access-list 160 permit ip any any
access-list 161 deny eigrp any any
access-list 161 permit ip any any
ПРИЛОЖЕНИЕ В
НАСТРОЙКИ МАРШРУТИЗАТОРА ВТОРОГО ФИЛИАЛА
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 0 address 172.16.12.1
crypto isakmp key 0 address 172.16.32.1
!
crypto ipsec transform-set 102 esp-aes esp-sha-hmac
crypto ipsec transform-set 103 esp-aes esp-sha-hmac
!
crypto map tun_2 100 ipsec-isakmp
set peer 172.16.12.1
set pfs group2
set transform-set 102
match address 102
!
crypto map tun_3 100 ipsec-isakmp
set peer 172.16.32.1
set pfs group2
set transform-set 103
match address 103
!
interface Tunnel2
ip address 10.70.2.1 255.255.255.0
tunnel source FastEthernet0/1
tunnel destination 172.16.12.1
!
interface Tunnel3
ip address 10.70.3.2 255.255.255.0
tunnel source Ethernet1/0
tunnel destination 172.16.32.1
!
interface FastEthernet0/0
ip address 10.0.73.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.0.21.1 255.255.255.0
ip access-group 131 in
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.0.22.1 255.255.255.0
ip access-group 132 in
!
interface FastEthernet0/1
ip address 172.16.21.1 255.255.255.0
ip access-group 160 in
ip access-group 161 out
duplex auto
speed auto
crypto map tun_2
!
interface Ethernet1/0
ip address 172.16.23.1 255.255.255.0
ip access-group 160 in
ip access-group 161 out
duplex auto
speed auto
crypto map tun_3
!
interface Ethernet1/1
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet1/2
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet1/3
no ip address
duplex auto
speed auto
shutdown
!
router eigrp 1
network 10.0.0.0
no auto-summary
!
ip classless
ip route 172.16.12.0 255.255.255.0 172.16.21.2
ip route 172.16.32.0 255.255.255.0 172.16.23.2
ip route 192.168.5.0 255.255.255.0 10.70.2.2
!
access-list 102 permit gre host 172.16.21.1 host 172.16.12.1
access-list 103 permit gre host 172.16.23.1 host 172.16.32.1
access-list 131 permit tcp 10.0.21.0 0.0.0.255 host 10.0.35.2 eq ftp
access-list 131 deny tcp any any eq smtp
access-list 131 permit udp 10.0.21.0 0.0.0.255 host 10.0.33.2 eq domain
access-list 131 deny tcp any any eq www
access-list 131 permit ip any any
access-list 132 permit tcp 10.0.22.0 0.0.0.255 host 10.0.35.2 eq ftp
access-list 132 deny tcp any any eq smtp
access-list 132 deny udp any any eq domain
access-list 132 permit tcp 10.0.22.0 0.0.0.255 host 10.0.33.2 eq www
access-list 132 permit ip any any
access-list 160 deny ospf any any
access-list 160 permit ip any any
access-list 161 deny eigrp any any
access-list 161 permit ip any any
ПРИЛОЖЕНИЕ Г
НАСТРОЙКИ МАРШРУТИЗАТОРА ТРЕТЬЕГО ФИЛИАЛА
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp key 0 address 172.16.23.1
crypto isakmp key 0 address 172.16.43.1
!
!
crypto ipsec transform-set 103 esp-aes esp-sha-hmac
crypto ipsec transform-set 104 esp-aes esp-sha-hmac
!
crypto map tun_3 100 ipsec-isakmp
set peer 172.16.23.1
set pfs group2
set transform-set 103
match address 103
!
crypto map tun_4 100 ipsec-isakmp
set peer 172.16.43.1
set pfs group2
set transform-set 104
match address 104
!
interface Tunnel3
ip address 10.70.3.1 255.255.255.0
tunnel source FastEthernet0/1
tunnel destination 172.16.23.1
!
interface Tunnel4
ip address 10.70.4.2 255.255.255.0
tunnel source Ethernet1/0
tunnel destination 172.16.43.1
!
interface FastEthernet0/0
ip address 10.0.74.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.0.31.1 255.255.255.0
ip access-group 141 in
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 10.0.32.1 255.255.255.0
ip access-group 142 in
!
interface FastEthernet0/1
ip address 172.16.32.1 255.255.255.0
ip access-group 160 in
ip access-group 161 out
duplex auto
speed auto
crypto map tun_3
!
interface Ethernet1/0
ip address 172.16.34.1 255.255.255.0
ip access-group 160 in
Уважаемый посетитель!
Чтобы распечатать файл, скачайте его (в формате Word).
Ссылка на скачивание - внизу страницы.