crypto map actmap client configuration address respond
!上面的语句,是让VPN服务段响应客户段发起的地址请求,当然也可以使用initiate参数来主动发起请求(适合1.x版本客户段软件),两个参数可同时用.
crypto map actmap 1 ipsec-isakmp dynamic dynamicmap
!使用IKE来负责ipsec的协商,关联动态影射摸班.
!
!
!
interface Loopback0
ip address 172.16.0.1 255.255.0.0
!
interface Ethernet0/0
ip address 10.0.0.254 255.0.0.0
full-duplex
crypto map actmap
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Ethernet0/2
no ip address
shutdown
half-duplex
!
interface Ethernet0/3
no ip address
shutdown
half-duplex
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
ip local pool ippool 192.168.10.1 192.168.10.254
!本地地址池,可以配置多条不同的地址池语句.
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
软件配置:
建立新连接,注意的就是在新建的时候密码要填与客户组对应的密码,这里是cisco123.
然后连接,在连接过程中会额外再弹出一个要求输入用户名和密码的提示框,这时候输入AAA对应的,这里是lin,cisco.