搜索
PacketTracer的easyVPN配置模拟续上篇《综合课程设计的PT模拟》,这个项目中还要实现远程接入VPN,原先以为PT没法模拟这种情况,后来证明是俺文盲了,不说先上图校外人员的主机直接连通Internet,这种情况下必须在学校的VPN路由器上进行配置,客户机使用VPN客户端连接在学校VPN路由器上配置EasyVPN,EasyVPN是Cisco独有的远程接入VPN,配置过程如下:aaanew-model启动AAA认证aaaauthenticationloginvpn-alocalaaaauthorizationnetworkvpn-olocalusernamevpnpassword0vpn建立本地用户名密码cryptoisakmppolicy10建立ipsec安全参数配置hashmd5authenticationpre-shareiplocalpoolVPN-POOL172.16.6.1172.16.6.254(建立分配给VPN用户的地址池)cryptoisakmpclientconfigurationgroupvpngroup(easyvpn的组及密码配置,vpngroup为组名)keyvpnpoolVPN-POOLcryptoipsectransform-setschool-setesp-3desesp-md5-hmac(Ipsec阶段2配置)cryptodynamic-mapd-map10(动态加密图)settransform-setschool-setreverse-route(反向路由注入)Easyvpn用户的认证授权配置:cryptomapschool-mapclientauthenticationlistvpn-acryptomapschool-mapisakmpauthorizationlistvpn-ocryptomapschool-mapclientconfigurationaddressrespondcryptomapschool-map10ipsec-isakmpdynamicd-map最后在端口上绑定:interfaceFastEthernet0/1cryptomapschool-map配置完毕之后在校外人员的PC上通过vpn客户端,组名为vpngroup,key为vpn,服务器地址为SCHOOL-VPN的Fa0/1地址,用户名密码均为vpn,即可看到连接成功,分到一个172.16.6.1~172.16.6.254的地址,之后就可以正常与校内主机通信了。pkt文件下载:点此