GNS3配置Dynamicp2pGREoverIPsec-创新互联
1、实验拓扑
专业从事网站设计、做网站,高端网站制作设计,微信小程序定制开发,网站推广的成都做网站的公司。优秀技术团队竭力真诚服务,采用H5技术+CSS3前端渲染技术,响应式网站设计,让网站在手机、平板、PC、微信下都能呈现。建站过程建立专项小组,与您实时在线互动,随时提供解决方案,畅聊想法和感受。2、基础网络配置
R1配置:
ip dhcp excluded-address 13.1.1.1 13.1.1.2
ip dhcp pool net13
network 13.1.1.0 255.255.255.0
default-router 13.1.1.1
interface FastEthernet0/0
ip address 12.1.1.1 255.255.255.0
interface FastEthernet1/0
ip address 13.1.1.1 255.255.255.0
R2配置:
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.0
interface FastEthernet1/0
ip address 172.16.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.1.1.1
R3配置:
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface FastEthernet0/0
ip address dhcp
interface FastEthernet1/0
ip address 192.168.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 13.1.1.1
R4配置:
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.16.1.254
R5配置:
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.1.254
3、配置Dynamic p2p GRE over IPsec
3.1、配置GRE
R2配置:
interface Tunnel2
ip address 1.1.1.1 255.255.255.0
tunnel source 12.1.1.2
tunnel destination 3.3.3.3
ip route 3.3.3.3 255.255.255.255 12.1.1.1
这条路由必须配置,这是配置规则要求的
R3配置:
interface Tunnel3
ip address 1.1.1.2 255.255.255.0
tunnel source Loopback0
tunnel destination 12.1.1.2
3.2、R2配置Dynamic LAN-to-LAN ×××(相对普通的Dynamic LAN-to-LAN ×××多了一条指令)
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
crypto dynamic-map dymap 1
set transform-set ccie
crypto map mymap 1 ipsec-isakmp dynamic dymap (经测试,这条指令可以不写)
crypto map mymap local-address FastEthernet0/0
interface FastEthernet0/0
crypto map mymap
3.3、R3配置LAN-to-LAN ×××(与普通LAN-to-LAN ×××的ACL不同,多了一条指令)
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 12.1.1.2
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
access-list 100 permit gre 3.3.3.0 0.0.0.255 12.1.1.0 0.0.0.255
crypto map mymap 1 ipsec-isakmp
set peer 12.1.1.2
set transform-set ccie
match address 100
crypto map mymap local-address FastEthernet0/0(经测试,这条指令可以不写)
interface FastEthernet0/0
crypto map mymap
3.4、配置动态路由协议(此时私网流量走的都是隧道。)
R2配置:
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
R3配置:
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
4、NAT对Dynamic p2p GRE over IPsec的影响与NAT对Static p2p GRE over IPsec的影响一样
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
名称栏目:GNS3配置Dynamicp2pGREoverIPsec-创新互联
本文来源:http://pwwzsj.com/article/djjigs.html