思科 VPN 数据包追踪器

思科 VPN 数据包追踪器

我不太擅长使用 VPN 和思科,但我想在 Packet Tracert 5.3 上创建一些 VPN,所以我做了一些基本架构

计算机1(IP:192.168.0.11)

路由器 1(IP:192.168.0.1)(IP:10.0.0.1)

路由器2(IP:10.0.0.2)(IP:192.168.2.1)

计算机2(IP:192.168.2.12)

连接方式如下

计算机 1--------路由器 1--------路由器 2--------计算机 2

以下是router1的配置:


Building configuration...

Current configuration : 855 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Gauche
!
!
!
!
!
!
!
!
crypto isakmp policy 1
 encr aes 256
 hash md5
 authentication pre-share
 lifetime 7200
!
crypto isakmp key cisco address 10.0.0.2
!
!
crypto ipsec transform-set Router1 esp-des esp-sha-hmac
!
crypto map Router1 1 ipsec-isakmp 
 set peer 10.0.0.2
 set transform-set Router1 
 match address 101
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.0.0.1 255.255.255.0
 duplex auto
 speed auto
 crypto map Router1
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
!
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255
!
!
!
!
!
line con 0
line vty 0 4
 login
!
!
!
end

这是 router2 的配置:


Building configuration...

Current configuration : 890 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Droite
!
!
!
!
!
!
!
!
crypto isakmp policy 1
 encr aes 256
 hash md5
 authentication pre-share
 lifetime 7200
!
crypto isakmp key cisco address 10.0.0.1
!
!
crypto ipsec transform-set Router1 esp-des esp-sha-hmac
!
crypto map Router1 1 ipsec-isakmp 
 set peer 10.0.0.1
 set transform-set Router1 
 match address 101
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.0.0.2 255.255.255.0
 duplex auto
 speed auto
 crypto map Router1
!
interface FastEthernet0/1
 ip address 192.168.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1 
!
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
!
!
!
line con 0
line vty 0 4
 login
!
!
!
end

但我真的不明白为什么 VPN 没有建立,有人能帮帮我吗,谢谢。

答案1

我检查了您的配置,但没有看到您的 ACL 配置。您需要允许有趣的流量,然后将加密映射关联到访问列表 101。希望这会有所帮助。

相关内容