鸿 网 互 联 www.68idc.cn

当前位置 : 服务器租用 > 网站安全 > 加密解密 > >

client:基于pix router router的IPSec Vpn

来源:互联网 作者:佚名 时间:2015-09-08 11:16
client router配置: ####本端负责IPsec封装与加密 qinghubhy#sh run Building configuration... Current configuration : 4865 bytes ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service

client router配置:

####本端负责IPsec封装与加密


qinghubhy#sh run
Building configuration...

Current configuration : 4865 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname qinghubhy
!
boot-start-marker
boot-end-marker
!
no logging console
enable password 7 15140C0207272A2A
!
no aaa new-model
!
resource policy
!
clock timezone GMT 8
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.180.119.1 10.180.119.2
!
ip dhcp pool qinghubhy
   network 10.180.119.0 255.255.255.240
   default-router 10.180.119.1
   dns-server 10.191.130.130 10.191.131.131
!
!
ip cef
no ip domain lookup
ip domain name foxconn.com
!
!
crypto pki trustpoint TP-self-signed-12636064
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-12636064
revocation-check none
rsakeypair TP-self-signed-12636064
!
!
crypto pki certificate chain TP-self-signed-12636064
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323633 36303634 301E170D 30323033 30313030 30353539
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D313236 33363036
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AD2F
89E89D45 26B1EE93 CABCA33C 8C3CFC71 749E4BE8 913C2394 C4BDBF6D 6682D696
7C000A11 FC9EF39C 061A2A0F 65989D00 1EE8656C 3C66D5EC CAAD0F18 98626BF2
E1C7C876 DC30F0B4 E8FB0B77 285CF762 457F07FB 325DAD1C B1D4FFDC 18765B2E
EEAED21F D977E587 D2E90BEE 515690DA 5E7FAFD9 E2280E11 7AC1FBAE 5B330203
010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603 551D1104
1A301882 16736875 6E6A696E 2E796F75 72646F6D 61696E2E 636F6D30 1F060355
1D230418 30168014 F1BA2760 FFF1A8CC A603419F EFCD1514 9FE92774 301D0603
551D0E04 160414F1 BA2760FF F1A8CCA6 03419FEF CD15149F E9277430 0D06092A
864886F7 0D010104 05000381 81003E87 6E748E2E 3E96D865 142688F2 4A692AF3
80BBA6D2 B56A036E 9E3BF31A E76B4F9C 47CCC481 6FCE89E5 192BB1E7 24F5F9DB
64D313D3 47A106BF AFBCB416 AA36FDCB EE33D661 574BF5DF D2A47FE3 600187B8
48769323 9DBD5FDE C763C552 53A1CCF8 035A1068 2F3D8FB4 BA8CCE86 F1AF1B6B
457B64DB 1EAC0899 6CE283D1 AB73
quit
username fgncman password 7 141115050F092B25
username ncc privilege 15 password 7 14130B00040923273D
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key FHWfgnckey address 218.18.111.253
!
!
crypto ipsec transform-set ppp esp-des esp-sha-hmac
!
crypto map qinghubhy 10 ipsec-isakmp
set peer 218.18.111.253
set transform-set ppp
match address 100
!
!
!
interface Tunnel1
ip address 10.255.12.209 255.255.255.252
tunnel source 192.168.17.98
tunnel destination 192.168.17.1
!
interface Loopback1
ip address 192.168.17.98 255.255.255.255
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.180.119.1 255.255.255.240
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
ip nat outside
no ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username sz000000000742289074@163.gd password 7 0720156D6326352E39
crypto map qinghubhy
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.0.0.0 255.0.0.0 Tunnel1
ip route 218.18.111.253 255.255.255.255 Dialer1
!
no ip http server
no ip http secure-server
ip nat source list 101 interface Dialer1 overload
!
access-list 100 permit ip host 192.168.17.98 host 192.168.17.1
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use
.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 050D010122414F07
login local
!
scheduler max-task-time 5000
end

pix做解密

网友评论
<