Current configuration : 1321 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname VPN1720 ! enable secret 5 {GetProperty(Content)}$aNmA$b0AqzlCr3MfM5XU0IAmED. ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ! ! no ip domain-lookup ! ip audit notify log ip audit po max-events 100 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp client configuration address-pool local pool192 ! crypto isakmp client configuration group vclient-group key vclient-key domain test.com pool pool192 ! ! crypto ipsec transform-set vclient-tfs esp-3des esp-sha-hmac ! crypto dynamic-map template-map 1 set transform-set vclient-tfs ! ! crypto map vpnmap isakmp authorization list vclient-group crypto map vpnmap client configuration address respond crypto map vpnmap 1 ipsec-isakmp dynamic template-map ! ! ! ! interface Loopback0 ip address 172.16.1.1 255.255.255.240 ! interface FastEthernet0 ip address 10.130.23.246 255.255.255.240 speed auto crypto map vpnmap ! interface Serial0 no ip address shutdown ! ip local pool pool192 192.168.1.1 192.168.1.254 ip html' target='_blank'>classless ip route 192.168.1.0 255.255.255.0 FastEthernet0 no ip http server ip pim bidir-enable ! ! ! ! line con 0 line aux 0 line vty 0 4 ! no scheduler allocate end
10.130.23.246, group auahentication中name填vclient-group,password填vclient-key.
測(cè)試: (1)在pc上運(yùn)行VPN client,連接vpn access server。 (2)ipconfig/all,查看獲取到的ip地址與其他參數(shù)。 (3)在router,show cry isa sa,看連接是否成功。 (4)從router,ping client已經(jīng)獲取到的ip地址,通過(guò)。 (5)從client,ping router的lo0配置的地址172.16.1.1,通過(guò)。 (6)查看vpn client軟件的status--statistics,可以看到加密與解密的數(shù)據(jù)量。 (7)1720上show cry ip sa, 也可以查看加密與解密的數(shù)據(jù)量。
常用調(diào)試命令: show cry isakmp sa show cry ipsec sa clear cry sa clear cry isakmp debug cry isakmp #####這是最常用的debug命令,vpn連接的基本錯(cuò)誤都可以用它來(lái)找到 debug cry ipsec 本文作者:html教程
