思科路由器EzVPN测试

R1：
int f0/0
ip add 10.1.1.1 255.255.255.0
no sh
R2：
int f0/0
ip add 10.1.1.2 255.255.255.0
no sh
int f0/1
ip add 202.100.1.2 255.255.255.0
no sh
R3：
int f0/0
ip add 202.100.1.3 255.255.255.0
no sh
int f0/1
ip add 202.100.2.3 255.255.255.0
no sh
R4：
int f0/0
ip add 202.100.2.4 255.255.255.0
no sh
int f0/1
ip add 20.1.1.4 255.255.255.0
no sh
R5：
int f0/0
ip add 20.1.1.5 255.255.255.0
no sh
PC:
ip address 202.100.1.100/24
3.路由配置：
R1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
R2(config)#ip route 0.0.0.0 0.0.0.0 202.100.1.3
R4(config)#ip route 0.0.0.0 0.0.0.0 202.100.2.3
R5(config)#ip route 0.0.0.0 0.0.0.0 20.1.1.4
4.EzVPN服务器配置
①第一阶段：
crypto isakmp policy 10
authentication pre-share
en des
group 2
hash md5
crypto isakmp client configuration group ipsecgroup
key cisco
②第1.5阶段XAUTH配置
aaa new-model
aaa authentication login noacs line none
line console 0
 login authentication noacs
line aux 0
 login authentication noacs
username xll password xll
aaa authentication login xauth-authen local
③第1.5阶段MODE-CFG配置
ip local pool ippool 123.1.1.100 123.1.1.200
aaa authorization network mcfg-author local
crypto isakmp client configuration group ipsecgroup
 pool ippool
④第2阶段转换集与动态map配置
crypto ipsec transform-set ezvpnset esp-des esp-md5-hmac
crypto dynamic-map dymap 10
set transform-set ezvpnset
⑤第2阶段crypto map配置
crypto map cry-map client authentication list xauth-authen
crypto map cry-map isakmp authorization list mcfg-author
crypto map cry-map client configuration address respond
crypto map cry-map 10 ipsec-isakmp dynamic dymap
interface fastEthernet 0/0
crypto map cry-map

5.EzVPN硬件客户端配置
①EzVPN基本配置
crypto ipsec client ezvpn Ez-Client
connect manual
group ipsecgroup key cisco
mode client 
peer 202.100.2.4
interface FastEthernet 0/0
crypto ipsec client ezvpn Ez-Client inside
interface FastEthernet 0/1
crypto ipsec client ezvpn Ez-Client outside
②手动触发EzVPN连接

R2#crypto ipsec client ezvpn connect
R2#
*Mar  1 00:19:58.175: EZVPN(Ez-Client): Pending XAuth Request, Please enter the following command:
*Mar  1 00:19:58.175: EZVPN: crypto ipsec client ezvpn xauth

R2#crypto ipsec client ezvpn xauth
Username: xll
Password: 
R2#
*Mar  1 00:20:11.035: %CRYPTO-6-EZVPN_CONNECTION_UP: (Client)  User=  Group=ipsecgroup  Client_public_addr=202.100.1.2  Server_public_addr=202.100.2.4  Assigned_client_addr=123.1.1.101  
R2#
*Mar  1 00:20:12.543: %LINK-3-UPDOWN: Interface Loopback10000, changed state to up
*Mar  1 00:20:13.543: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10000, changed state to up
R2#show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            10.1.1.2        YES NVRAM  up                    up      
FastEthernet0/1            202.100.1.2     YES NVRAM  up                    up      
NVI0                       unassigned      NO  unset  up                    up      
Loopback10000              123.1.1.101     YES manual up                    up  

本文转自 碧云天 51CTO博客，原文链接：http://blog.51cto.com/333234/847164，如需转载请自行联系原作者