AI 助理
备案控制台
开发者社区 安全 文章 正文

层次化PKI + GETVPN

2017-11-14 1133
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介:

今天在研究PKI这本书中的GETVPN部分,重新再配置了一次层次化PKI,本次试验把SUBCA和KS配置在了一台路由器,发现配置起来还真的很麻烦。本次试验还特意做了一个控制GM注册的特性“authorization identity”,可以使用证书的特性字段来控制组成的GM。但是比较遗憾的是我只能通过fqdn来控制注册的GM,不能使用ou来控制,多次试验都失败了,不知道是什么问题!但是至少fqdn是成功的。下面是我拓扑与试验配置备份。

 



配置备份如下:
hostname RootCA
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
clock timezone GMT 8
!
!
ip cef
ip domain name yeslab.net
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
crypto pki server RootCA
issuer-name cn=RootCA.yeslab.net, ou=security, o=yeslab, l=beijing
grant auto
!
crypto pki trustpoint RootCA
revocation-check crl
rsakeypair RootCA
!
!
crypto pki certificate chain RootCA
certificate ca 01
3082027D 308201E6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303135
3432375A 170D3134 30373131 30313534 32375A30 52311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 1A301806 03550403 1311526F 6F744341 2E796573
6C61622E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100 B59486A2 E7E7663F 8F45FF31 19F96E6D 9677DD5A AFBA7BCD DB9426E6
BCFA8F3C E899F3F3 5DF3E027 6B9C4BB4 1D34D68D D605EED6 528B3BBC 61AC8B5F
D364F9D7 2CFE627C 3C06BB8F 2C59DC58 7B773111 B26257DE 5CAEF17C 9DDD7C66
C73EA70E 30C40BCA 7286DE7C 26C6E738 975FE89D 36EADBB7 1B53064F E2650198
31A9C923 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E
0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 1680143A FFAC3F4D
7A7C8DD0 36ADEEDD CB9B3A34 F58C3130 1D060355 1D0E0416 04143AFF AC3F4D7A
7C8DD036 ADEEDDCB 9B3A34F5 8C31300D 06092A86 4886F70D 01010405 00038181
003AC0F3 697404AB 68BF0272 D3C47138 F67E6E99 63E2C699 F096570F DBE0B8A3
C4A42730 46F3FFF7 C6BC0772 64F5E47B 4F7B58C9 25E3ABC5 889D0EBE 65F2A46A
3C0F12DA EA4FDBF5 EAED3B95 B9960E3C 4DF863D9 12F5946D EE0FBA85 8AC5FAB1
D9ACC685 241B4855 1BB712C4 FFC7766E 19854199 3FA0D36D 7E034B78 C6344A5D
78
quit
!
!
!
!

!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.200 255.255.255.0
duplex auto
speed auto

interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
ntp master
!
end
==========================================================================
hostname KS1-SUBCA-1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
clock timezone GMT 8
!
!
ip cef
ip domain name yeslab.net
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
crypto pki server KS1-SUBCA-1
issuer-name cn=KS1-SUBCA-1.yeslab.net, ou=CCIE, ou=security, o=yeslab, l=beijing
grant auto
mode sub-cs
!
crypto pki trustpoint KS1-SUBCA-1
enrollment url http://10.1.1.200:80
revocation-check crl
rsakeypair KS1-SUBCA-1
!
crypto pki trustpoint LOCAL-SUBCA
enrollment url http://10.1.1.201:80
serial-number
subject-name cn=KS1.yeslab.net, ou=CCIE, ou=security, o=yeslab, l=beijing
revocation-check crl
!
crypto pki trustpoint RootCA
enrollment url http://10.1.1.200:80
revocation-check none
!
!
crypto pki certificate chain KS1-SUBCA-1
certificate 03
3082028E 308201F7 A0030201 02020103 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303230
3333345A 170D3132 30373131 30323033 33345A30 66311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 0D300B06 0355040B 13044343 4945311F 301D0603
55040313 164B5331 2D535542 43412D31 2E796573 6C61622E 6E657430 819F300D
06092A86 4886F70D 01010105 0003818D 00308189 02818100 DC9C3EA5 654B3E5F
2CEB79B8 671C32BC 52F08B33 3A8C7C00 270754B8 19063707 C2B9A59B D75D16E0
C1A9DD52 926171C4 07B4F4D0 723964F2 F1A24811 1C4D4098 B2177274 E59EE5C7
E363CE94 8299F55C DE0AE7BA BB1F67DC 93B5737F 82946D24 E199C67F 3C456FF4
93D3078E FDD03FE6 031B197A FE7E8123 5EC36AEA F2120BDB 02030100 01A36030
5E300F06 03551D13 0101FF04 05300301 01FF300B 0603551D 0F040403 02078030
1F060355 1D230418 30168014 3AFFAC3F 4D7A7C8D D036ADEE DDCB9B3A 34F58C31
301D0603 551D0E04 16041404 5118F80D A437CEE6 F5E24E11 48504816 3CA8CD30
0D06092A 864886F7 0D010104 05000381 8100680D 59AEEFF6 1126D5C2 289815DE
561D6FB9 E1845B7A 0C01D809 0BD0D395 71066204 5C347AF1 8A3EFB19 9F3C0368
DC799D09 59BAC10E B3F8B0F1 C2E42909 7B34B57D 5F6681D7 E6F5709C 4E8D1285
BFB6CEA3 AE785591 5A284414 8659976F B9D7DD83 DB8B2125 DFBA733F CAE41133
1DF73A59 06482D34 2CA3990E C7F5F530 2F0C
quit
certificate ca 01
3082027D 308201E6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303135
3432375A 170D3134 30373131 30313534 32375A30 52311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 1A301806 03550403 1311526F 6F744341 2E796573
6C61622E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100 B59486A2 E7E7663F 8F45FF31 19F96E6D 9677DD5A AFBA7BCD DB9426E6
BCFA8F3C E899F3F3 5DF3E027 6B9C4BB4 1D34D68D D605EED6 528B3BBC 61AC8B5F
D364F9D7 2CFE627C 3C06BB8F 2C59DC58 7B773111 B26257DE 5CAEF17C 9DDD7C66
C73EA70E 30C40BCA 7286DE7C 26C6E738 975FE89D 36EADBB7 1B53064F E2650198
31A9C923 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E
0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 1680143A FFAC3F4D
7A7C8DD0 36ADEEDD CB9B3A34 F58C3130 1D060355 1D0E0416 04143AFF AC3F4D7A
7C8DD036 ADEEDDCB 9B3A34F5 8C31300D 06092A86 4886F70D 01010405 00038181
003AC0F3 697404AB 68BF0272 D3C47138 F67E6E99 63E2C699 F096570F DBE0B8A3
C4A42730 46F3FFF7 C6BC0772 64F5E47B 4F7B58C9 25E3ABC5 889D0EBE 65F2A46A
3C0F12DA EA4FDBF5 EAED3B95 B9960E3C 4DF863D9 12F5946D EE0FBA85 8AC5FAB1
D9ACC685 241B4855 1BB712C4 FFC7766E 19854199 3FA0D36D 7E034B78 C6344A5D
78
quit
crypto pki certificate chain LOCAL-SUBCA
certificate 04
30820281 308201EA A0030201 02020104 300D0609 2A864886 F70D0101 04050030
66311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 0D300B06 0355040B
13044343 4945311F 301D0603 55040313 164B5331 2D535542 43412D31 2E796573
6C61622E 6E657430 1E170D31 31303731 32303232 3032335A 170D3132 30373131
30323033 33345A30 81993110 300E0603 55040713 07626569 6A696E67 310F300D
06035504 0A130679 65736C61 62311130 0F060355 040B1308 73656375 72697479
310D300B 06035504 0B130443 43494531 17301506 03550403 130E4B53 312E7965
736C6162 2E6E6574 31393012 06035504 05130B4A 41423034 34364330 4C323023
06092A86 4886F70D 01090216 164B5331 2D535542 43412D31 2E796573 6C61622E
6E657430 5C300D06 092A8648 86F70D01 01010500 034B0030 48024100 C926F69D
57100E72 45402D4C 3C969EFD 4A3076DB EFEDEB10 B6279AA1 CE2EAD50 5C949B09
203F8BAC 6B4FD9D6 4D5B4A03 16F58AA7 7855E00F F25B879B F913068B 02030100
01A34F30 4D300B06 03551D0F 04040302 05A0301F 0603551D 23041830 16801404
5118F80D A437CEE6 F5E24E11 48504816 3CA8CD30 1D060355 1D0E0416 04141A98
E21EFD3B 07323BA5 B840632B 59972D51 BD65300D 06092A86 4886F70D 01010405
00038181 002C1168 A067A3A9 E1A3F714 7D99AB1C 5C5A1720 B98878CC 7AC1E045
26B1B4A1 1FE27A12 665D3A66 36B2B462 35A4AA21 795BE58B F560DC77 DACBD6E8
AE14367B 65E6187C C7DDBB0E 6134346D D0701225 9DFA41B8 E1FE3C4B AF65A0C2
37A0B648 5397923C 36F4CB21 7819B47E 81264352 8D9E8C80 9DBA4152 74E7774E
62C16FB6 DE
quit
certificate ca 03
3082028E 308201F7 A0030201 02020103 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303230
3333345A 170D3132 30373131 30323033 33345A30 66311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 0D300B06 0355040B 13044343 4945311F 301D0603
55040313 164B5331 2D535542 43412D31 2E796573 6C61622E 6E657430 819F300D
06092A86 4886F70D 01010105 0003818D 00308189 02818100 DC9C3EA5 654B3E5F
2CEB79B8 671C32BC 52F08B33 3A8C7C00 270754B8 19063707 C2B9A59B D75D16E0
C1A9DD52 926171C4 07B4F4D0 723964F2 F1A24811 1C4D4098 B2177274 E59EE5C7
E363CE94 8299F55C DE0AE7BA BB1F67DC 93B5737F 82946D24 E199C67F 3C456FF4
93D3078E FDD03FE6 031B197A FE7E8123 5EC36AEA F2120BDB 02030100 01A36030
5E300F06 03551D13 0101FF04 05300301 01FF300B 0603551D 0F040403 02078030
1F060355 1D230418 30168014 3AFFAC3F 4D7A7C8D D036ADEE DDCB9B3A 34F58C31
301D0603 551D0E04 16041404 5118F80D A437CEE6 F5E24E11 48504816 3CA8CD30
0D06092A 864886F7 0D010104 05000381 8100680D 59AEEFF6 1126D5C2 289815DE
561D6FB9 E1845B7A 0C01D809 0BD0D395 71066204 5C347AF1 8A3EFB19 9F3C0368
DC799D09 59BAC10E B3F8B0F1 C2E42909 7B34B57D 5F6681D7 E6F5709C 4E8D1285
BFB6CEA3 AE785591 5A284414 8659976F B9D7DD83 DB8B2125 DFBA733F CAE41133
1DF73A59 06482D34 2CA3990E C7F5F530 2F0C
quit
crypto pki certificate chain RootCA
certificate ca 01
3082027D 308201E6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303135
3432375A 170D3134 30373131 30313534 32375A30 52311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 1A301806 03550403 1311526F 6F744341 2E796573
6C61622E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100 B59486A2 E7E7663F 8F45FF31 19F96E6D 9677DD5A AFBA7BCD DB9426E6
BCFA8F3C E899F3F3 5DF3E027 6B9C4BB4 1D34D68D D605EED6 528B3BBC 61AC8B5F
D364F9D7 2CFE627C 3C06BB8F 2C59DC58 7B773111 B26257DE 5CAEF17C 9DDD7C66
C73EA70E 30C40BCA 7286DE7C 26C6E738 975FE89D 36EADBB7 1B53064F E2650198
31A9C923 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E
0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 1680143A FFAC3F4D
7A7C8DD0 36ADEEDD CB9B3A34 F58C3130 1D060355 1D0E0416 04143AFF AC3F4D7A
7C8DD036 ADEEDDCB 9B3A34F5 8C31300D 06092A86 4886F70D 01010405 00038181
003AC0F3 697404AB 68BF0272 D3C47138 F67E6E99 63E2C699 F096570F DBE0B8A3
C4A42730 46F3FFF7 C6BC0772 64F5E47B 4F7B58C9 25E3ABC5 889D0EBE 65F2A46A
3C0F12DA EA4FDBF5 EAED3B95 B9960E3C 4DF863D9 12F5946D EE0FBA85 8AC5FAB1
D9ACC685 241B4855 1BB712C4 FFC7766E 19854199 3FA0D36D 7E034B78 C6344A5D
78
quit
!
!
!
!
!
!
!
!
!
!
!
!
archive 
log config
hidekeys
!
!
crypto isakmp policy 10
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto ipsec profile ipsecprof
set transform-set cisco
!
crypto gdoi group yeslab
identity number 88888
server local
rekey algorithm aes 128
rekey retransmit 10 number 2
rekey authentication mypubkey rsa getvpnkey
rekey transport unicast
authorization identity getvpn_filter
sa ipsec 1
profile ipsecprof
match address ipv4 getvpntraffic
replay counter window-size 64
address ipv4 10.1.1.201
redundancy
local priority 100
peer address ipv4 10.1.1.202
!
!
crypto identity getvpn_filter
fqdn GM-1.yeslab.net
fqdn GM-2.yeslab.net
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.201 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto

ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
ip access-list extended getvpntraffic
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
!
!
!
!
control-plane
!
!
!
!
!
!
!
!

line con 0
line aux 0
line vty 0 4
!
ntp clock-period 17179882
ntp server 10.1.1.200
!
end
============================================================
hostname KS2-SUBCA-2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
clock timezone GMT 8
!
!
ip cef
ip domain name yeslab.net
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
crypto pki server KS2-SUBCA-2
issuer-name cn=KS2-SUBCA-2.yeslab.net, ou=CCSP, ou=security, o=yeslab, l=beijing
grant auto
mode sub-cs
!
crypto pki trustpoint KS2-SUBCA-2
enrollment url http://10.1.1.200:80
revocation-check crl
rsakeypair KS2-SUBCA-2
!
crypto pki trustpoint LOCAL-SUBCA
enrollment url http://10.1.1.202:80
serial-number
subject-name cn=KS2.yeslab.net, ou=CCSP, ou=security, o=yeslab, l=beijing
revocation-check crl
!
crypto pki trustpoint RootCA
enrollment url http://10.1.1.200:80
revocation-check none
!
!
crypto pki certificate chain KS2-SUBCA-2
certificate 04
3082028E 308201F7 A0030201 02020104 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303230
3931385A 170D3132 30373131 30323039 31385A30 66311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 0D300B06 0355040B 13044343 5350311F 301D0603
55040313 164B5332 2D535542 43412D32 2E796573 6C61622E 6E657430 819F300D
06092A86 4886F70D 01010105 0003818D 00308189 02818100 DB7509FB EBF9EF89
B71FBD4E 1BC1A2DF 693CAA4C 6727AC80 B310E587 35DA3483 F1493BF8 C511B77D
20C9A903 6C9D277F 54946C1B 96FEE40B 0C824D21 77559F79 26094DA3 55D89ADD
07625C74 AFD9AA6A D656F9DE FC2205A6 7B1DBF89 21C85626 68923AB5 AE9A2A37
3A087F6A 70C4BDB9 0EDD38E8 B5E274BA B3FD0649 481256D5 02030100 01A36030
5E300F06 03551D13 0101FF04 05300301 01FF300B 0603551D 0F040403 02078030
1F060355 1D230418 30168014 3AFFAC3F 4D7A7C8D D036ADEE DDCB9B3A 34F58C31
301D0603 551D0E04 1604146A 32170BDC BAA70BBA A99C0284 9B7E510E 916A9F30
0D06092A 864886F7 0D010104 05000381 81009DBD 96BDBBBF D4557F96 1861110D
3F8C4E79 9F4A0A8E 6EC819D0 81639F8C 5EA7C0B0 1B47CF08 D90A42C8 4371DDFB
BDE0CC5B 25037EF4 1F5285F9 7B044947 35FF91A7 08BEFBBC BB68EAD7 58381812
1DA86BF0 3FBE993B 866C3991 B5DEE62D 65167935 71C23FE3 0AB3B1CD 6F2224A4
935B68E6 F6B4B3BF 9424F0C7 13D37B8E D4F7
quit
certificate ca 01
3082027D 308201E6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303135
3432375A 170D3134 30373131 30313534 32375A30 52311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 1A301806 03550403 1311526F 6F744341 2E796573
6C61622E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100 B59486A2 E7E7663F 8F45FF31 19F96E6D 9677DD5A AFBA7BCD DB9426E6
BCFA8F3C E899F3F3 5DF3E027 6B9C4BB4 1D34D68D D605EED6 528B3BBC 61AC8B5F
D364F9D7 2CFE627C 3C06BB8F 2C59DC58 7B773111 B26257DE 5CAEF17C 9DDD7C66
C73EA70E 30C40BCA 7286DE7C 26C6E738 975FE89D 36EADBB7 1B53064F E2650198
31A9C923 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E
0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 1680143A FFAC3F4D
7A7C8DD0 36ADEEDD CB9B3A34 F58C3130 1D060355 1D0E0416 04143AFF AC3F4D7A
7C8DD036 ADEEDDCB 9B3A34F5 8C31300D 06092A86 4886F70D 01010405 00038181
003AC0F3 697404AB 68BF0272 D3C47138 F67E6E99 63E2C699 F096570F DBE0B8A3
C4A42730 46F3FFF7 C6BC0772 64F5E47B 4F7B58C9 25E3ABC5 889D0EBE 65F2A46A
3C0F12DA EA4FDBF5 EAED3B95 B9960E3C 4DF863D9 12F5946D EE0FBA85 8AC5FAB1
D9ACC685 241B4855 1BB712C4 FFC7766E 19854199 3FA0D36D 7E034B78 C6344A5D
78
quit
crypto pki certificate chain LOCAL-SUBCA
certificate 03
30820281 308201EA A0030201 02020103 300D0609 2A864886 F70D0101 04050030
66311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 0D300B06 0355040B
13044343 5350311F 301D0603 55040313 164B5332 2D535542 43412D32 2E796573
6C61622E 6E657430 1E170D31 31303731 32303232 3435325A 170D3132 30373131
30323039 31385A30 81993110 300E0603 55040713 07626569 6A696E67 310F300D
06035504 0A130679 65736C61 62311130 0F060355 040B1308 73656375 72697479
310D300B 06035504 0B130443 43535031 17301506 03550403 130E4B53 322E7965
736C6162 2E6E6574 31393012 06035504 05130B4A 41423034 34364330 4C323023
06092A86 4886F70D 01090216 164B5332 2D535542 43412D32 2E796573 6C61622E
6E657430 5C300D06 092A8648 86F70D01 01010500 034B0030 48024100 D174BA88
F1A55375 AC1C9D8D 6CCE6CB5 A01DC32A 918087F6 4B698B07 8F26E025 F50D5A74
ACF5FEBF 31AA4E56 14518221 92FAB88F 06EB12EF 0E541435 E4BACD7B 02030100
01A34F30 4D300B06 03551D0F 04040302 05A0301F 0603551D 23041830 1680146A
32170BDC BAA70BBA A99C0284 9B7E510E 916A9F30 1D060355 1D0E0416 0414696C
AF5062C7 94C68DDA 6B55A2CD 172066F2 2669300D 06092A86 4886F70D 01010405
00038181 00051BD0 23E57640 F62FE38F 2BEF74B5 333195AC B328D3F8 DE6AE599
10529D1E 3550A68A 261EDC24 780289B0 BD9AA914 FEEAA492 CD3BE6D2 33AE0371
FC19AF65 1F942398 5B024B63 35C2ECF0 38E94EF0 F6B3CD67 FFE5BEB7 6D590156
D907CA21 1B29E3C0 E6635802 7B7F4206 AB3618C3 F52A4E65 AEB11A4C 131EFE79
37CDCD9F 4A
quit
certificate ca 04
3082028E 308201F7 A0030201 02020104 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303230
3931385A 170D3132 30373131 30323039 31385A30 66311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 0D300B06 0355040B 13044343 5350311F 301D0603
55040313 164B5332 2D535542 43412D32 2E796573 6C61622E 6E657430 819F300D
06092A86 4886F70D 01010105 0003818D 00308189 02818100 DB7509FB EBF9EF89
B71FBD4E 1BC1A2DF 693CAA4C 6727AC80 B310E587 35DA3483 F1493BF8 C511B77D
20C9A903 6C9D277F 54946C1B 96FEE40B 0C824D21 77559F79 26094DA3 55D89ADD
07625C74 AFD9AA6A D656F9DE FC2205A6 7B1DBF89 21C85626 68923AB5 AE9A2A37
3A087F6A 70C4BDB9 0EDD38E8 B5E274BA B3FD0649 481256D5 02030100 01A36030
5E300F06 03551D13 0101FF04 05300301 01FF300B 0603551D 0F040403 02078030
1F060355 1D230418 30168014 3AFFAC3F 4D7A7C8D D036ADEE DDCB9B3A 34F58C31
301D0603 551D0E04 1604146A 32170BDC BAA70BBA A99C0284 9B7E510E 916A9F30
0D06092A 864886F7 0D010104 05000381 81009DBD 96BDBBBF D4557F96 1861110D
3F8C4E79 9F4A0A8E 6EC819D0 81639F8C 5EA7C0B0 1B47CF08 D90A42C8 4371DDFB
BDE0CC5B 25037EF4 1F5285F9 7B044947 35FF91A7 08BEFBBC BB68EAD7 58381812
1DA86BF0 3FBE993B 866C3991 B5DEE62D 65167935 71C23FE3 0AB3B1CD 6F2224A4
935B68E6 F6B4B3BF 9424F0C7 13D37B8E D4F7
quit
crypto pki certificate chain RootCA
certificate ca 01
3082027D 308201E6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303135
3432375A 170D3134 30373131 30313534 32375A30 52311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 1A301806 03550403 1311526F 6F744341 2E796573
6C61622E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100 B59486A2 E7E7663F 8F45FF31 19F96E6D 9677DD5A AFBA7BCD DB9426E6
BCFA8F3C E899F3F3 5DF3E027 6B9C4BB4 1D34D68D D605EED6 528B3BBC 61AC8B5F
D364F9D7 2CFE627C 3C06BB8F 2C59DC58 7B773111 B26257DE 5CAEF17C 9DDD7C66
C73EA70E 30C40BCA 7286DE7C 26C6E738 975FE89D 36EADBB7 1B53064F E2650198
31A9C923 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E
0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 1680143A FFAC3F4D
7A7C8DD0 36ADEEDD CB9B3A34 F58C3130 1D060355 1D0E0416 04143AFF AC3F4D7A
7C8DD036 ADEEDDCB 9B3A34F5 8C31300D 06092A86 4886F70D 01010405 00038181
003AC0F3 697404AB 68BF0272 D3C47138 F67E6E99 63E2C699 F096570F DBE0B8A3
C4A42730 46F3FFF7 C6BC0772 64F5E47B 4F7B58C9 25E3ABC5 889D0EBE 65F2A46A
3C0F12DA EA4FDBF5 EAED3B95 B9960E3C 4DF863D9 12F5946D EE0FBA85 8AC5FAB1
D9ACC685 241B4855 1BB712C4 FFC7766E 19854199 3FA0D36D 7E034B78 C6344A5D
78
quit
!
!
!
!
!
!
!
!
!
!
!
!
archive 
log config
hidekeys
!
!
crypto isakmp policy 10
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto ipsec profile ipsecprof
set transform-set cisco
!
crypto gdoi group yeslab
identity number 88888
server local
rekey algorithm aes 128
rekey retransmit 10 number 2
rekey authentication mypubkey rsa getvpnkey
rekey transport unicast
authorization identity getvpn_filter
sa ipsec 1
profile ipsecprof
match address ipv4 getvpntraffic
replay counter window-size 64
address ipv4 10.1.1.202
redundancy
local priority 75
peer address ipv4 10.1.1.201
!
!
crypto identity getvpn_filter
fqdn GM-3.yeslab.net
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.202 255.255.255.0
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto

ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
ip access-list extended getvpntraffic
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
!
!
!
!
control-plane
!
!
!
!
!
!
!
!

line con 0
line aux 0
line vty 0 4
!
ntp clock-period 17179895
ntp server 10.1.1.200
!
end
================================================================
hostname GM-1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
clock timezone GMT 8
!
!
ip cef
ip domain name yeslab.net
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint KS1-SUBCA-1
enrollment url http://10.1.1.201:80
serial-number
subject-name cn=GM-1.yeslab.net, ou=CCIE, ou=security, o=yeslab, l=beijing
revocation-check crl
!
crypto pki trustpoint RootCA
enrollment url http://10.1.1.200:80
revocation-check none
!
!
crypto pki certificate chain KS1-SUBCA-1
certificate 02
3082027B 308201E4 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
66311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 0D300B06 0355040B
13044343 4945311F 301D0603 55040313 164B5331 2D535542 43412D31 2E796573
6C61622E 6E657430 1E170D31 31303731 32303231 3235345A 170D3132 30373131
30323033 33345A30 81933110 300E0603 55040713 07626569 6A696E67 310F300D
06035504 0A130679 65736C61 62311130 0F060355 040B1308 73656375 72697479
310D300B 06035504 0B130443 43494531 18301606 03550403 130F474D 2D312E79
65736C61 622E6E65 74313230 12060355 0405130B 4A414230 34343643 304C3230
1C06092A 864886F7 0D010902 160F474D 2D312E79 65736C61 622E6E65 74305C30
0D06092A 864886F7 0D010101 0500034B 00304802 4100E0E5 8B0FF90C 4C6F5712
57645A29 E2C16AE7 CBAED85A 4A8AD03D 93EE5055 B8C73EBC 086A55EC E1B5BFE2
18DC55A6 4193998D 9F3140E9 3E477F56 737C9E22 93630203 010001A3 4F304D30
0B060355 1D0F0404 030205A0 301F0603 551D2304 18301680 14045118 F80DA437
CEE6F5E2 4E114850 48163CA8 CD301D06 03551D0E 04160414 5A832DAA 271D8C8A
98C87A9C B92857D1 A55877AC 300D0609 2A864886 F70D0101 04050003 818100D1
1A7A58AA 1B03408C 73000B0C 45370593 D7097781 1A5C8617 464884D3 746E0C4D
B78283AC ABE981A4 8A9268FB 7FB154B9 2D24D257 847F3D03 8CC74FF1 F1F3ED71
83E27EC2 9A6C5FCA 20B9F740 0B137B97 128DD069 CC929A0B E2CFEEDF C59140AF
F652E753 4CF9D575 83F10303 75D6D92C 5546F695 4E385840 0B83F9AB 5A
CF4C
quit
certificate ca 03
3082028E 308201F7 A0030201 02020103 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303230
3333345A 170D3132 30373131 30323033 33345A30 66311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 0D300B06 0355040B 13044343 4945311F 301D0603
55040313 164B5331 2D535542 43412D31 2E796573 6C61622E 6E657430 819F300D
06092A86 4886F70D 01010105 0003818D 00308189 02818100 DC9C3EA5 654B3E5F
2CEB79B8 671C32BC 52F08B33 3A8C7C00 270754B8 19063707 C2B9A59B D75D16E0
C1A9DD52 926171C4 07B4F4D0 723964F2 F1A24811 1C4D4098 B2177274 E59EE5C7
E363CE94 8299F55C DE0AE7BA BB1F67DC 93B5737F 82946D24 E199C67F 3C456FF4
93D3078E FDD03FE6 031B197A FE7E8123 5EC36AEA F2120BDB 02030100 01A36030
5E300F06 03551D13 0101FF04 05300301 01FF300B 0603551D 0F040403 02078030
1F060355 1D230418 30168014 3AFFAC3F 4D7A7C8D D036ADEE DDCB9B3A 34F58C31
301D0603 551D0E04 16041404 5118F80D A437CEE6 F5E24E11 48504816 3CA8CD30
0D06092A 864886F7 0D010104 05000381 8100680D 59AEEFF6 1126D5C2 289815DE
561D6FB9 E1845B7A 0C01D809 0BD0D395 71066204 5C347AF1 8A3EFB19 9F3C0368
DC799D09 59BAC10E B3F8B0F1 C2E42909 7B34B57D 5F6681D7 E6F5709C 4E8D1285
BFB6CEA3 AE785591 5A284414 8659976F B9D7DD83 DB8B2125 DFBA733F CAE41133
1DF73A59 06482D34 2CA3990E C7F5F530 2F0C
quit
crypto pki certificate chain RootCA
certificate ca 01
3082027D 308201E6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303135
3432375A 170D3134 30373131 30313534 32375A30 52311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 1A301806 03550403 1311526F 6F744341 2E796573
6C61622E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100 B59486A2 E7E7663F 8F45FF31 19F96E6D 9677DD5A AFBA7BCD DB9426E6
BCFA8F3C E899F3F3 5DF3E027 6B9C4BB4 1D34D68D D605EED6 528B3BBC 61AC8B5F
D364F9D7 2CFE627C 3C06BB8F 2C59DC58 7B773111 B26257DE 5CAEF17C 9DDD7C66
C73EA70E 30C40BCA 7286DE7C 26C6E738 975FE89D 36EADBB7 1B53064F E2650198
31A9C923 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E
0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 1680143A FFAC3F4D
7A7C8DD0 36ADEEDD CB9B3A34 F58C3130 1D060355 1D0E0416 04143AFF AC3F4D7A
7C8DD036 ADEEDDCB 9B3A34F5 8C31300D 06092A86 4886F70D 01010405 00038181
003AC0F3 697404AB 68BF0272 D3C47138 F67E6E99 63E2C699 F096570F DBE0B8A3
C4A42730 46F3FFF7 C6BC0772 64F5E47B 4F7B58C9 25E3ABC5 889D0EBE 65F2A46A
3C0F12DA EA4FDBF5 EAED3B95 B9960E3C 4DF863D9 12F5946D EE0FBA85 8AC5FAB1
D9ACC685 241B4855 1BB712C4 FFC7766E 19854199 3FA0D36D 7E034B78 C6344A5D
78
quit
!

!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
!
!
crypto gdoi group yeslab
identity number 88888
server address ipv4 10.1.1.201
server address ipv4 10.1.1.202

!
crypto map cisco 10 gdoi
set group yeslab
!
!
!
ip ssh version 1
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
crypto map cisco
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!

line con 0
line aux 0
line vty 0 4
!
ntp clock-period 17179919
ntp server 10.1.1.200
!
end
===========================================================
hostname GM-2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
clock timezone GMT 8
!
!
ip cef
ip domain name yeslab.net
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint KS1-SUBCA-1
enrollment url http://10.1.1.201:80
serial-number
subject-name cn=GM-2.yeslab.net, ou=CCIE, ou=security, o=yeslab, l=beijing
revocation-check crl
!
crypto pki trustpoint RootCA
enrollment url http://10.1.1.200:80
revocation-check none
!
!
crypto pki certificate chain KS1-SUBCA-1
certificate 03
3082027B 308201E4 A0030201 02020103 300D0609 2A864886 F70D0101 04050030
66311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 0D300B06 0355040B
13044343 4945311F 301D0603 55040313 164B5331 2D535542 43412D31 2E796573
6C61622E 6E657430 1E170D31 31303731 32303231 3432305A 170D3132 30373131
30323033 33345A30 81933110 300E0603 55040713 07626569 6A696E67 310F300D
06035504 0A130679 65736C61 62311130 0F060355 040B1308 73656375 72697479
310D300B 06035504 0B130443 43494531 18301606 03550403 130F474D 2D322E79
65736C61 622E6E65 74313230 12060355 0405130B 4A414230 34343643 304C3230
1C06092A 864886F7 0D010902 160F474D 2D322E79 65736C61 622E6E65 74305C30
0D06092A 864886F7 0D010101 0500034B 00304802 4100FA8B F88D9576 C2CBFF3D
AE6C9037 1D4B9CE6 2347CE61 F03126F9 ADEF6787 25D093F3 F01EFED6 26509489
A2ACF0B0 4C0C34D8 7AB86ADA FA8BB5EE 37F1D6E3 613F0203 010001A3 4F304D30
0B060355 1D0F0404 030205A0 301F0603 551D2304 18301680 14045118 F80DA437
CEE6F5E2 4E114850 48163CA8 CD301D06 03551D0E 04160414 B05AF2BC 3783E600
083FF6CC 718D5C83 82822237 300D0609 2A864886 F70D0101 04050003 818100B5
1D28A36C D30DD46B 317155A7 C840FB77 E1B85BE8 0C99D550 8DA03279 D3489C44
A8E833CB 4EE09E42 7174716D 9849EC97 EB325FAA 49577176 33CEB951 D06EAE2B
E9EACC23 066B51F5 CC58BF98 02590EA8 484BCF05 0EF75BDD 9CF4E832 34E84B6E
073E0952 FB792DAE ECDEA93B 1DDA9EFB B4BDAF40 D56FED02 C55B0623 96
35EF
quit
certificate ca 03
3082028E 308201F7 A0030201 02020103 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303230
3333345A 170D3132 30373131 30323033 33345A30 66311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 0D300B06 0355040B 13044343 4945311F 301D0603
55040313 164B5331 2D535542 43412D31 2E796573 6C61622E 6E657430 819F300D
06092A86 4886F70D 01010105 0003818D 00308189 02818100 DC9C3EA5 654B3E5F
2CEB79B8 671C32BC 52F08B33 3A8C7C00 270754B8 19063707 C2B9A59B D75D16E0
C1A9DD52 926171C4 07B4F4D0 723964F2 F1A24811 1C4D4098 B2177274 E59EE5C7
E363CE94 8299F55C DE0AE7BA BB1F67DC 93B5737F 82946D24 E199C67F 3C456FF4
93D3078E FDD03FE6 031B197A FE7E8123 5EC36AEA F2120BDB 02030100 01A36030
5E300F06 03551D13 0101FF04 05300301 01FF300B 0603551D 0F040403 02078030
1F060355 1D230418 30168014 3AFFAC3F 4D7A7C8D D036ADEE DDCB9B3A 34F58C31
301D0603 551D0E04 16041404 5118F80D A437CEE6 F5E24E11 48504816 3CA8CD30
0D06092A 864886F7 0D010104 05000381 8100680D 59AEEFF6 1126D5C2 289815DE
561D6FB9 E1845B7A 0C01D809 0BD0D395 71066204 5C347AF1 8A3EFB19 9F3C0368
DC799D09 59BAC10E B3F8B0F1 C2E42909 7B34B57D 5F6681D7 E6F5709C 4E8D1285
BFB6CEA3 AE785591 5A284414 8659976F B9D7DD83 DB8B2125 DFBA733F CAE41133
1DF73A59 06482D34 2CA3990E C7F5F530 2F0C
quit
crypto pki certificate chain RootCA
certificate ca 01
3082027D 308201E6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303135
3432375A 170D3134 30373131 30313534 32375A30 52311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 1A301806 03550403 1311526F 6F744341 2E796573
6C61622E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100 B59486A2 E7E7663F 8F45FF31 19F96E6D 9677DD5A AFBA7BCD DB9426E6
BCFA8F3C E899F3F3 5DF3E027 6B9C4BB4 1D34D68D D605EED6 528B3BBC 61AC8B5F
D364F9D7 2CFE627C 3C06BB8F 2C59DC58 7B773111 B26257DE 5CAEF17C 9DDD7C66
C73EA70E 30C40BCA 7286DE7C 26C6E738 975FE89D 36EADBB7 1B53064F E2650198
31A9C923 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E
0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 1680143A FFAC3F4D
7A7C8DD0 36ADEEDD CB9B3A34 F58C3130 1D060355 1D0E0416 04143AFF AC3F4D7A
7C8DD036 ADEEDDCB 9B3A34F5 8C31300D 06092A86 4886F70D 01010405 00038181
003AC0F3 697404AB 68BF0272 D3C47138 F67E6E99 63E2C699 F096570F DBE0B8A3
C4A42730 46F3FFF7 C6BC0772 64F5E47B 4F7B58C9 25E3ABC5 889D0EBE 65F2A46A
3C0F12DA EA4FDBF5 EAED3B95 B9960E3C 4DF863D9 12F5946D EE0FBA85 8AC5FAB1
D9ACC685 241B4855 1BB712C4 FFC7766E 19854199 3FA0D36D 7E034B78 C6344A5D
78
quit
!

!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
!
!
crypto gdoi group yeslab
identity number 88888
server address ipv4 10.1.1.201
server address ipv4 10.1.1.202

!
crypto map cisco 10 gdoi
set group yeslab
!
!
!
ip ssh version 1
!
!
!
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
crypto map cisco
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!

line con 0
line aux 0
line vty 0 4
!
ntp clock-period 17179892
ntp server 10.1.1.200
!
end
======================================================
hostname GM-3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
clock timezone GMT 8
!
!
ip cef
ip domain name yeslab.net
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint KS2-SUBCA-2
enrollment url http://10.1.1.202:80
serial-number
subject-name cn=GM-3.yeslab.net, ou=CCSP, ou=security, o=yeslab, l=beijing
revocation-check crl
!
crypto pki trustpoint RootCA
enrollment url http://10.1.1.200:80
revocation-check none
!
!
crypto pki certificate chain KS2-SUBCA-2
certificate 02
3082027B 308201E4 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
66311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 0D300B06 0355040B
13044343 5350311F 301D0603 55040313 164B5332 2D535542 43412D32 2E796573
6C61622E 6E657430 1E170D31 31303731 32303231 3635325A 170D3132 30373131
30323039 31385A30 81933110 300E0603 55040713 07626569 6A696E67 310F300D
06035504 0A130679 65736C61 62311130 0F060355 040B1308 73656375 72697479
310D300B 06035504 0B130443 43535031 18301606 03550403 130F474D 2D332E79
65736C61 622E6E65 74313230 12060355 0405130B 4A414230 34343643 304C3230
1C06092A 864886F7 0D010902 160F474D 2D332E79 65736C61 622E6E65 74305C30
0D06092A 864886F7 0D010101 0500034B 00304802 4100CCDF 10495311 0740F49D
DC60AACA 1555BB48 B48588B5 7D015ED9 1DD35C69 F461D473 2CC01DA8 AE623D75
3CC72578 DE1F5890 CD6E124A 69368B00 BB4A02F6 72B30203 010001A3 4F304D30
0B060355 1D0F0404 030205A0 301F0603 551D2304 18301680 146A3217 0BDCBAA7
0BBAA99C 02849B7E 510E916A 9F301D06 03551D0E 04160414 CF86CAF7 DC4B442C
9BEBF123 C02B9CCC 5BA03F65 300D0609 2A864886 F70D0101 04050003 818100BB
4341C71C 13570804 4660B2AA D01520E0 C69662BB 950768C9 A4498280 EB953F95
D59EAD4E A0726B61 3326C948 89480C0C BD3407E7 DA7C2C02 DBAD487A C9BDCBA1
690C9283 1398B2BF EB3084AC E327453D 88A9EA19 79940D6B 74310345 BE63C38E
16F12FCD F49C0D1A 7377F5D8 76CA604A 93196C8D DFABE658 FF6DF9A8 82
6A38
quit
certificate ca 04
3082028E 308201F7 A0030201 02020104 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303230
3931385A 170D3132 30373131 30323039 31385A30 66311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 0D300B06 0355040B 13044343 5350311F 301D0603
55040313 164B5332 2D535542 43412D32 2E796573 6C61622E 6E657430 819F300D
06092A86 4886F70D 01010105 0003818D 00308189 02818100 DB7509FB EBF9EF89
B71FBD4E 1BC1A2DF 693CAA4C 6727AC80 B310E587 35DA3483 F1493BF8 C511B77D
20C9A903 6C9D277F 54946C1B 96FEE40B 0C824D21 77559F79 26094DA3 55D89ADD
07625C74 AFD9AA6A D656F9DE FC2205A6 7B1DBF89 21C85626 68923AB5 AE9A2A37
3A087F6A 70C4BDB9 0EDD38E8 B5E274BA B3FD0649 481256D5 02030100 01A36030
5E300F06 03551D13 0101FF04 05300301 01FF300B 0603551D 0F040403 02078030
1F060355 1D230418 30168014 3AFFAC3F 4D7A7C8D D036ADEE DDCB9B3A 34F58C31
301D0603 551D0E04 1604146A 32170BDC BAA70BBA A99C0284 9B7E510E 916A9F30
0D06092A 864886F7 0D010104 05000381 81009DBD 96BDBBBF D4557F96 1861110D
3F8C4E79 9F4A0A8E 6EC819D0 81639F8C 5EA7C0B0 1B47CF08 D90A42C8 4371DDFB
BDE0CC5B 25037EF4 1F5285F9 7B044947 35FF91A7 08BEFBBC BB68EAD7 58381812
1DA86BF0 3FBE993B 866C3991 B5DEE62D 65167935 71C23FE3 0AB3B1CD 6F2224A4
935B68E6 F6B4B3BF 9424F0C7 13D37B8E D4F7
quit
crypto pki certificate chain RootCA
certificate ca 01
3082027D 308201E6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
52311030 0E060355 04071307 6265696A 696E6731 0F300D06 0355040A 13067965
736C6162 3111300F 06035504 0B130873 65637572 69747931 1A301806 03550403
1311526F 6F744341 2E796573 6C61622E 6E657430 1E170D31 31303731 32303135
3432375A 170D3134 30373131 30313534 32375A30 52311030 0E060355 04071307
6265696A 696E6731 0F300D06 0355040A 13067965 736C6162 3111300F 06035504
0B130873 65637572 69747931 1A301806 03550403 1311526F 6F744341 2E796573
6C61622E 6E657430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189
02818100 B59486A2 E7E7663F 8F45FF31 19F96E6D 9677DD5A AFBA7BCD DB9426E6
BCFA8F3C E899F3F3 5DF3E027 6B9C4BB4 1D34D68D D605EED6 528B3BBC 61AC8B5F
D364F9D7 2CFE627C 3C06BB8F 2C59DC58 7B773111 B26257DE 5CAEF17C 9DDD7C66
C73EA70E 30C40BCA 7286DE7C 26C6E738 975FE89D 36EADBB7 1B53064F E2650198
31A9C923 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E
0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 1680143A FFAC3F4D
7A7C8DD0 36ADEEDD CB9B3A34 F58C3130 1D060355 1D0E0416 04143AFF AC3F4D7A
7C8DD036 ADEEDDCB 9B3A34F5 8C31300D 06092A86 4886F70D 01010405 00038181
003AC0F3 697404AB 68BF0272 D3C47138 F67E6E99 63E2C699 F096570F DBE0B8A3
C4A42730 46F3FFF7 C6BC0772 64F5E47B 4F7B58C9 25E3ABC5 889D0EBE 65F2A46A
3C0F12DA EA4FDBF5 EAED3B95 B9960E3C 4DF863D9 12F5946D EE0FBA85 8AC5FAB1
D9ACC685 241B4855 1BB712C4 FFC7766E 19854199 3FA0D36D 7E034B78 C6344A5D
78
quit
!

!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
!
!
crypto gdoi group yeslab
identity number 88888
server address ipv4 10.1.1.202
server address ipv4 10.1.1.201

!
crypto map cisco 10 gdoi
set group yeslab
!
!
!
ip ssh version 1
!
!
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.3 255.255.255.0
duplex auto
speed auto
crypto map cisco
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip forward-protocol nd
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!

line con 0
line aux 0
line vty 0 4
!
ntp clock-period 17179873
ntp server 10.1.1.200
!
end


本文转自Yeslab教主 51CTO博客,原文链接:http://blog.51cto.com/xrmjjz/686416

文章标签:
网络安全
安全
网络虚拟化
网络协议
科技小能手
目录
相关文章
东方睿赢
|
监控 关系型数据库 分布式数据库
【PolarDB开源】PolarDB故障恢复机制:快速恢复与数据一致性保障
【5月更文挑战第22天】阿里云PolarDB的故障恢复机制保证了云数据库的高可用性和一致性。通过ROW快照备份和增量日志,实现秒级备份和恢复,确保数据安全。日志分析快速定位故障,启用备用实例实现快速恢复。分布式事务和强一致性读等技术保障数据一致性。这套全面的解决方案使PolarDB在云原生数据库中表现出色。
东方睿赢
745 10
一缕微风绕指柔
|
9月前
|
存储 缓存 运维
缓存技术有哪些优缺点呢
【10月更文挑战第19天】缓存技术有哪些优缺点呢
一缕微风绕指柔
319 3
1941623231718325
|
10月前
|
安全 搜索推荐 机器人
纳米技术与医疗:纳米机器人的临床应用前景
【9月更文挑战第28天】纳米机器人作为纳米技术在医疗领域的重要应用,正逐步改变着传统医疗的面貌。它们在药物输送、癌症治疗、手术辅助和疾病诊断等方面展现出广阔的应用前景。随着科学技术的不断进步和纳米技术的不断成熟,我们有理由相信,纳米机器人将成为医疗领域的一个重要且不可或缺的组成部分,为人类的健康事业做出更大的贡献。同时,我们也应关注纳米技术的安全性和可靠性问题,确保其在医疗应用中的安全和有效。
1941623231718325
640 1
涛7453243251
|
9月前
|
程序员 Python
Python中Lambda表达式的优缺点及使用场景
Python中Lambda表达式的优缺点及使用场景
涛7453243251
266 0
游客cxtb2yf2r55as
|
9月前
|
Linux 应用服务中间件 nginx
Linux下权限设置之suid、sgid、sticky
Linux下权限设置之suid、sgid、sticky
游客cxtb2yf2r55as
268 0
游客mldfis24krfue
|
11月前
|
Prometheus Kubernetes API
在k8S中,HPA V1 V2的区别是什么?
在k8S中,HPA V1 V2的区别是什么?
游客mldfis24krfue
180 0
简简单单做算法
|
机器学习/深度学习 算法 自动驾驶
基于Qlearning强化学习的路径规划算法matlab仿真
基于Qlearning强化学习的路径规划算法matlab仿真
简简单单做算法
304 0
荔枝科研社
|
数据挖掘
2022亚太数学杯数学建模竞赛C题(思路、程序......)
2022亚太数学杯数学建模竞赛C题(思路、程序......)
荔枝科研社
481 0
邢仕冲的一亩三分地
|
消息中间件 算法 编译器
【FreeRTOS(一)】FreeRTOS新手入门——初识FreeRTOS
【FreeRTOS(一)】FreeRTOS新手入门——初识FreeRTOS
邢仕冲的一亩三分地
432 0
亚丁号
分享一下基于autojs4的悟空浏览器的代码
分享一下基于autojs4的悟空浏览器的代码
亚丁号
257 1