 overload

ip classless

!

access-list 1 permit 192.168.10.0 0.0.0.255

!

line con 0

 login

line vty 0 4

 login

!

end


arrow
arrow
    全站熱搜
    創作者介紹
    創作者 EdisonChang 的頭像
    EdisonChang

    Coolking's CCNP 筆記

    EdisonChang 發表在 痞客邦 留言(1) 人氣()