[DCN]IPSEC-GRE VPN实验

企业开发 2024-11-02 19:05:04 阅读次数: 0

FW1 与 RT2 之间用 Internet 互联地址建立 GRE Over IPSec VPN,实现 Loopback4 之间的加密访问。RT2 的 ACL 名称为 ACL-VPN,transform-set 名称为 SET-1,crypto map 名称为 MAP-1。FW1 的isakmp proposal 名称为 P-1,isakmp peer 名称为 PEER-1,ipsecproposal 名称为 P-2,tunnel ipsec 名称为 IPSEC-1,tunnel gre 名称为 GRE-1。

SW3

ip vrf Internet
rd 2:2
!

vlan  1017;1018

interface ethernet 1/0/17
switchport access vlan 1017
!

interface ethernet 1/0/18
switchport access vlan 1018
!

interface vlan 1017
ip vrf forwarding Internet 
ip address 200.200.200.1 255.255.255.252
!

interface vlan 1018
ip vrf forwarding Internet 
ip address 200.200.200.5 255.255.255.252
!

ip route vrf Internet 0.0.0.0 0.0.0.0 200.200.200.2
ip route vrf Internet 0.0.0.0 0.0.0.0 200.200.200.6

RT2

interface Loopback 1
ip address 10.4.6.1 255.255.255.255
!

interface Loopback 4
ip address 10.4.6.4 255.255.255.255
!

interface GigaEthernet 0/2
ip address 200.200.200.6 255.255.255.252
!

interface Tunnel 4 
ip address 10.4.255.50 255.255.255.252
tunnel source 200.200.200.6
tunnel destination 200.200.200.2
!

ip route default 200.200.200.5  使得物理链路连通
ip route 10.4.7.4 255.255.255.255 Tunnel4 设置静态路由使目的为10.4.7.4 的流量从Tunnel4发出



crypto isakmp key 0 Key-1122 address 200.200.200.2 255.255.255.252 
crypto isakmp policy 10
 authentication pre-share 设置认证方式为预共享密钥
 encryption 3des 封装格式为3des
 hash md5 哈希算法为md5
 lifetime 4000 生存时间为4000
!

crypto ipsec transform-set SET-1 esp-3des esp-md5-hmac esp验证算法为md5,加密算法为3des
 mode transport 传输模式
!

crypto map MAP-1 10 ipsec-isakmp
 match address ACL-VPN
 set peer 200.200.200.2
 set transform-set SET-1
!

ip access-list extended ACL-VPN
 permit gre 200.200.200.6 255.255.255.252 200.200.200.2 255.255.255.252 sequence 10
!

interface GigaEthernet0/2
crypto map MAP-1 绑定加密组
!

FW1

rule id 1
  action permit
  src-addr "Any"
  dst-addr "Any"
  service "Any"
exit
interface ethernet0/3
  zone  "untrust"
  ip address 200.200.200.2 255.255.255.252
  manage ping
exit
interface loopback1
  zone  "trust"
  ip address 10.4.7.1 255.255.255.255
  manage ssh
  manage ping
exit
interface loopback4
  zone  "trust"
  ip address 10.4.7.4 255.255.255.255
  manage ping
  manage ssh
exit
interface tunnel4
  zone  "VPNHub"
  ip address 10.4.255.49 255.255.255.252
  manage ping
exit
ip vrouter "trust-vr"
	ip route 10.4.6.4/32 10.3.255.50
  ip route 0.0.0.0/0 200.200.200.1
exit

 

 

 

 

 

 

 

tunnel gre "GRE-1"
  source 200.200.200.2
  destination 200.200.200.6
  interface ethernet0/3
  next-tunnel ipsec IPSEC-1
exit
interface tunnel4
  tunnel gre "GRE-1" gw 10.4.255.50 对端隧道地址
exit

猜你喜欢

转载自blog.csdn.net/Iustinianu/article/details/141070405
今日推荐
周排行
Android图片与下拉框
java常用的设计模式之单例模式
zabbix自动化监控之自动注册
杨老师课堂之Excel VBA 程序开发第八讲使用工作表函数
Android 去掉底部虚拟导航栏
Android Studio 3.2 Beta 4 发布,功能改进和修复
Linux-3.5_总线驱动设备
Qt QTableView QStandardItemModel用法
session处理
分享几个实用的方法
每日归档
更多
2025-02-06(0)
2025-02-05(0)
2025-02-04(0)
2025-02-03(0)
2025-02-02(0)
2025-02-01(0)
2025-01-31(0)
2025-01-30(0)
2025-01-29(0)
2025-01-28(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022