在cisco设备中谁能帮我解释下这些命令的意思
来源:学生作业帮 编辑:大师作文网作业帮 分类:综合作业 时间:2024/11/18 07:57:01
在cisco设备中谁能帮我解释下这些命令的意思
crypto isakmp policy 10 encr aes authentication pre-share group 2 lifetime 3600 crypto isakmp key 6 112233 address 200.1.1.1 crypto ipsec transform-set wgf esp-aes esp-sha-hmac mode transport crypto map test 10 ipsec-isakmp set peer 200.1.1.1 set transform-set wgf match address 101 ip nat pool wgf 100.1.1.1 100.1.1.1 netmask 255.255.255.252 ip nat inside source list 1 pool wgf overload access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 permit icmp host 192.168.2.2 host 192.168.1.2 echo-reply access-list 100 deny icmp host 192.168.2.2 host 192.168.1.2 echo access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.1.2 established access-list 100 deny tcp 192.168.2.0 0.0.0.255 host 192.168.1.2 eq telnet access-list 100 permit ip any any access-list 100 permit gre host 100.1.1.1 host 200.1.1.1 一个刚入门的菜鸟 让大家见笑了
crypto isakmp policy 10 encr aes authentication pre-share group 2 lifetime 3600 crypto isakmp key 6 112233 address 200.1.1.1 crypto ipsec transform-set wgf esp-aes esp-sha-hmac mode transport crypto map test 10 ipsec-isakmp set peer 200.1.1.1 set transform-set wgf match address 101 ip nat pool wgf 100.1.1.1 100.1.1.1 netmask 255.255.255.252 ip nat inside source list 1 pool wgf overload access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 permit icmp host 192.168.2.2 host 192.168.1.2 echo-reply access-list 100 deny icmp host 192.168.2.2 host 192.168.1.2 echo access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.1.2 established access-list 100 deny tcp 192.168.2.0 0.0.0.255 host 192.168.1.2 eq telnet access-list 100 permit ip any any access-list 100 permit gre host 100.1.1.1 host 200.1.1.1 一个刚入门的菜鸟 让大家见笑了
crypto isakmp policy 10 //标识要创建的策略,每条策略优先级唯一标识.authentication pre-share //指定加密算法 crypto isakmp key 6 112233 address 200.1.1.1 crypto ipsec transform-set wgf esp-aes esp-sha-hmac mode transport //改变和变换集合相关联的模式 crypto map test 10 ipsec-isakmp //指定要创建或修改的加密映射条目,执行此命令讲进入加密映射配置模式 set peer 200.1.1.1 //指定远端的IPsec 对等体的通信有用;对其他通信无用(所有通信都在通道模式下进行) match address 101 //为加密映射列表指定一个访问列表.这个访问列表决定了哪些通信应该受到IPSec 的保护,哪些通信不应该受到此加密映射条目中定义的IPSec 安全性的保护 ip nat pool wgf 100.1.1.1 100.1.1.1 netmask 255.255.255.252 ip nat inside source list 1 pool wgf overload 这些是nat地址转换的.接下面是acl访问列表