下面是这次站点到站点GRE over Ipsec VPN的拓扑图,可以在思科模拟器里完成。
一,Site1配置: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Site1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ! ! ip cef no ip domain lookup ip domain name lab.local ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 61.128.1.1 ! ! crypto ipsec transform-set cisco esp-des mode transport ! crypto map cisco 10 ipsec-isakmp set peer 61.128.1.1 set transform-set cisco match address vpn ! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface Tunnel0 ip address 172.16.1.1 255.255.255.0 tunnel source 202.100.1.1 tunnel destination 61.128.1.1 ! interface FastEthernet0/0 ip address 202.100.1.1 255.255.255.0 duplex auto speed auto crypto map cisco ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet2/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet3/0 no ip address shutdown duplex auto speed auto ! router ospf 1 log-adjacency-changes network 1.1.1.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 202.100.1.10 ! ! ! ip access-list extended vpn permit gre host 202.100.1.1 host 61.128.1.1 ! ! ! control-plane ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end 二,Site2配置: version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Site2 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 ! ! ip cef no ip domain lookup ip domain name lab.local ! ! ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 202.100.1.1 ! ! crypto ipsec transform-set cisco esp-des mode transport ! crypto map cisco 10 ipsec-isakmp set peer 202.100.1.1 set transform-set cisco match address vpn ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.0 ! interface Tunnel0 ip address 172.16.1.2 255.255.255.0 tunnel source FastEthernet1/0 tunnel destination 202.100.1.1 ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 ip address 61.128.1.1 255.255.255.0 duplex auto speed auto crypto map cisco ! interface FastEthernet2/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet3/0 no ip address shutdown duplex auto speed auto ! router ospf 1 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0 ! no ip http server no ip http secure-server ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 61.128.1.10 ! ! ! ip access-list extended vpn permit gre host 61.128.1.1 host 202.100.1.1 ! ! ! control-plane line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end |
不良信息举报Q:2000617|Archiver|ROS软路由论坛 ROSABC.com 网络方案网络工程交流
GMT+8, 2025-6-16 22:43 , Processed in 0.120163 second(s), 16 queries .
Powered by Discuz! X3.4
Copyright © 2001-2021, Tencent Cloud.
