Vpn
Cisco IOS 中的簡單道路勇士 IPv4 VPN 配置
我希望在我們的 Cisco 路由器上設置一個相當簡單的 Road Warriors VPN 配置。令人沮喪的是,我一直在尋找這個,但找不到一個簡單的完整指南。
- 多個(不一定很多)遠端使用者
- IPSec / ISAKMP 配置
- IPv4
- 拆分隧道或預設網關模式的選項
我需要輸入什麼配置才能啟用它?
我正在尋找一個通用的答案,但如果您需要知道,我正在執行 c2600-ik9o3s3-mz.123-26.bin。
這是我想出的,這應該是創建 VPN 配置的一個不錯的起點。我不確定它本身是否最小,但它應該讓任何正在尋找它的人啟動並執行。
Zypher 指出的 Cisco Secure VPN Client Solutions Guide 對創建這個非常有用 - 如果您可以篩選它,那裡有一些很好的例子。
aaa new-model ! Create a vpn-users DB that points to the local auth service aaa authentication login vpn-users local aaa authorization network vpn-users local ! any local user will be allowed to use the VPN username fred secret 5 SECRET ! Create an ISAKMP policy that handles the ISAKMP negotiation process crypto isakmp policy 1 encr aes authentication pre-share group 2 lifetime 3600 crypto isakmp keepalive 120 15 crypto isakmp xauth timeout 60 ! Group policy for ISAKMP crypto isakmp client configuration group default key PLAINTEXT_KEY dns LOCAL_DNS_SERVERS domain LOCAL_DOMAIN pool vpn-dynamic-pool ! VPN clients will be assigned addresses out of this pool ip local pool vpn-dynamic-pool 192.168.2.1 192.168.2.254 ! Create transform sets that specify how the actual IPSEC traffic will be encrypted crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA-LZS esp-aes esp-sha-hmac comp-lzs ! Create IPSEC policies - any negotiated transform scheme must be specified ! in the map below crypto dynamic-map vpn-dynamic-map 1 set transform-set ESP-AES-128-SHA-LZS crypto dynamic-map vpn-dynamic-map 2 set transform-set ESP-AES-128-SHA ! crypto map vpn-dynamic client authentication list vpn-users crypto map vpn-dynamic client configuration address respond crypto map vpn-dynamic isakmp authorization list vpn-users crypto map vpn-dynamic 1 ipsec-isakmp dynamic vpn-dynamic-map ! Apply the IPSEC map to the external interface interface ExternalInterface/0 crypto map vpn-dynamic
您正在尋找遠端訪問 VPN。思科文件
此外,您可能應該查看Cisco Secure VPN Client Solutions Guide