标签:ccna 综合实验
R1配置:
username weishuai password 0 weishuai123
!
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key qytang address 192.168.1.2
!
!
crypto ipsec transform-set QYT esp-aes
!
crypto map CCNA 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set QYT
match address VPN
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip helper-address 192.168.200.1
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.200.1
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/0.200
encapsulation dot1Q 200
ip address 192.168.200.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Serial1/0
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
encapsulation ppp
ppp authentication pap
serial restart-delay 0
crypto map CCNA
!
interface Serial1/1
ip address 123.10.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ppp chap hostname weichun
ppp chap password 0 weichun123
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 10 interface Serial1/1 overload
ip nat inside source static tcp 192.168.200.1 80 123.10.1.2 8008 extendable
ip route 0.0.0.0 0.0.0.0 123.10.1.1
ip route 192.168.30.0 255.255.255.0 192.168.1.2
!
ip access-list extended VPN
permit ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
!
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 10 permit 192.168.30.0 0.0.0.255
access-list 10 permit 192.168.20.0 0.0.0.255
access-list 10 permit 192.168.200.0 0.0.0.255
!
R2配置:
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key qytang address 192.168.1.1
!
crypto ipsec transform-set QYT esp-aes
!
crypto map CCNA 10 ipsec-isakmp
set peer 192.168.1.1
set transform-set QYT
match address VPN
!
interface Ethernet0/0
ip address 192.168.30.254 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Serial1/0
ip address 192.168.1.2 255.255.255.252
encapsulation ppp
ppp pap sent-username weishuai password 0 weishuai123
serial restart-delay 0
crypto map CCNA
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip access-list extended VPN
permit ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255
ISP配置:
interface Loopback1
ip address 200.200.200.1 255.255.255.255
!
interface Serial1/1
ip address 123.10.1.1 255.255.255.252
encapsulation ppp
ppp authentication chap
SW1配置:
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,200
switchport mode trunk
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
duplex auto
!
interface Ethernet0/1
switchport access vlan 10
switchport mode access
duplex auto
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,200
switchport mode trunk
duplex auto
channel-group 1 mode on
!
interface Ethernet0/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,200
switchport mode trunk
duplex auto
channel-group 1 mode on
SW2配置:
interface Port-channel1
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,200
switchport mode trunk
!
interface Ethernet0/0
switchport access vlan 200
switchport mode access
duplex auto
!
interface Ethernet0/1
switchport access vlan 20
switchport mode access
duplex auto
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,200
switchport mode trunk
duplex auto
channel-group 1 mode on
!
interface Ethernet0/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,200
switchport mode trunk
duplex auto
channel-group 1 mode on
本文出自 “Dream 星君” 博客,请务必保留此出处http://wcrichard.blog.51cto.com/5081959/1665233
标签:ccna 综合实验
原文地址:http://wcrichard.blog.51cto.com/5081959/1665233
