zoukankan      html  css  js  c++  java

  • SE 2014年5月27日

    R1模拟总部,R2 与R3模拟分部
    如图配置


    要求使用 GRE over IPSec VPN 主模式,启用动态路由协议rip使得总部与两分部内网可相互通讯,但要求分部用户数据流不允许互通!

    步骤:

    1、  完成GRE隧道的配置

    [RT1-Tunnel10]ip add 10.0.1.1 24

    [[RT1-Tunnel10]source 67.61.1.1

    [RT1-Tunnel10]destination 202.112.1.1

    [RT1-Tunnel10]keepalive

    [RT4-Tunnel10]ip add 10.0.1.2 24

    [RT4-Tunnel10]source 202.112.1.1

    [RT4-Tunnel10]destination 67.61.1.1

    [RT1-Tunnel20]ip add 10.0.2.1 24

    [RT1-Tunnel20]source 67.61.1.1

    [RT1-Tunnel20]destination 202.112.2.1

    [RT3-Tunnel20]ip add 10.0.2.2 24

    [RT3-Tunnel20]source 202.112.2.1

    [RT3-Tunnel20]destination 67.61.1.1

    [RT3-Tunnel20]keepalive

    2、  配置RIP协议

    [RT1-rip-1]version 2

    [RT1-rip-1]undo summary

    [RT1-rip-1]network 172.16.0.0

    [RT1-rip-1]network 10.0.1.0

    [RT3-rip-1]version 2

    [RT3-rip-1]undo summary

    [RT3-rip-1]network 192.168.2.0

    [RT3-rip-1]network 10.0.0.0

    [RT4-rip-1]version 2

    [RT4-rip-1]undo summary

    [RT4-rip-1]network 10.0.0.0

    [RT4-rip-1]network 192.168.1.0

    3、  配置IKE peer

    [RT1-ike-peer-rt4]proposal 1

    [RT1-ike-peer-rt4]pre-shared-key simple cisco

    [RT1-ike-peer-rt4]remote-address 202.112.1.1

    [RT1-ike-peer-rt3]proposal 2

    [RT1-ike-peer-rt3]pre-shared-key simple cisco

    [RT1-ike-peer-rt3]remote-address 202.112.2.1

    [RT4-ike-peer-rt1]proposal 1

    [RT4-ike-peer-rt1]pre-shared-key simple cisco

    [RT4-ike-peer-rt1]remote-address 67.61.1.1

    [RT3-ike-peer-rt1]proposal 1

    [RT3-ike-peer-rt1]pre-shared-key simple cisco

    [RT3-ike-peer-rt1]remote-address 67.61.1.1

    4、  配置 ipsec policy

    [RT1-acl-adv-3001]rule permit ip source 67.61.1.1 0 destination 202.112.1.1 0

    [RT1-acl-adv-3002]rule permit ip source 67.61.1.1 0 destination 202.112.1.1 0

    [RT1-ipsec-policy-isakmp-h3c-1]security acl 3001

    [RT1-ipsec-policy-isakmp-h3c-1]ike-peer rt4

    [RT1-ipsec-policy-isakmp-h3c-1]proposal rt4

    [RT1-ipsec-policy-isakmp-h3c-2]security acl 3002

    [RT1-ipsec-policy-isakmp-h3c-2]ike-peer rt3

    [RT1-ipsec-policy-isakmp-h3c-2]proposal rt3

    [RT3-acl-adv-3000]rule permit ip source 202.112.1.1 0 destination 67.61.1.1 0

    [RT3-ipsec-policy-isakmp-h3c-1]security acl 3000

    [RT3-ipsec-policy-isakmp-h3c-1]ike-peer rt1

    [RT3-ipsec-policy-isakmp-h3c-1]proposal 1

    [RT4-acl-adv-3000]rule permit ip source 202.112.2.1 0 destination 67.61.1.1 0

    [RT4-ipsec-policy-isakmp-h3c-1]security acl 3000

    [RT4-ipsec-policy-isakmp-h3c-1]ike-peer rt1

    [RT4-ipsec-policy-isakmp-h3c-1]proposal 1

    5、  应用ipsec policy到接口

    [RT1-GigabitEthernet0/0/0]ipsec policy h3c

    [RT3-GigabitEthernet0/0/3]ipsec policy h3c

    [RT4-GigabitEthernet0/0/2]ipsec policy h3c

    6、  过滤RIP路由

    [RT1-acl-basic-2000]rule deny source 192.168.2.0 0.0.0.255

    [RT1-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255

    [RT1-rip-1]filter-policy 2000 export

    7、  测试

    192.168.1.100  ping 172.16.1.100

     

    192.168.2.100 ping 172.16.1.100

    查看RT4的路由表

     

    查看RT1的IKE SA

     
  • 相关阅读:
    paip.关于动画特效原理 html js 框架总结
    paip.utf-8,unicode编码的本质输出unicode文件原理 python
    paip.多维理念 输入法的外码输入理论跟文字输出类型精髓
    paip.前端加载时间分析之道优化最佳实践
    paip.输入法编程--英文ati化By音标原理与中文atiEn处理流程 python 代码为例
    paip.导入数据英文音标到数据库mysql为空的问题之道解决原理
    paip.元数据驱动的转换-读取文件行到个list理念 uapi java php python总结
    paip.python3 的类使用跟python2 的不同之处
    paip.日志中文编码原理问题本质解决python
    paip.性能跟踪profile原理与架构与本质-- python扫带java php
  • 原文地址:https://www.cnblogs.com/networking/p/3755966.html
Copyright © 2011-2022 走看看