你是用什么连的?% K- K5 H( F/ C* p# l5 I
2 T. h7 Q6 E' M, \$ o
如果是和一个vpn “盒子”连,比如合勤的zywall,要在pershare key后加no-auth no-conf (我是基于pix配的) {0 |/ G; b' { s9 w) n
* T. @5 @# [& u* h2 V+ A
发一个基于ios的给你看看:% _/ S0 x0 h/ y, d
, {& p; M; M; ABuilding configuration...
0 X# _5 l5 E: ~6 Y3 m- H, t# c. G4 Q6 \& V
Current configuration : 3444 bytes8 u; C( k- h3 \
!
# ^1 E R4 k' y2 c5 y; [7 Hversion 12.3
; Q9 A- x" I. pservice timestamps debug uptime& `: F" O/ I; `% ?+ m5 Z$ M8 U' p7 ^6 ^
service timestamps log uptime
' t" \. O" [0 I. b3 c. {9 B2 `8 Lservice password-encryption' @3 a/ v b+ L, {& o# z! t
!& L u/ k( |) A- F% F: u! D
hostname ******- A( z! T5 Q$ Z: K1 R9 s
!, i5 [0 p- i2 q6 Z9 T; j
enable secret 5 <removed>
8 y1 V& m3 g ^- N# benable password 7 <removed>9 }+ X8 v5 ]1 M9 F7 g8 f* R" h
!
4 c. S4 a& Y& b; u8 wusername vpntest password 7 <removed>) _8 u: Z, Q' |" |( B
username *** password 7 <removed>
2 [$ @* p% F" ?5 `8 V2 xmemory-size iomem 10
1 x0 j d G5 l3 T; r9 F3 g! jaaa new-model
' @% T. X/ t% B# L) g4 I$ ]$ g+ Q% B!
- p6 ?2 K; }* E!
7 c% u& x; h3 d9 q/ Oaaa authentication login userlist local @; H# p* Z7 `0 |. P, \& `
aaa authorization network grouplist local 2 U: k8 j3 l0 S* o/ q. D
aaa session-id common' @2 N. [) C7 R# p5 U) @
ip subnet-zero; a& g4 F5 s* F; Y" H) h1 m
ip cef
0 r& a \6 g6 G5 H1 |+ \2 M, n!
- L6 a9 o, ~2 S3 i6 ?8 w!
9 y( W5 K+ m: u ^no ip domain lookup
8 {3 u( f+ d3 e! V( n8 s!& K, L+ V2 Q, V3 q
no ip bootp server/ T; F; @. T6 ]( P+ Y* C7 [+ v
ip audit notify log
- ^! j/ q) ]/ O, C2 tip audit po max-events 100
, j3 y! ^0 i5 l1 [) m* H+ S# e( o!
) _7 Q `; c" T6 x5 U, ]5 P!
& W+ O5 @4 ~# l7 a* w: @$ c8 G9 e!
( X) \8 z& F" J4 gcrypto isakmp policy 3
8 \/ W2 Z+ m4 _/ A1 I1 G; h* e) L0 H hash md5
) e0 m/ K1 t: x: { authentication pre-share
) U5 r, k) X, U: u5 H/ z group 2
) J6 S% s3 Y: i% ucrypto isakmp identity hostname' o9 v s6 s- ^( t
crypto isakmp nat keepalive 508 A9 n; E" C% D% L3 z
!' |" r5 a. r h
crypto isakmp client configuration group cisco
' f2 S! o, V& ?; V5 p8 d9 X key cisco/ b+ z, ], G8 G$ H
dns 10.1.1.1122 ~9 [% H5 r9 S: T
wins 10.1.1.120. o: o; _! \# \: l' i) f3 C* D
domain geari
7 c/ V6 Y! ?, P1 K$ a/ D: x( w pool vpnpool. n# L6 S, A; |
acl 199! S& G0 \: r1 x1 M( R! U9 C
!/ v& @ ^: y: P" R; x
crypto isakmp client configuration group geari
9 t X5 ^, f. }# Q7 F key geari_vpn) }4 T: ^& i, D5 V; B
pool vpnpool8 O5 N$ v E9 p/ c6 }
acl 199
/ Z8 n7 l S& b9 g! T5 v!
& _) n5 b4 k* v, v7 F8 _crypto isakmp client configuration group gear5 d; Q# g5 |! @7 P# r
!* U# r- g9 p3 p! t9 m8 A
!" u' z/ |) i' u" C; x
crypto ipsec transform-set dessha esp-des esp-md5-hmac " L3 m- ]* m. N& g" D# w
!
% W- ^. E9 ~) icrypto dynamic-map mode 12 T! K/ O5 _( |5 y- Q2 P
set transform-set dessha + e# v7 C8 m0 K1 j5 b, a) l
reverse-route
I. n7 R& b9 H3 x6 N+ S!9 a, N$ G9 l" }) b! w0 X- ^9 g+ Q6 T& G
!+ T7 R) m) m7 |5 A9 V, ~- Q% l
crypto map mode client authentication list userlist- p: A6 s0 A3 M1 S* G- ~, z4 G
crypto map mode isakmp authorization list grouplist/ o9 |: {) k0 q- L$ ?
crypto map mode client configuration address respond' S. c) v3 {0 `( o2 I" n) l9 V
crypto map mode 1 ipsec-isakmp dynamic mode / W2 t1 L3 r; ]& M8 k, H4 k4 o
!
+ P3 B7 e2 O1 h5 O$ C!
% F4 O( @# Y: f V" j!
; r+ ~/ ^: a8 k!4 ^& w+ p& o; ^) b( }
!
5 J7 `! p, u! m3 L!7 ]- J1 J) N/ e+ D) ]! m! R" |2 _8 k
!2 L& k* {# A4 e8 {% L" {
!7 Q. K% A1 b( K
!6 H& @: B6 W- Y* P2 W3 S+ i; U q7 k
!1 M1 |7 e) r" Q, D0 H/ n* b
no voice hpi capture buffer) Y* L ]& V+ ^
no voice hpi capture destination ' E# o$ o" b; U j% O+ [& r1 c5 E
!
% M* ]5 R) ?1 A& r!
0 m% K- |3 I1 g" H3 N4 u/ dfax interface-type fax-mail
0 }8 b. m. [5 }!; x. L# i# L7 ^1 ]# v) C
!
2 n' J! n' L! z+ S!& _* F% t" s, O* |2 Q* i% j- f2 v. b
!
2 ^4 a. M6 @; l; u: a" t4 D) ginterface FastEthernet0/0
7 J% h6 Q/ Y! ?$ A7 ?+ e ip address 10.1.1.253 255.255.255.0
y z- U2 n0 ~9 ]) K6 I4 D ip access-group 150 in
2 m) v, ]4 `6 S% k6 M- a ip access-group 150 out
n7 i: G% h9 A% i: ~ ip verify unicast reverse-path' i8 m, A! p0 k/ L( d
no ip unreachables
6 ~ Y! [) }& e0 ~ ip nat inside5 @7 Y, R; Y. @
ip policy route-map vpn, d" H8 S/ Y, ?3 v/ [# ~
duplex auto
: z; I% F, J- o Y speed auto$ ^% }; q5 f' y5 `7 R" C
!% T5 z' O# v' w- i# H* {
interface Ethernet1/0/ G6 Q6 z! G$ P7 `1 @1 O
ip address 210.*.*.* 255.255.255.240
5 t K5 |5 w! _( z o ip access-group 150 in6 D% c8 c6 y! R9 q/ A5 y7 s6 `# E
ip access-group 150 out4 A/ f5 H8 [) x; v: g& E" C! ]7 C
ip verify unicast reverse-path7 e% G+ y( o# T% O1 G
no ip redirects
8 S) Q3 R3 `+ D) _( E0 L no ip unreachables3 A1 J9 d3 ^2 g8 k1 G7 t( S3 n
no ip proxy-arp
! ` N. p5 J: j/ Z' M ip nat outside
. |/ F1 M2 w/ l full-duplex
6 e& L: W/ s0 P; w/ [3 G crypto map mode
: F1 k* h% @# C, ^7 Y!/ a! B4 j: U% b0 P, G
ip local pool vpnpool 10.1.1.10 10.1.1.110
0 q2 I0 e1 Z" ], t% S/ T! Tip nat pool internet 210.*.*.* 210.*.*.* netmask 255.255.255.240
& {/ S0 D/ t. Y" i9 i0 f$ y6 x. Qip nat inside source list 110 pool internet overload
3 i) o! m E" G \ip nat inside source static 10.1.1.118 210.21.47.118) _" n8 c8 r: J" X! o
ip nat inside source static 10.1.1.119 210.21.47.119
" M4 v- |9 u4 P( Pip nat inside source static 10.1.1.120 210.21.47.1202 t1 \3 Q; L8 x2 [9 @: b! s( _
no ip http server
% e- _1 f1 O( J% g7 xno ip http secure-server
+ A* Q7 E( j2 `, k0 F. n. _ip classless
) g9 e: |( E; J1 [% u8 {+ ]3 p6 w" cip route 0.0.0.0 0.0.0.0 210.*.*.*
) [0 r* R+ y" e$ z!) Y8 `- f, _- X( e) V
!/ [+ U/ ?& v- O6 n" H
access-list 110 permit ip host 10.1.1.230 any4 l- e' h4 a: z# I# L6 [5 D
access-list 120 deny ip host 10.1.1.230 any: @$ }. N5 p, ~, s: P$ V. G
access-list 120 permit ip 10.1.1.0 0.0.0.255 any
0 {- n# ?0 I7 c8 x( d% |( Saccess-list 150 deny udp any any eq tftp+ C* f- V, D( H9 b
access-list 150 deny tcp any any eq 135+ u+ I3 G6 L& E/ v. s6 v8 a
access-list 150 deny udp any any eq 135 m" k; w# H- \7 \6 I. D5 g
access-list 150 deny tcp any any eq 137
6 C& z: z; R" A }access-list 150 deny udp any any eq netbios-ns
% G! E. o+ ? S, x" f) `1 ]/ U8 waccess-list 150 deny tcp any any eq 138
% j( r& j- r, r0 u8 S& Daccess-list 150 deny udp any any eq netbios-dgm/ S2 ~7 `# z( O+ d' I! k! e
access-list 150 deny tcp any any eq 139; c# N) }" ?; h+ Z) I/ L3 ?( N
access-list 150 deny udp any any eq netbios-ss. j1 {& N* l6 L/ i: d7 Z+ q8 Z- A% l
access-list 150 deny tcp any any eq 445
6 N' P6 c/ ? I. Maccess-list 150 deny tcp any any eq 593* o" P$ p2 \6 m
access-list 150 deny tcp any any eq 4444
! p2 c" m& `6 `- X2 n) R9 s4 _access-list 150 deny icmp any any
. Q9 M7 z2 j( P+ qaccess-list 150 deny udp any any eq ntp
+ ~: V6 ]. N, W4 aaccess-list 150 deny udp any any eq 8998
, v/ M7 X J6 [6 zaccess-list 150 deny udp any any range 990 999
3 k8 Y+ _8 `$ M3 X* s6 Caccess-list 150 permit ip any any o- @/ E) r; x2 p$ r
access-list 199 permit ip 10.1.1.0 0.0.0.255 any r: R( r, L4 |$ z: R
!
" Z: l! ^+ U r l. Troute-map vpn permit 10
0 M8 v! [/ z, A1 @, x match ip address 120
* y# ?1 C! _4 b- o set ip next-hop 210.*.*.*# k- u* |) a/ E8 x1 n
!$ a$ [6 {6 {) f3 ?& n: |& R% f$ R( ~0 T
radius-server authorization permit missing Service-Type
* Y% A+ f' ]4 w# B7 d8 g!
, w6 P( E m7 U7 p+ }6 [!$ {' O# i" ^0 j: L, j/ X
dial-peer cor custom! z+ X7 m. ?4 B# S$ ]
!* V+ ~% f; J. ]' A- n# e1 U/ ~
!8 \- o" \7 s; ]" [5 O* ]5 E
!
; z3 ]' V0 j& l0 L9 F: ^!$ b: G5 v5 |& ]4 Y
!
! S$ h3 ^2 B% y* @line con 0
z7 k+ P; i# W: z- P; U+ W' ?line aux 04 ^5 ?$ G+ y, A9 ?8 L
line vty 0 4
) ~- y. Z, e7 R1 M password 7 <removed>3 S( j, V L& `6 [1 D% D& \: K
!
0 Y- [" `' w8 A( n7 X' K6 Y6 m!
% m' b& j6 @1 H0 u, q) [& G. _!
/ Q% `* `* z) ^6 ?, Tend |
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
