实验拓扑图:
![]
实验目的:
武汉分公司和哈尔滨总部通过ipsec v p n 建立连接,实现两边内网互相访问。
主要记录ipsec的配置。
预先配置好模拟环境,武汉和哈尔滨的pc可以正常去访问公网,也就是这个区域的网络
武汉出口路由配置:
<wuhan-r>dis ip rout | in Sta
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 222.73.1.1 GigabitEthernet0/0/0
192.168.0.0/16 Static 60 0 RD 1.1.1.2 GigabitEthernet0/0/1
<wuhan-r>哈尔滨出口路由配置:
<wuhan-r>dis ip rout | in Sta
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 222.73.1.1 GigabitEthernet0/0/0
192.168.0.0/16 Static 60 0 RD 1.1.1.2 GigabitEthernet0/0/1
<wuhan-r>武汉nat配置:
<wuhan-r>dis acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 10 permit source 192.168.0.0 0.0.255.255
<wuhan-r>dis nat ou
<wuhan-r>dis nat outbound
NAT Outbound Information:
-------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
-------------------------------------------------------------------------
GigabitEthernet0/0/0 2000 222.73.1.2 easyip
-------------------------------------------------------------------------
Total : 1
<wuhan-r>哈尔滨nat配置:
<haerb-r>dis acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 10 permit source 172.16.0.0 0.0.255.255
<haerb-r>dis nat out
<haerb-r>dis nat outbound
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
GigabitEthernet0/0/0 2000 180.73.2.2 easyip
--------------------------------------------------------------------------
Total : 1
<haerb-r>二层配置不做介绍。
现在武汉和哈尔滨内部pc可以正常上网。但是武汉和哈尔滨pc不能相互访问,这个时候配置ipsec v pn实现武汉和哈尔滨能内网能相互访问。