zoukankan      html  css  js  c++  java

  • SE 2014年5月27日

    R1模拟总部,R2 与R3模拟分部
    如图配置


    要求使用 GRE over IPSec VPN 主模式,启用动态路由协议rip使得总部与两分部内网可相互通讯,但要求分部用户数据流不允许互通!

    步骤:

    1、  完成GRE隧道的配置

    [RT1-Tunnel10]ip add 10.0.1.1 24

    [[RT1-Tunnel10]source 67.61.1.1

    [RT1-Tunnel10]destination 202.112.1.1

    [RT1-Tunnel10]keepalive

    [RT4-Tunnel10]ip add 10.0.1.2 24

    [RT4-Tunnel10]source 202.112.1.1

    [RT4-Tunnel10]destination 67.61.1.1

    [RT1-Tunnel20]ip add 10.0.2.1 24

    [RT1-Tunnel20]source 67.61.1.1

    [RT1-Tunnel20]destination 202.112.2.1

    [RT3-Tunnel20]ip add 10.0.2.2 24

    [RT3-Tunnel20]source 202.112.2.1

    [RT3-Tunnel20]destination 67.61.1.1

    [RT3-Tunnel20]keepalive

    2、  配置RIP协议

    [RT1-rip-1]version 2

    [RT1-rip-1]undo summary

    [RT1-rip-1]network 172.16.0.0

    [RT1-rip-1]network 10.0.1.0

    [RT3-rip-1]version 2

    [RT3-rip-1]undo summary

    [RT3-rip-1]network 192.168.2.0

    [RT3-rip-1]network 10.0.0.0

    [RT4-rip-1]version 2

    [RT4-rip-1]undo summary

    [RT4-rip-1]network 10.0.0.0

    [RT4-rip-1]network 192.168.1.0

    3、  配置IKE peer

    [RT1-ike-peer-rt4]proposal 1

    [RT1-ike-peer-rt4]pre-shared-key simple cisco

    [RT1-ike-peer-rt4]remote-address 202.112.1.1

    [RT1-ike-peer-rt3]proposal 2

    [RT1-ike-peer-rt3]pre-shared-key simple cisco

    [RT1-ike-peer-rt3]remote-address 202.112.2.1

    [RT4-ike-peer-rt1]proposal 1

    [RT4-ike-peer-rt1]pre-shared-key simple cisco

    [RT4-ike-peer-rt1]remote-address 67.61.1.1

    [RT3-ike-peer-rt1]proposal 1

    [RT3-ike-peer-rt1]pre-shared-key simple cisco

    [RT3-ike-peer-rt1]remote-address 67.61.1.1

    4、  配置 ipsec policy

    [RT1-acl-adv-3001]rule permit ip source 67.61.1.1 0 destination 202.112.1.1 0

    [RT1-acl-adv-3002]rule permit ip source 67.61.1.1 0 destination 202.112.1.1 0

    [RT1-ipsec-policy-isakmp-h3c-1]security acl 3001

    [RT1-ipsec-policy-isakmp-h3c-1]ike-peer rt4

    [RT1-ipsec-policy-isakmp-h3c-1]proposal rt4

    [RT1-ipsec-policy-isakmp-h3c-2]security acl 3002

    [RT1-ipsec-policy-isakmp-h3c-2]ike-peer rt3

    [RT1-ipsec-policy-isakmp-h3c-2]proposal rt3

    [RT3-acl-adv-3000]rule permit ip source 202.112.1.1 0 destination 67.61.1.1 0

    [RT3-ipsec-policy-isakmp-h3c-1]security acl 3000

    [RT3-ipsec-policy-isakmp-h3c-1]ike-peer rt1

    [RT3-ipsec-policy-isakmp-h3c-1]proposal 1

    [RT4-acl-adv-3000]rule permit ip source 202.112.2.1 0 destination 67.61.1.1 0

    [RT4-ipsec-policy-isakmp-h3c-1]security acl 3000

    [RT4-ipsec-policy-isakmp-h3c-1]ike-peer rt1

    [RT4-ipsec-policy-isakmp-h3c-1]proposal 1

    5、  应用ipsec policy到接口

    [RT1-GigabitEthernet0/0/0]ipsec policy h3c

    [RT3-GigabitEthernet0/0/3]ipsec policy h3c

    [RT4-GigabitEthernet0/0/2]ipsec policy h3c

    6、  过滤RIP路由

    [RT1-acl-basic-2000]rule deny source 192.168.2.0 0.0.0.255

    [RT1-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255

    [RT1-rip-1]filter-policy 2000 export

    7、  测试

    192.168.1.100  ping 172.16.1.100

     

    192.168.2.100 ping 172.16.1.100

    查看RT4的路由表

     

    查看RT1的IKE SA

     
  • 相关阅读:
    LeetCode 230. Kth Smallest Element in a BST
    LeetCode 114. Flatten Binary Tree to Linked List
    LeetCode 222. Count Complete Tree Nodes
    LeetCode 129. Sum Root to Leaf Numbers
    LeetCode 113. Path Sum II
    LeetCode 257. Binary Tree Paths
    Java Convert String & Int
    Java Annotations
    LeetCode 236. Lowest Common Ancestor of a Binary Tree
    LeetCode 235. Lowest Common Ancestor of a Binary Search Tree
  • 原文地址:https://www.cnblogs.com/networking/p/3755966.html
Copyright © 2011-2022 走看看