我不太擅长使用 VPN 和思科,但我想在 Packet Tracert 5.3 上创建一些 VPN,所以我做了一些基本架构
计算机1(IP:192.168.0.11)
路由器 1(IP:192.168.0.1)(IP:10.0.0.1)
路由器2(IP:10.0.0.2)(IP:192.168.2.1)
计算机2(IP:192.168.2.12)
连接方式如下
计算机 1--------路由器 1--------路由器 2--------计算机 2
以下是router1的配置:
Building configuration...
Current configuration : 855 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Gauche
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr aes 256
hash md5
authentication pre-share
lifetime 7200
!
crypto isakmp key cisco address 10.0.0.2
!
!
crypto ipsec transform-set Router1 esp-des esp-sha-hmac
!
crypto map Router1 1 ipsec-isakmp
set peer 10.0.0.2
set transform-set Router1
match address 101
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
crypto map Router1
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
这是 router2 的配置:
Building configuration...
Current configuration : 890 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Droite
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr aes 256
hash md5
authentication pre-share
lifetime 7200
!
crypto isakmp key cisco address 10.0.0.1
!
!
crypto ipsec transform-set Router1 esp-des esp-sha-hmac
!
crypto map Router1 1 ipsec-isakmp
set peer 10.0.0.1
set transform-set Router1
match address 101
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
duplex auto
speed auto
crypto map Router1
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
end
但我真的不明白为什么 VPN 没有建立,有人能帮帮我吗,谢谢。
答案1
我检查了您的配置,但没有看到您的 ACL 配置。您需要允许有趣的流量,然后将加密映射关联到访问列表 101。希望这会有所帮助。