在cisco设备中谁能帮我解释下这些命令的意思
来源:学生作业帮 编辑:百度作业网作业帮 分类:综合作业 时间:2024/07/31 10:18:50
在cisco设备中谁能帮我解释下这些命令的意思
crypto isakmp policy 10 encr aes authentication pre-share group 2 lifetime 3600 crypto isakmp key 6 112233 address 200.1.1.1 crypto ipsec transform-set wgf esp-aes esp-sha-hmac mode transport crypto map test 10 ipsec-isakmp set peer 200.1.1.1 set transform-set wgf match address 101 ip nat pool wgf 100.1.1.1 100.1.1.1 netmask 255.255.255.252 ip nat inside source list 1 pool wgf overload access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 permit icmp host 192.168.2.2 host 192.168.1.2 echo-reply access-list 100 deny icmp host 192.168.2.2 host 192.168.1.2 echo access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.1.2 established access-list 100 deny tcp 192.168.2.0 0.0.0.255 host 192.168.1.2 eq telnet access-list 100 permit ip any any access-list 100 permit gre host 100.1.1.1 host 200.1.1.1 一个刚入门的菜鸟 让大家见笑了
crypto isakmp policy 10 encr aes authentication pre-share group 2 lifetime 3600 crypto isakmp key 6 112233 address 200.1.1.1 crypto ipsec transform-set wgf esp-aes esp-sha-hmac mode transport crypto map test 10 ipsec-isakmp set peer 200.1.1.1 set transform-set wgf match address 101 ip nat pool wgf 100.1.1.1 100.1.1.1 netmask 255.255.255.252 ip nat inside source list 1 pool wgf overload access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 permit icmp host 192.168.2.2 host 192.168.1.2 echo-reply access-list 100 deny icmp host 192.168.2.2 host 192.168.1.2 echo access-list 100 permit tcp 192.168.2.0 0.0.0.255 host 192.168.1.2 established access-list 100 deny tcp 192.168.2.0 0.0.0.255 host 192.168.1.2 eq telnet access-list 100 permit ip any any access-list 100 permit gre host 100.1.1.1 host 200.1.1.1 一个刚入门的菜鸟 让大家见笑了
![在cisco设备中谁能帮我解释下这些命令的意思](/uploads/image/z/16055824-40-4.jpg?t=%E5%9C%A8cisco%E8%AE%BE%E5%A4%87%E4%B8%AD%E8%B0%81%E8%83%BD%E5%B8%AE%E6%88%91%E8%A7%A3%E9%87%8A%E4%B8%8B%E8%BF%99%E4%BA%9B%E5%91%BD%E4%BB%A4%E7%9A%84%E6%84%8F%E6%80%9D)
crypto isakmp policy 10 //标识要创建的策略,每条策略优先级唯一标识.authentication pre-share //指定加密算法 crypto isakmp key 6 112233 address 200.1.1.1 crypto ipsec transform-set wgf esp-aes esp-sha-hmac mode transport //改变和变换集合相关联的模式 crypto map test 10 ipsec-isakmp //指定要创建或修改的加密映射条目,执行此命令讲进入加密映射配置模式 set peer 200.1.1.1 //指定远端的IPsec 对等体的通信有用;对其他通信无用(所有通信都在通道模式下进行) match address 101 //为加密映射列表指定一个访问列表.这个访问列表决定了哪些通信应该受到IPSec 的保护,哪些通信不应该受到此加密映射条目中定义的IPSec 安全性的保护 ip nat pool wgf 100.1.1.1 100.1.1.1 netmask 255.255.255.252 ip nat inside source list 1 pool wgf overload 这些是nat地址转换的.接下面是acl访问列表