PC1-----asash------Internet------asawh-----PC2
asawh配置
1.asawh接口配置
interface GigabitEthernet0/0
no sh
security-level 0
nameif Outside
ip address 119.97.225.246 255.255.255.252
exit
interface GigabitEthernet0/1
no sh
security-level 100
nameif Inside
ip address 192.168.102.1 255.255.255.0
2.路由设置
route Outside 0.0.0.0 0.0.0.0 119.97.225.245
3.Internet接口配置
Internet不须要内网的路由,配置接口便可
4.asash配置
interface GigabitEthernet0/0
no sh
security-level 0
nameif Outside
ip address 112.99.225.246 255.255.255.252
exit
interface GigabitEthernet0/1
no sh
security-level 100
nameif Inside
ip address 192.168.201.1 255.255.255.0
5.路由设置
route Outside 0.0.0.0 0.0.0.0 112.99.225.245
6.asawh ipsec ***配置
crypto isakmp policy 10
encryption des
hash sha
authentication pre-share ---认证方式
group 2 ---密钥算法 1024位
lifetime 86400
exit
isakmp key my*** address 112.99.225.246 ---定义认证标识
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 2 match address 110
crypto map newmap 2 set pfs
crypto map newmap 2 set peer 112.99.225.246
crypto map newmap 2 set transform-set myset
crypto map newmap interface Outside
crypto isakmp enable Outside
7.asash ipsec ***配置
rypto isakmp policy 10
encryption des
hash sha
authentication pre-share ---认证方式
group 2 ---密钥算法 1024位
lifetime 86400
exit
isakmp key my*** address 119.97.225.246 ---定义认证标识
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map newmap 2 match address 110
crypto map newmap 2 set pfs
crypto map newmap 2 set peer 119.97.225.246
crypto map newmap 2 set transform-set myset
crypto map newmap interface Outside
crypto isakmp enable Outside
8.定义流量
asawh内网到asash内网
access-list 110 extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0
255.255.255.0
asash内网到asawh内网
access-list 110 extended permit ip 192.168.1.0 255.255.255.0 192.168.100.0
255.255.255.0
注:对于作了NAT转换的,***流量须要绕过NAT nat (Inside)