1、Packet Tracer的easy VPN配置模拟续上篇综合课程设计的PT模拟,这个项目中还要实现远程接入VPN,原先以为PT没法模拟这种情况,后来证明是俺文盲了,不说先上图校外人员的主机直接连通Internet,这种情况下必须在学校的VPN路由器上进行配置,客户机使用VPN客户端连接在学校VPN路由器上配置Easy VPN,Easy VPN是Cisco独有的远程接入VPN,配置过程如下:aaa new-model 启动AAA认证aaa authentication login vpn-a localaaa authorization network vpn-o localusername
2、vpn password 0 vpn 建立本地用户名密码crypto isakmp policy 10 建立ipsec安全参数配置hash md5authentication pre-shareip local pool VPN-POOL 172.16.6.1 172.16.6.254 (建立分配给VPN用户的地址池)crypto isakmp client configuration group vpngroup (easyvpn的组及密码配置,vpngroup为组名)key vpnpool VPN-POOLcrypto ipsec transform-set school-set esp-
3、3des esp-md5-hmac (Ipsec阶段2配置)crypto dynamic-map d-map 10 (动态加密图)set transform-set school-setreverse-route (反向路由注入)Easyvpn用户的认证授权配置:crypto map school-map client authentication list vpn-acrypto map school-map isakmp authorization list vpn-ocrypto map school-map client configuration address respondcrypto map school-map 10 ipsec-isakmp dynamic d-map最后在端口上绑定:interface FastEthernet0/1crypto map school-map配置完毕之后在校外人员的PC上通过vpn客户端,组名为vpngroup,key为vpn,服务器地址为SCHOOL-VPN的Fa0/1地址,用户名密码均为vpn,即可看到连接成功,分到一个172.16.6.1172.16.6.254的地址,之后就可以正常与校内主机通信了。pkt文件下载:点此
