标签:http 技术分享 rmi mod hmac src har str mode
一、前言
如图,假设总部采用静态IP,其他子公司采用ADSL拨号上网,预共享密钥都是一致的,但实际中我们要求子公司采用不同的预共享密钥,因此这就涉及到了野蛮模式
二、配置
配置前提:配置IP、配置DHCP、配置路由
1. ISP端配置
crypto isakmp enable
crypto isakmp policy 10
group 2
authentication pre-share
encryption 3des
hash sha
lifetime 86400
exit
crypto isakmp key 0 abc hostname R1 //这里采用对端hostname
crypto ipsec transform-set ccie esp-aes esp-sha-hmac
mode tunnel
exit
access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
crypto dynamic-map ccsp 10
set transform-set ccie
match address 100
crypto map cisco 10 ipsec-isakmp dynamic ccsp
int f0/0
crypto map cisco
end
2. 客户端配置
crypto isakmp enable
crypto isakmp policy 10
group 2
authentication pre-share
encryption 3des
hash sha
lifetime 86400
exit
crypto isakmp peer address 10.1.1.1 //注意这里配置预共享的方式不同
set aggressive-mode password abc //设置为野蛮模式并配置预共享密钥为abc
set aggressive-mode client-endpoint fqdn R1 //设置为本端hostname
crypto ipsec transform-set ccie esp-aes esp-sha-hmac
mode tunnel
exit
access-list 100 permit ip host 2.2.2.2 host 1.1.1.1
crypto map cisco 10 ipsec-isakmp
set peer 10.1.1.1
set transform-set ccie
match address 100
int f0/0
crypto map cisco
end
3. 测试
ping 1.1.1.1 source 2.2.2.2 //要从Client端发起请求,因为Client端知道对端IP
标签:http 技术分享 rmi mod hmac src har str mode
原文地址:http://www.cnblogs.com/pzk7788/p/6009715.html