GNS3配置Staticp2pGREoverIPsec-创新互联
1、实验拓扑
创新互联是一家专业提供道里企业网站建设,专注与网站设计、网站建设、HTML5建站、小程序制作等业务。10年已为道里众多企业、政府机构等服务。创新互联专业网站设计公司优惠进行中。2、基础网络配置
R1配置:
interface FastEthernet0/0
ip address 12.1.1.1 255.255.255.0
interface FastEthernet1/0
ip address 13.1.1.1 255.255.255.0
R2配置:
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.0
interface FastEthernet1/0
ip address 172.16.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.1.1.1
R3配置:
interface FastEthernet0/0
ip address 13.1.1.3 255.255.255.0
interface FastEthernet1/0
ip address 192.168.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 13.1.1.1
R4配置:
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.16.1.254
R5配置:
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.1.254
3、配置Static p2p GRE over IPsec
3.1、配置GRE
R2配置:
interface Tunnel2
ip address 1.1.1.1 255.255.255.0
tunnel source 12.1.1.2
tunnel destination 13.1.1.3
R3配置:
interface Tunnel3
ip address 1.1.1.2 255.255.255.0
tunnel source 13.1.1.3
tunnel destination 12.1.1.2
3.2、配置LAN-TO-LAN ×××(此时的ACL与普通的LAN-TO-LAN ×××有差异)
R2配置:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 13.1.1.3
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
access-list 100 permit gre host 12.1.1.2 host 13.1.1.3
crypto map mymap 1 ipsec-isakmp
set peer 13.1.1.3
set transform-set ccie
match address 100
interface FastEthernet0/0
crypto map mymap
R3配置:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 12.1.1.2
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
access-list 100 permit gre host 13.1.1.3 host 12.1.1.2
crypto map mymap 1 ipsec-isakmp
set peer 12.1.1.2
set transform-set ccie
match address 100
interface FastEthernet0/0
crypto map mymap
3.3、配置动态路由协议(此时私网流量走的都是隧道。)
R2配置:
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
R3配置:
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
4、NAT对Static p2p GRE over IPsec的影响
通过上面得知,内网流量走的都是GRE隧道,所以,当NAT应用在物理口时对Static p2p GRE over IPsec是没有影响的。但当NAT应用在Tunnel口时,必须将内网网段排除。
另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
分享文章:GNS3配置Staticp2pGREoverIPsec-创新互联
网页链接:http://cdiso.cn/article/dogsij.html