发布时间 : 星期六 文章IPSec与Easy+VPN的设计与应用3更新完毕开始阅读
23. 观察任务栏右下角的图示,确认连接成功:
24. 在客户端开启命令行窗口,使用ping命令确认可以与内部网络服务器进行通讯:
25. 使用telnet 到R1路由器,确认可以连接到内部网络:
再使用URL http://192.168.1.2 ,看是否能够访问R1路由器。
26. 查看R2路由器生成的配置命令: R2#show running-config Building configuration... ????? hostname R2 ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ! username test privilege 15 password 0 test username CCNP secret 5 $1$8h8K$pqZqXV.YSY72iSj9a1CmN1 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group group-1 key cisco dns 1.1.1.1 wins 2.2.2.2 pool SDM_POOL_1 acl 100 max-users 10 max-logins 1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! interface FastEthernet0/1 ip address 202.102.48.1 255.255.255.0 duplex half no cdp enable crypto map SDM_CMAP_1 ! ip local pool SDM_POOL_1 172.16.1.1 172.16.1.10 ip http server ! access-list 100 remark SDM_ACL Category=4 access-list 100 permit ip 192.168.1.0 0.0.0.255 any end R2# 27. 查看客户端的路由表,确认隧道分离的反向路由注入:
28. 查看客户端的IP配置: C:\\>ipconfig /all Windows IP Configuration Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Cisco Systems VPN Adapter Physical Address. . . . . . . . . : 00-05-9A-3C-78-00 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.16.1.1 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 1.1.1.1 Primary WINS Server . . . . . . . : 2.2.2.2 C:\\> 29. 查看R2路由器路由表: R2#show ip route