BEFVP41 - VPN - Applications - 图文(2)

2.2 Remote VPN Gateway is Cisco 1720

Configure Cisco 1720 as following.

Using 1925 out of 29688 bytes !

version 12.1

no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime service password-encryption !

hostname Cisco1720 !

no logging buffered no logging buffered

logging rate-limit console 10 except errors enable password 7 105D0C0D1007 !

memory-size iomem 25 ip subnet-zero no ip finger

no ip domain-lookup

ip dhcp excluded-address 192.168.2.1 192.168.2.99 !

ip dhcp pool 1

network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 !

ip audit notify log

ip audit po max-events 100 ! !

crypto isakmp policy 1 authentication pre-share group 2 !

crypto isakmp policy 2 hash md5

authentication pre-share group 2 !

crypto isakmp policy 3 authentication pre-share !

crypto isakmp policy 4 hash md5

authentication pre-share

crypto isakmp key XYZ123 address 140.111.1.1

! !

crypto ipsec transform-set rtpset1 esp-des esp-md5-hmac crypto ipsec transform-set rtpset2 esp-des esp-sha-hmac crypto ipsec transform-set rtpset3 esp-null esp-md5-hmac crypto ipsec transform-set rtpset4 esp-null esp-sha-hmac crypto ipsec transform-set rtpset5 esp-des !

crypto map rtp 1 ipsec-isakmp set peer 140.111.1.1

set transform-set rtpset1 rtpset2 rtpset3 rtpset4 rtpset5 match address 101 ! ! ! !

interface Ethernet0

description connected to EthernetLAN_1 ip address 140.111.1.2 255.255.255.0 half-duplex crypto map rtp !

interface FastEthernet0

description connected to EthernetLAN ip address 192.168.2.1 255.255.255.0 speed auto !

router rip version 2

network 140.111.0.0 network 192.168.2.0 no auto-summary !

ip kerberos source-interface any ip classless

ip route 0.0.0.0 0.0.0.0 140.111.1.1 no ip http server !

access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 snmp-server community public RO !

line con 0

exec-timeout 0 0

password 7 070E25414707 login

transport input none line aux 0 line vty 0 4

password 7 1304131F0202 login

! end

2.3 Remote VPN gateway is CheckPoint

1. Set Network Objects.

2. Set Local Secure Group

3. Set Remote Secure Group