2011年軟考網(wǎng)絡(luò)工程師復(fù)習(xí)資料及練習(xí)題4

2011年軟件水平考試網(wǎng)絡(luò)工程師復(fù)習(xí)資料及練習(xí)題
    【問(wèn)題2】
    crypto isakmp policy 1 //配置ike策略1
    authentication pre-share //ike策略1的驗(yàn)證方法設(shè)為pre_share
    group 2 //加密算法未設(shè)置則取默認(rèn)值：des
    crypto isakmp key test123 address 202.96.1.2 //設(shè)置pre-share密鑰為test123，此值兩端需一致
    crypto ipsec transform-set *tag ah-md5-hmac esp-des //設(shè)置ah散列算法為md5，esp加密算法為des
    crypto map *demp 10 ipsec-isakmp //定義crypto map
    set peer 202.96.1.2 //設(shè)置隧道對(duì)端ip地址
    set transform-set *tag //設(shè)置隧道ah及esp
    match address 101
    ！
    interface tunnel0 //定義隧道接口
    ip address 192.168.1.1 255.255.255.0 //隧道端口ip地址
    no ip directed-broadcast
    tunnel source 202.96.1.1 //隧道源端地址
    tunnel destination 202.96.1.2 //隧道目標(biāo)端地址
    crypto map *demo //應(yīng)用*demo于此接口
    interface serial0/0
    ip address 202.96.1.1 255.255.255.252 //串口的internet ip地址
    no ip directed-broadcast
    crypto map *demo //應(yīng)用*demo于此端口
    ！
    interface ethernet0/1
    ip address 168.1.1.1 255.255.255.0 //外部端口ip地址
    no ip directed-broadcast
    interface ethernet0/0
    ip address 172.22.1.100 255.255.255.0 //內(nèi)部端口ip地址
    no ip directed-broadcast
    ！
    ip classless
    ip route 0.0.0.0 0.0.0.0 202.96.1.2 //默認(rèn)靜態(tài)路由
    ip route 172.22.2.0 255.255.0.0 192.168.1.2 //到內(nèi)網(wǎng)靜態(tài)路由（經(jīng)過(guò)隧道）
    access-lost 101 permit gre host 202.96.1.1 host 202.96.1.2 //定義訪問(wèn)控制列表