路由器和路由器之間的配置程式碼

  Hub Router

  2503#show running-config

  Building configuration

  Current configuration : 1466 bytes

  version 122

  service timestamps debug datetime msec

  service timestamps log uptime

  no service password-encryption

  hostname 2503

  ip subnet-zero

  --- Configuration for IKE policies

  crypto isakmp policy 10

  --- Enables the IKE policy configuration config-isakmp

  --- command mode, where you can specify the parameters that

  --- are used during an IKE negotiation

  hash md5

  authentication pre-share

  crypto isakmp key cisco123 address 200121

  crypto isakmp key cisco123 address 200131

  --- Specifies the preshared key "cisco123" which should

  --- be identical at both peers This is a global

  --- configuration mode command

  --- Configuration for IPSec policies

  crypto ipsec transform-set myset esp-des esp-md5-hmac

  --- Enables the crypto transform configuration mode,

  --- where you can specify the transform sets that are used

  --- during an IPSec negotiation

  crypto map mymap 10 ipsec-isakmp

  --- Indicates that IKE is used to establish

  --- the IPSec security association for protecting the

  --- traffic specified by this crypto map entry

  set peer 200121

  --- Sets the IP address of the remote end

  set transform-set myset

  --- Configures IPSec to use the transform-set

  --- "myset" defined earlier in this configuration

  match address 110

  --- Specifyies the traffic to be encrypted

  crypto map mymap 20 ipsec-isakmp

  set peer 200131

  set transform-set myset

  match address 120

  interface Loopback0

  ip address 10111 2552552550

  interface Ethernet0

  ip address 200111 2552552550

  no ip route-cache

  --- You must enable process switching for IPSec

  --- to encrypt outgoing packets This command disables fast switching

  no ip mroute-cache

  crypto map mymap

  --- Configures the interface to use the

  --- crypto map "mymap" for IPSec

  --- Output suppressed

  ip classless

  ip route 1721610 2552552550 Ethernet0

  ip route 19216810 2552552550 Ethernet0

  ip route 200100 25525500 Ethernet0

  ip http server

  access-list 110 permit ip 10110 000255 1721610 000255

  access-list 110 permit ip 19216810 000255 1721610 000255

  access-list 120 permit ip 10110 000255 19216810 000255

  access-list 120 permit ip 1721610 000255 19216810 000255

  --- This crypto ACL-permit identifies the

  --- matching traffic flows to be protected via encryption

  Spoke 1 Router

  2509a#show running-config

  Building configuration

  Current configuration : 1203 bytes

  version 122

  service timestamps debug datetime msec

  service timestamps log uptime

  no service password-encryption

  hostname 2509a

  enable secret 5 $1$DOX3$rIrxEnTVTw/7LNbxiakz0

  ip subnet-zero

  no ip domain-lookup

  crypto isakmp policy 10

  hash md5

  authentication pre-share

  crypto isakmp key cisco123 address 200111

  crypto ipsec transform-set myset esp-des esp-md5-hmac

  crypto map mymap 10 ipsec-isakmp

  set peer 200111

  set transform-set myset

  match address 110

  interface Loopback0

  ip address 1721611 2552552550

  interface Ethernet0

  ip address 200121 2552552550

  no ip route-cache

  no ip mroute-cache

  crypto map mymap

  --- Output suppressed

  ip classless

  ip route 10110 2552552550 Ethernet0

  ip route 19216810 2552552550 Ethernet0

  ip route 200100 25525500 Ethernet0

  no ip http server

  access-list 110 permit ip 1721610 000255 10110 000255

  access-list 110 permit ip 1721610 000255 19216810 000255

  end

  2509a#

  Spoke 2 Router

  2509#show running-config

  Building configuration

  Current configuration : 1117 bytes

  version 122

  service timestamps debug datetime msec

  service timestamps log uptime

  service password-encryption

  hostname 2509

  ip subnet-zero

  no ip domain-lookup

  crypto isakmp policy 10

  hash md5

  authentication pre-share

  crypto isakmp key cisco123 address 200111

  crypto ipsec transform-set myset esp-des esp-md5-hmac

  crypto map mymap 10 ipsec-isakmp

  set peer 200111

  set transform-set myset

  match address 120

  interface Loopback0

  ip address 19216811 2552552550

  interface Ethernet0

  ip address 200131 2552552550

  --- No ip route-cache

  no ip mroute-cache

  crypto map mymap

  --- Output suppressed

  ip classless

  ip route 10110 2552552550 Ethernet0

  ip route 1721600 25525500 Ethernet0

  ip route 200100 25525500 Ethernet0

  no ip http server

  access-list 120 permit ip 19216810 000255 1721610 000255

  access-list 120 permit ip 19216810 000255 10110 000255

  end

  2509#