成都网站建设设计

将想法与焦点和您一起共享

GNS3配置Staticp2pGREoverIPsec

1、实验拓扑

10年积累的成都网站制作、成都做网站经验,可以快速应对客户对网站的新想法和需求。提供各种问题对应的解决方案。让选择我们的客户得到更好、更有力的网络服务。我虽然不认识你,你也不认识我。但先建设网站后付款的网站建设流程,更有莲都免费网站建设让你可以放心的选择与我们合作。

GNS3 配置Static p2p GRE over IPsec

2、基础网络配置

R1配置:

interface FastEthernet0/0

 ip address 12.1.1.1 255.255.255.0

interface FastEthernet1/0

 ip address 13.1.1.1 255.255.255.0

R2配置:

interface FastEthernet0/0

 ip address 12.1.1.2 255.255.255.0

interface FastEthernet1/0

 ip address 172.16.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 12.1.1.1

R3配置:

interface FastEthernet0/0

 ip address 13.1.1.3 255.255.255.0

interface FastEthernet1/0

 ip address 192.168.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 13.1.1.1

R4配置:

interface FastEthernet0/0

 ip address 172.16.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.16.1.254

R5配置:

interface FastEthernet0/0

 ip address 192.168.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.1.254

3、配置Static p2p GRE over IPsec

3.1、配置GRE

R2配置:

interface Tunnel2

 ip address 1.1.1.1 255.255.255.0

 tunnel source 12.1.1.2

 tunnel destination 13.1.1.3

R3配置:

interface Tunnel3

 ip address 1.1.1.2 255.255.255.0

 tunnel source 13.1.1.3

 tunnel destination 12.1.1.2

3.2、配置LAN-TO-LAN ×××(此时的ACL与普通的LAN-TO-LAN ×××有差异)

R2配置:

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco123 address 13.1.1.3

crypto ipsec transform-set ccie esp-3des esp-sha-hmac 

access-list 100 permit gre host 12.1.1.2 host 13.1.1.3

crypto map mymap 1 ipsec-isakmp 

 set peer 13.1.1.3

 set transform-set ccie 

 match address 100

interface FastEthernet0/0

 crypto map mymap

R3配置:

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco123 address 12.1.1.2

crypto ipsec transform-set ccie esp-3des esp-sha-hmac 

access-list 100 permit gre host 13.1.1.3 host 12.1.1.2

crypto map mymap 1 ipsec-isakmp 

 set peer 12.1.1.2

 set transform-set ccie 

 match address 100

interface FastEthernet0/0

 crypto map mymap

3.3、配置动态路由协议(此时私网流量走的都是隧道。)

R2配置:

router ospf 1

 network 1.1.1.0 0.0.0.255 area 0

 network 172.16.1.0 0.0.0.255 area 0

R3配置:

router ospf 1

 network 1.1.1.0 0.0.0.255 area 0

 network 192.168.1.0 0.0.0.255 area 0

GNS3 配置Static p2p GRE over IPsec

GNS3 配置Static p2p GRE over IPsec

4、NAT对Static p2p GRE over IPsec的影响

通过上面得知,内网流量走的都是GRE隧道,所以,当NAT应用在物理口时对Static p2p GRE over IPsec是没有影响的。但当NAT应用在Tunnel口时,必须将内网网段排除。


网页标题:GNS3配置Staticp2pGREoverIPsec
URL地址:http://chengdu.cdxwcx.cn/article/jsgpdc.html