Two physical hosts are used to simulate the company and home network respectively. Both physical hosts are connected to a TP-link home Broadband Router to simulate the Internet environment. Two virtual NICs are bound to one vmwarevm respectively. The purpose is to achieve access between two vmwarevms through VPN. Company-side network topology company-side router configuration: Building configuration... Current configuration: 1716 bytes! Version 12.3 service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption! Hostname R1! Boot-start-markerboot-end-marker !! Aaa new-model !! Aaa authorization network vpn-client-user localaaa session-id commonip subnet-zero !!!! No ip domain lookupip ssh break-stringip audit permission y logip audit po max-events 100no ftp-server write-enable !!!!!!!!!!!!!!!! Crypto isakmp policy 1 encr aes hash md5 authentication pre-share! Crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 192.168.0.50! Crypto isakmp client configuration group vpn-client-user key cisco pool VPNDHCP !! Crypto ipsec transform-set benet ah-md5-hmac esp-aescrypto ipsec transform-set R1 esp-3des esp-sha-hmac! Crypto dynamic-map dyvpn 10 set transform-set R1 reverse-route !! Crypto map map1 1 ipsec-isakmp set peer 192.168.0.50 set transform-set benet match address 101! Crypto map dyvpn isakmp authorization list vpn-client-usercrypto map dyvpn client configuration address respondcrypto map dyvpn 1 ipsec-isakmp dynamic dyvpn !!!!! Interface FastEthernet0/0 ip address 192.168.0.254 255.255.255.0 duplex auto speed auto crypto map dyvpn! Interface FastEthernet0/1 ip address 192.168.3.1 255.255.255.0 duplex auto speed auto crypto map map1! Ip local pool VPNDHCP 192.168.3.100 192.168.3.150ip classlessip route 0.0.0.0 0.0.0.0 192.168.0.50! No ip http serverno ip http secure-server !! Access-list 101 permit ip host 192.168.3.200 host 172.16.0.200 !!!! Control-plane !!!!!!!!! Line con 0 exec-timeout 0 0 logging synchronousline aux 0 line vty 0 4 !! The network topology of the end household router is configured as follows: Current configuration: 1010 bytes! Version 12.3 service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption! Hostname R1! Boot-start-markerboot-end-marker !! No aaa new-modelip subnet-zero !!!! No ip domain lookupip ssh break-stringip audit permission y logip audit po max-events 100no ftp-server write-enable !!!!!!!!!!!!!!! No crypto isakmp enable !!!!! Interface FastEthernet0/0 ip address 192.168.0.50 255.255.255.0 duplex auto speed auto! Interface FastEthernet0/1 ip address 172.16.0.1 255.255.0.0 ip nat inside duplex auto speed auto! Ip nat pool djy 192.168.0.200 192.168.0.220 netmask 255.255.255.0ip nat inside source list 1 pool djy overloadip classlessip route 0.0.0.0 0.0.0.0 192.168.0.254! No ip http serverno ip http secure-server !! Access-list 1 permit 172.16.0.0 0.0.255 !!!! Control-plane !!!!!!!!! Line con 0 exec-timeout 0 0 logging synchronousline aux 0 line vty 0 4 !! The end Cisco vpn client is configured as follows:
Reference: http://www.bkjia.com/net/201209/156449.html