综合项目 IPSec VPN配置综合实训.docx
- 文档编号:23771665
- 上传时间:2023-05-20
- 格式:DOCX
- 页数:17
- 大小:171.87KB
综合项目 IPSec VPN配置综合实训.docx
《综合项目 IPSec VPN配置综合实训.docx》由会员分享,可在线阅读,更多相关《综合项目 IPSec VPN配置综合实训.docx(17页珍藏版)》请在冰豆网上搜索。
综合项目IPSecVPN配置综合实训
湖南工业职业技术学院
信息工程系
项目名称:
IPSecVPN配置综合实训
专业班级:
计网S09-1
授课教师:
杨丽莎
姓名学号:
李慎铭03李洋13
综合项目IPSecVPN配置综合实训
一、实训描述
某公司有两个分部,现要在公司和分部之间、分部和远程客户端之间搭建IPSecVPN,实现内网的互访。
二、实训拓扑图
三、实训要求
1.公司ZBvpn、分部FBvpn、分部FBezvpn和远程客户端webvpnclient之间通过路由器ISP相连,配置路由器实现Internet功能,实现网络互通。
2.公司和分部FBvpn实现IPSecVPN。
3.公司和分部FBezvpn之间使用硬件客户端配置实现EZVPN。
4.分部FBvpn和远程客户端webvpnclient之间实现无客户端SSLVPN分部FBvpn和远程客户端webvpnclient。
5.提交项目报告,内容包括:
●项目描述
●项目实现过程
根据项目要求,可以得出如下配置过程:
ZBVPN的IPSecVPN配置:
步骤一网络连通性配置
步骤二感兴趣流量配置
步骤三ISAKMP策略配置,配置使用预共享密钥进行认证
步骤四建立密钥环
步骤五建立ISAKMP/IKE的配置文件
步骤六配置转换集
步骤七配置动态密码图
1.建立动态密码图
2.使用动态密码图
步骤八应用到节点
EZVPN配置:
步骤一网络连通性配置
步骤二IKE第一阶段策略(IKE第一阶段策略,注意DH组必须配置成为2)
步骤三第1.5阶段配置
1.定义XAUTH认证策略,策略名为xauth-authen,使用“local”本地用户数据库进行认证
2.定义MODE-CFG的授权策略,名字为mcfg-author使用本地配置策略进行授权
3.XAUTH认证用用户名和密码
4.定义推送给客户端的地址池,名字为vpnclient
步骤四第2阶段转换集与动态map配置
步骤五第2阶段cryptomap配置
步骤六应用到节点
步骤七配置VPN硬件客户模式
步骤八手动触发EzVPN连接
分部FBvpn和远程客户端webvpnclient之间的SSLVPN配置:
步骤一网络连通性配置
步骤二配置AAA认证
步骤三建立SSLVPN网关
步骤四建立SSLVPN环境
步骤五配置SSLVPN界面
步骤六配置SSLVPN群组策略
步骤七HTTPROUTER路由器WEB服务的配置
步骤八配置VPN远程访问客户端C0
●项目配置命令
总部IPsecVPN配置:
ZBvpn#showrun
Buildingconfiguration...
Currentconfiguration:
1668bytes
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
hostnameZBvpn
boot-start-marker
boot-end-marker
noaaanew-model
ipcef
noipdomainlookup
multilinkbundle-nameauthenticated
cryptokeyringhngy
pre-shared-keyaddress0.0.0.00.0.0.0keyhngy
cryptoisakmppolicy10
encr3des
hashmd5
authenticationpre-share
group2
cryptoisakmpprofilehngy
keyringhngy
matchidentityaddress0.0.0.0
initiatemodeaggressive
cryptoipsectransform-sethngyesp-3desesp-md5-hmac
cryptodynamic-maphngy10
settransform-sethngy
setisakmp-profilehngy
matchaddress100
cryptomaphngy1000ipsec-isakmpdynamichngy
interfaceLoopback0
ipaddress1.1.1.1255.255.255.0
interfaceEthernet0/0
noipaddress
shutdown
duplexauto
interfaceGigabitEthernet0/0
noipaddress
shutdown
duplexfull
speed1000
media-typegbic
negotiationauto
interfaceSerial1/0
noipaddress
shutdown
serialrestart-delay0
interfaceSerial1/1
ipaddress202.1.1.2255.255.255.0
serialrestart-delay0
cryptomaphngy
interfaceSerial1/2
noipaddress
shutdown
serialrestart-delay0
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
iproute0.0.0.00.0.0.0202.1.1.1
noiphttpserver
noiphttpsecure-server
loggingalarminformational
access-list100permitip1.1.1.00.0.0.2552.2.2.00.0.0.255
control-plane
gatekeeper
shutdown
linecon0
exec-timeout00
loggingsynchronous
stopbits1
lineaux0
stopbits1
linevty04
end
总部EZVPN配置:
ZBvpn#showrun
Buildingconfiguration...
Currentconfiguration:
2754bytes
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
hostnameZBvpn
boot-start-marker
boot-end-marker
aaanew-model
aaaauthenticationloginxauth-authenlocal
aaaauthorizationnetworkmcfg-authorlocal
aaasession-idcommon
ipcef
noipdomainlookup
multilinkbundle-nameauthenticated
usernameciscopassword0cisco
cryptokeyringhngy
pre-shared-keyaddress0.0.0.00.0.0.0keyhngy
cryptoisakmppolicy10
encr3des
hashmd5
authenticationpre-share
group2
cryptoisakmppolicy11
hashmd5
authenticationpre-share
group2
cryptoisakmpclientconfigurationgrouphngy
keyhngy
poolhngy
cryptoisakmpclientconfigurationgroupvpnclient
keyhngy
poolvpnclient
aclSplit
save-password
cryptoisakmpprofilehngy
keyringhngy
matchidentityaddress0.0.0.0
initiatemodeaggressive
cryptoipsectransform-sethngyesp-desesp-md5-hmac
cryptoipsectransform-setezvpnesp-desesp-md5-hmac
cryptodynamic-mapezvpn11
settransform-setezvpn
cryptodynamic-maphngy10
settransform-sethngy
setisakmp-profilehngy
matchaddress100
cryptomapezvpnclientauthenticationlistxauth-authen
cryptomapezvpnisakmpauthorizationlistmcfg-author
cryptomapezvpnclientconfigurationaddressrespond
cryptomapezvpn10ipsec-isakmpdynamichngy
cryptomapezvpn11ipsec-isakmpdynamicezvpn
cryptomaphngyclientauthenticationlistxauth-authen
cryptomaphngyisakmpauthorizationlistmcfg-author
cryptomaphngyclientconfigurationaddressrespond
cryptomaphngy1000ipsec-isakmpdynamichngy
interfaceLoopback0
ipaddress1.1.1.1255.255.255.0
interfaceEthernet0/0
noipaddress
shutdown
duplexauto
interfaceGigabitEthernet0/0
noipaddress
shutdown
duplexfull
speed1000
media-typegbic
negotiationauto
interfaceSerial1/0
noipaddress
shutdown
serialrestart-delay0
interfaceSerial1/1
ipaddress202.1.1.2255.255.255.0
serialrestart-delay0
cryptomapezvpn
interfaceSerial1/2
noipaddress
shutdown
serialrestart-delay0
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
iplocalpoolhngy123.1.1.100123.1.1.200
iplocalpoolvpnclient123.1.2.100123.1.2.200
iproute0.0.0.00.0.0.0202.1.1.1
noiphttpserver
noiphttpsecure-server
ipaccess-listextendedSplit
permitip1.1.1.00.0.0.255any
loggingalarminformational
access-list100permitip1.1.1.00.0.0.2552.2.2.00.0.0.255
control-plane
gatekeeper
shutdown
linecon0
exec-timeout00
loggingsynchronous
stopbits1
lineaux0
stopbits1
linevty04
End
分部VPN配置:
FBvpn#showrun
Buildingconfiguration...
Currentconfiguration:
4018bytes
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
hostnameFBvpn
boot-start-marker
boot-end-marker
aaanew-model
aaaauthenticationloginWebvpnlocal
aaasession-idcommon
ipcef
noipdomainlookup
multilinkbundle-nameauthenticated
cryptopkitrustpointTP-self-signed-4279256517
enrollmentselfsigned
subject-namecn=IOS-Self-Signed-Certificate-4279256517
revocation-checknone
rsakeypairTP-self-signed-4279256517
cryptopkicertificatechainTP-self-signed-4279256517
certificateself-signed01
3082023D308201A6A003020102020101300D06092A864886F70D010104050030
31312F302D06035504031326494F532D53656C662D5369676E65642D43657274
696669636174652D34323739323536353137301E170D31313130323930313033
34325A170D3230303130313030303030305A3031312F302D0603550403132649
4F532D53656C662D5369676E65642D43657274696669636174652D3432373932
353635313730819F300D06092A864886F70D010101050003818D003081890281
8100BBD4BB0FBE18B9255EECACA233F379AC8E2E4D4B32B03EFDC2B8228A8CA7
B42E4AE91D34383719B47A19680E563BDE38EA3A882A6FFB699D42D4C17ABB39
EB9E9F10CE9BAC71A95574093CAFEB910909F3BE6B1C88B8A803D8EA245F6659
76FA8CC23A6ED4A86254B759A5BB9AE3679DC1A2333B73C5DA733FC8F2626D1F
DB490203010001A3653063300F0603551D130101FF040530030101FF30100603
551D11040930078205464276706E301F0603551D230418301680148F9A72DA8A
C113AFAB8794C517855E6C3E23ACB6301D0603551D0E041604148F9A72DA8AC1
13AFAB8794C517855E6C3E23ACB6300D06092A864886F70D0101040500038181
009F514FFA1856067C61D0BA22A44E2C64D3DEF94A5D7372C2043D8BDC421FFB
6DADA43263FFEFB7CA53CB330ABD7D253DA7C857D6F3B1B4D33872D6120F6BF1
F5F4D9E1C4A597D6129A57493FEAC8C67450A3B00B8F919EF4E88EF19224CCC5
40A97860266DAB766599135411B17EA0E5AC7F7EF98519C2B8379D1D29E456CFD0
quit
usernameciscoprivilege15secret5$1$4RO1$Fvf5nEHzF/kx8e5lTw0Se1
usernamehngyprivilege15password0hngy
cryptokeyringhngy
pre-shared-keyaddress202.1.1.2keyhngy
cryptoisakmppolicy10
encr3des
hashmd5
authenticationpre-share
group2
cryptoisakmpprofilehngy
keyringhngy
matchidentityaddress202.1.1.2255.255.255.255
initiatemodeaggressive
cryptoipsectransform-sethngyesp-3desesp-md5-hmac
cryptomaphngy10ipsec-isakmp
setpeer202.1.1.2
settransform-sethngy
setisakmp-profilehngy
matchaddress100
interfaceLoopback0
ipaddress2.2.2.2255.255.255.0
interfaceEthernet0/0
noipaddress
shutdown
duplexauto
interfaceGigabitEthernet0/0
noipaddress
shutdown
duplexfull
speed1000
media-typegbic
negotiationauto
interfaceSerial1/0
noipaddress
shutdown
serialrestart-delay0
interfaceSerial1/1
noipaddress
shutdown
serialrestart-delay0
interfaceSerial1/2
ipaddress202.2.2.2255.255.255.0
serialrestart-delay0
cryptomaphngy
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
iproute0.0.0.00.0.0.0202.2.2.1
iphttpserver
iphttpauthenticationlocal
noiphttpsecure-server
loggingalarminformational
access-list100permitip2.2.2.00.0.0.2551.1.1.00.0.0.255
control-plane
gatekeeper
shutdown
linecon0
exec-timeout00
loggingsynchronous
stopbits1
lineaux0
stopbits1
linevty04
loginauthenticationWebvpn
linevty515
loginauthenticationWebvpn
webvpngatewayhngy
ipaddress202.2.2.2port443
ssltrustpointTP-self-signed-4279256517
inservice
webvpncontextWebvpn_context
title"SSLVPNService"
sslauthenticateverifyall
url-list"Webvpn"
heading"SSLVPN"
url-text"HTTPROUTER"url-value"http:
//2.2.2.2"
login-message"welcometowebvpn"
policygroupWebvpn
url-list"Webvpn"
default-group-policyWebvpn
aaaauthenticationlistWebvpn
gatewayhngy
inservice
End
●项目测试结果
●项目心得
在此次综合项目试验中,我们经过不断的努力,一点一点理清思路,制定好步骤,在加上仔细的输入命令进行配置,其间虽然失败过,但是还是不断找出问题所在,然后改正,当测试通过的那一下真是激动万分。
总的感觉有点吃力,不过这种综合型的配置也正好锻炼了我们的各方面能力。
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 综合项目 IPSec VPN配置综合实训 综合 项目 VPN 配置
![提示](https://static.bdocx.com/images/bang_tan.gif)