符合中小企业对网站设计、功能常规化式的企业展示型网站建设
本套餐主要针对企业品牌型网站、中高端设计、前端互动体验...
商城网站建设因基本功能的需求不同费用上面也有很大的差别...
手机微信网站开发、微信官网、微信商城网站...
ISAKMP Profile技术是IKE协商的一种新型配置方式。它主要的作用是映射我们第一阶段ISAKMP参数到第
二阶段IPSec隧道,可以实现一个设备和多个站点建立多个隧道。还可以很好的消除不同×××之间的影
响,让第一阶段策略和第二阶段策略关联的更加紧密。并且ISAKMP Profile普遍在EZ×××和VRF-ware
IPSec ×××配置里边被采用。
Site1 :
crypto keyring ccie
pre-shared-key address 61.128.1.1 key cisco
!
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp profile isaprof
keyring ccie
match identity address 61.128.1.1 255.255.255.255
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map ccie 10 ipsec-isakmp
set peer 61.128.1.1
set transform-set myset
set isakmp-profile isaprof
match address ***
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 202.100.1.1 255.255.255.0
crypto map ccie
!
ip route 0.0.0.0 0.0.0.0 202.100.1.10
!
ip access-list extended ***
permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
Internet:
interface FastEthernet0/0
ip address 202.100.1.10 255.255.255.0
!
interface FastEthernet0/1
ip address 61.128.1.10 255.255.255.0
!
end
Site2:
crypto keyring ccie
pre-shared-key address 202.100.1.1 key cisco
!
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp profile isaprof
keyring ccie
match identity address 202.100.1.1 255.255.255.255
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map ccie 10 ipsec-isakmp
set peer 202.100.1.1
set transform-set myset
set isakmp-profile isaprof
match address ***
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 61.128.1.1 255.255.255.0
crypto map ccie
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 61.128.1.10
!
ip access-list extended ***
permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
!
测试:
Site1#ping 2.2.2.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/133/148 ms
Site1#show crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: ccie, local addr 202.100.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (1.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (2.2.2.0/255.255.255.0/0/0)
current_peer 61.128.1.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 9, #pkts encrypt: 9, #pkts digest: 9
#pkts decaps: 9, #pkts decrypt: 9, #pkts verify: 9
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 202.100.1.1, remote crypto endpt.: 61.128.1.1
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x96AB8F14(2527825684)
inbound esp sas:
spi: 0xF41D2511(4095550737)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 1, flow_id: SW:1, crypto map: ccie
sa timing: remaining key lifetime (k/sec): (4566332/2033)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x96AB8F14(2527825684)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2, flow_id: SW:2, crypto map: ccie
sa timing: remaining key lifetime (k/sec): (4566332/2031)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
Site1#show crypto session
Crypto session current status
Interface: FastEthernet0/0
Profile: isaprof
Session status: UP-ACTIVE
Peer: 61.128.1.1 port 500
IKE SA: local 202.100.1.1/500 remote 61.128.1.1/500 Active
IPSEC FLOW: permit ip 1.1.1.0/255.255.255.0 2.2.2.0/255.255.255.0
Active SAs: 2, origin: crypto map
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。