本文通過VPN技術(shù)實現(xiàn)對兩部分網(wǎng)絡(luò)的互聯(lián)，模擬ISP，貼近實用性，文章主要向我們展示了具體的操作步驟，主要是輸入的基本命令。

本實驗借助于Cisco 2600 路由器，通過VPN技術(shù)實現(xiàn)藍色學苑，一分部和二分部之間的網(wǎng)絡(luò)互聯(lián)，為了貼近實用性，中間仍然通過Cisco 3640 模擬ISP 。

通過在網(wǎng)絡(luò)基礎(chǔ)部分的介紹，各位應(yīng)該對VPN技術(shù)有了一定的認識，在VPN的實現(xiàn)中主要有兩個方面：建立VPN Tunnel和IPSec的加密

Cisco 2600 with GRE Tunnel
Current configuration
!
version 12.0
sevice timestamps debug uptime
sevice timestamps log uptime
sevice password-encryption
!
hostname bluestudy1
!
enable passsword cisco
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
no ip directed-broadcast
ip mtu 1467
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
!
interface serial0/0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
frame-relay lmi-type ansi
!
interface serial0/0.1 point-to-point
description connected to internet
ip address 199.1.1.2 255.255.255.248
no ip directed-broadcast
ip nat outside
no arp frame-relay
frame-relay interface-dlci 111
!
!
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
router eigrp 100
network 172.16.0.0
!
router rip
version 2
network 172.16.0.0
no auto-summary
!
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 srial0/0.1
ip http server
!
access-list 2 permit 172.16.1.0 0.0.0.255
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password cisco
login
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end#p#

Cisco 2600 Configuration with IPSec
Current configuration
!
version 12.0
sevice timestamps debug uptime
sevice timestamps log uptime
sevice password-encryption
!
hostname bluestudy1
!
enable passsword cisco
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
crypto isakmp key policy 1
authentication pre-share
group 2
crypto isakmp key slurpee-machine address 172.16.101.2
!
crypto ipsec transform-set test ah-sha-hmac esp-des esp-sha-hmac
!
set transform-set test
!
crypto map bluestudy 10 ipsec-isakmp
set peer 172.16.101.2
set transform-set test
match address 101
!
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
no ip directed-broadcast
ip mtu 1467
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
crypto map bluestudy
!
interface serial0/0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip mroute-cache
frame-relay lmi-type ansi
!
interface serial0/0.1 point-to-point
description connected to internet
ip address 199.1.1.2 255.255.255.248
no ip directed-broadcast
ip nat outside
no arp frame-relay
frame-relay interface-dlci 111
!
!
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
router eigrp 100
network 172.16.0.0
!
router rip
version 2
network 172.16.0.0
no auto-summary
!
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route 0.0.0.0 0.0.0.0 srial0/0.1
ip http server
!
access-list 2 permit 172.16.1.0 0.0.0.255
access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255(對方網(wǎng)絡(luò)，只有到這個網(wǎng)絡(luò)的信息包才加密)
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password cisco
login
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end

【編輯推薦】

1. 思科精睿系列網(wǎng)絡(luò)產(chǎn)品煤炭行業(yè)解決方案
2. 思科助力天津大學打造穩(wěn)定網(wǎng)絡(luò)
3. Avaya頻推新品 緊盯微軟與思科
4. 思科：把握移動互聯(lián)網(wǎng)產(chǎn)業(yè)契機
5. 思科將最新網(wǎng)絡(luò)架構(gòu)引入?yún)^(qū)域市場