技術簡介
easy VPN又名EzVPN,是Cisco專用VPN技術。它分為EASY VPN SERVER和EASY VPN REMOTE兩種,EASY VPN SERVER 是REMOT--ACCESS VPN專業設備。配置複雜,支持POLICY PUSHING等特性,現在的900、1700、PIX、VPN3002和ASA等很多設備都支持。此種技術套用在中小企業居多。如Cisco精睿系類的路由器都有整合easy VPN。
配置
server端的配置:
Building configuration...
Current configuration : 1798 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
aaa new-model
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
ip cef
!
no ip domain lookup
!
username warky privilege 15 password 0 123456
username cisco1 password 0 cisco
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key 123456
dns 61.134.1.4
pool SDM_POOL_1
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group vpnclient
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 300
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
interface FastEthernet0/0
ip address 172.16.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
ip local pool SDM_POOL_1 10.0.0.1 10.0.0.15
ip http server
ip http authentication local
no ip http secure-server
!
logging alarm informational
!
control-plane
!
gatekeeper
shutdown
!
line con 0
stopbits 1
line aux 0
line vty 0 4
!
end
客戶端使用cisco的vpn client登錄。
