收藏
下载资源

信息安全超详细资料

上传人:壹****1 文档编号:512865038 上传时间:2022-10-30 格式:DOCX 页数:4 大小:51.88KB
返回 下载 相关 举报
信息安全超详细资料_第1页
第1页 / 共4页
信息安全超详细资料_第2页
第2页 / 共4页
信息安全超详细资料_第3页
第3页 / 共4页
信息安全超详细资料_第4页
第4页 / 共4页
亲,该文档总共4页,全部预览完了,如果喜欢就下载吧!
资源描述

《信息安全超详细资料》由会员分享,可在线阅读,更多相关《信息安全超详细资料(4页珍藏版)》请在金锄头文库上搜索。

1、包过滤拓扑图R1开放www服务R5(c on fig)#access-list101permittcpanyhost192.168.1.1 eq 80R2开放FTP服务R5(c on fig)#access-list101permitudpanyhost192.168.1.2 eq 20R5(c on fig)#access-list101permitudpanyhost192.168.1.2 eq 21R3开放SFTP服务R5(c on fig)#access-list101permittcpanyhost192.168.1.3 eq 25应用到端口R5(config)#int s1/3R5

2、(c on fig-if)#ip access-group 101 out允许内部访问外部外部响应内部的数据包通过.R5(c on fig)#ip access-list exte nded outbo undR5(c on fig-ext-n acl)#permiticmp any any reflecticmp_trafficR5(c on fig-ext -n acl)#exitR5(c on fig)#ip access-list exte nded inboundR5(c on fig-ext-n acl)#evaluate icmp_trafficR5(c on fig-ext -

3、n acl)#exit应用到端口R5(config)#int s1/3R5(c on fig-if)#ip access-group inbound inR5(c on fig-if)#ip access-group outbo und out二、 VPN配置IPR1R1(co nfig)#i nt s1/1R1(config-if)#ip address 192.168.12.1 255.255.255.0R1(config-if)#clock rate 64000R1(config-if)#no shutdownR1(c on fig)#router ripR1(co nfig-route

4、r)# n etwork 192.168.12.0R2Router(c on fig)#i nt s!/0Router(config-if)#ip address 192.168.12.2 255.255.255.0Router(config-if)#clock rate 64000Router(config-if)#no shutdownRouter(co nfig)# int s”1Router(config-if)#ip address 192.168.23.1 255.255.255.0Router(config-if)#clock rate 64000Router(config-if

5、)#no shutdownR3R3(co nfig)#i nt s1/0R3(config-if)#ip address 192.168.23.2 255.255.255.0R3(config-if)#clock rate 64000R3(config-if)#no shutdownR3(co nfig)#i nt s1/1R3(config-if)#ip address 192.168.34.1 255.255.255.0R3(config-if)#clock rate 64000R3(config-if)#no shutdownR4Router(c on fig)#i nt s!/0Rou

6、ter(c on fig-if)#ip address 192.168.34.2 255.255.255.0Router(config-if)#clock rate 64000Router(config-if)#no shutdown4(c on fig)#router ripR4(c on fig-router)# n etwork 192.168.34.0配置R2R2(c on fig)#router ripR2(co nfig-router)# n etwork 192.168.12.0R2(co nfig-router)# n etwork 192.168.23.0R2(c on fi

7、g)#logg ing alarm in formati onalR2(config)#access-list 101 permit ip host 192.168.12.1host 192.168.23.22(c on fig)#crypto isakmp policy 10R2(c on fig-isakmp)# encr 3desR2(config-isakmp)# authentication pre-shareR2(c on fig-isakmp)# group 2R2(c on fig-isakmp)#crypto isakmp key cisco address192.168.2

8、3.2R2(c on fig)#crypto map vpn map 10 ipsec-isakmpR2(co nfig-crypto-map)# set peer 192.168.23.2R2(c on fig-crypto-map)# set tra nsform-set vpn testR2(c on fig-crypto-map)# match address 101R2(co nfig)#i nterface Serial”1R2(c on fig-if)# crypto map vpn map配置R3R3(c on fig)#router ripR3(config-router)#

9、 network 192.168.23.0R3(config-router)# network 192.168.34.0R3(c on fig)#logg ing alarm informati onalR3(config)#access-list 101 permit ip host 192.168.34.2host 192.168.12.1R3(c on fig)#crypto isakmp policy 10R3(c on fig-isakmp)# encr 3desR3(config-isakmp)# authentication pre-shareR3(c on fig-isakmp

10、)# group 2R3(c on fig-isakmp)#crypto isakmp key cisco address 192.168.23.1R3(config)#crypto ipsec transform-set vpntest esp-3des esp-sha-hmacR3(c 馆-crypto-tra ns)#crypto map vpn map 10 ipsec-isakmpR3(co nfig-crypto-map)# set peer 192.168.23.1R3(c on fig-crypto-map)# set tra nsform-set vpn testR3(c o

11、n fig-crypto-map)# match address 101R3(co nfig)#i nterface Serial1/0R3(c on fig-if)# crypto map vpn mapCCNA标准版R1(config-if)#clock rate 64000R1(config-if)#no shutdownR2R2(co nfig)#i nt s!/3R2(config-if)#ip address 192.168.1.1 255.255.255.0R2(config-if)#clock rate 64000R2(config-if)#no shutdownR2(co n

12、fig)#i nt s1/1R2(config-if)#ip address 193.168.1.1 255.255.255.0R2(config-if)#clock rate 64000R2(config-if)#no shutdownR3R3(co nfig-if)#i nt s1/0R3(config-if)#ip address 193.168.1.2 255.255.255.0R3(config-if)#clock rate 64000R3(config-if)#no shutdownR2: (MD5 加密)R2(co nfig)#i nt s1/0R2(c on fig-if)#i

13、p ospf message-digest-key 1 md5 ciscoR2(co nfig)#i nt s1/1R2(c on fig-if)#ip ospf message-digest-key 1 md5 ciscoR2(co nfig)#router ospf 64R2(co nfig-router)# network 192.168.1.0 0.0.0.255 area 0R2(co nfig-router)# network 193.168.1.0 0.0.0.255 area 1R2(c on fig-router)#area 0 auth message-digestR2(c

14、 on fig-router)#area 1 auth message-digestR1配置R1(co nfig)#i nt s1/1R1(c on fig-if)#ip ospf message-digest-key 1 md5 ciscoR1(co nfig-if)#exitR1(co nfig)#router ospf 64R1(co nfig-router)# network 192.168.1.0 0.0.0.255 area 0R1(c on fig-router)#area 0 auth message-digestR3配置R3(co nfig)#i nt s1/0R3(c on

15、 fig-if)#ip ospf message-digest-key 1 md5 ciscoR3(co nfig-if)#exitR3(co nfig)#router ospf 64R3(co nfig-router)# network 193.168.1.0 0.0.0.255 area 1R3(c on fig-router)#area 1 auth message-digest路由之间交换路由更新时使用MD5加密配置IP地址R1:R1(config-if)#ip address 192.168.1.2 255.255.255.0FaO/OFaO/OSJL/JLSl/OSl/2Sl/2I四、身份认证p配置配置R1的ipR1(config)#int s1/1R1(c on fig-if)#ip address

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 学术论文 > 其它学术论文

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号