SE 2014年5月27日
R1模拟总部,R2 与R3模拟分部
如图配置
要求使用 GRE over IPSec VPN 主模式,启用动态路由协议rip使得总部与两分部内网可相互通讯,但要求分部用户数据流不允许互通!
步骤:
1、 完成GRE隧道的配置
[RT1-Tunnel10]ip add 10.0.1.1 24
[[RT1-Tunnel10]source 67.61.1.1
[RT1-Tunnel10]destination 202.112.1.1
[RT1-Tunnel10]keepalive
[RT4-Tunnel10]ip add 10.0.1.2 24
[RT4-Tunnel10]source 202.112.1.1
[RT4-Tunnel10]destination 67.61.1.1
[RT1-Tunnel20]ip add 10.0.2.1 24
[RT1-Tunnel20]source 67.61.1.1
[RT1-Tunnel20]destination 202.112.2.1
[RT3-Tunnel20]ip add 10.0.2.2 24
[RT3-Tunnel20]source 202.112.2.1
[RT3-Tunnel20]destination 67.61.1.1
[RT3-Tunnel20]keepalive
2、 配置RIP协议
[RT1-rip-1]version 2
[RT1-rip-1]undo summary
[RT1-rip-1]network 172.16.0.0
[RT1-rip-1]network 10.0.1.0
[RT3-rip-1]version 2
[RT3-rip-1]undo summary
[RT3-rip-1]network 192.168.2.0
[RT3-rip-1]network 10.0.0.0
[RT4-rip-1]version 2
[RT4-rip-1]undo summary
[RT4-rip-1]network 10.0.0.0
[RT4-rip-1]network 192.168.1.0
3、 配置IKE peer
[RT1-ike-peer-rt4]proposal 1
[RT1-ike-peer-rt4]pre-shared-key simple cisco
[RT1-ike-peer-rt4]remote-address 202.112.1.1
[RT1-ike-peer-rt3]proposal 2
[RT1-ike-peer-rt3]pre-shared-key simple cisco
[RT1-ike-peer-rt3]remote-address 202.112.2.1
[RT4-ike-peer-rt1]proposal 1
[RT4-ike-peer-rt1]pre-shared-key simple cisco
[RT4-ike-peer-rt1]remote-address 67.61.1.1
[RT3-ike-peer-rt1]proposal 1
[RT3-ike-peer-rt1]pre-shared-key simple cisco
[RT3-ike-peer-rt1]remote-address 67.61.1.1
4、 配置 ipsec
policy
[RT1-acl-adv-3001]rule permit ip source 67.61.1.1 0
destination 202.112.1.1 0
[RT1-acl-adv-3002]rule permit ip source 67.61.1.1 0
destination 202.112.1.1 0
[RT1-ipsec-policy-isakmp-h3c-1]security acl 3001
[RT1-ipsec-policy-isakmp-h3c-1]ike-peer rt4
[RT1-ipsec-policy-isakmp-h3c-1]proposal rt4
[RT1-ipsec-policy-isakmp-h3c-2]security acl 3002
[RT1-ipsec-policy-isakmp-h3c-2]ike-peer rt3
[RT1-ipsec-policy-isakmp-h3c-2]proposal rt3
[RT3-acl-adv-3000]rule permit ip source 202.112.1.1 0
destination 67.61.1.1 0
[RT3-ipsec-policy-isakmp-h3c-1]security acl 3000
[RT3-ipsec-policy-isakmp-h3c-1]ike-peer rt1
[RT3-ipsec-policy-isakmp-h3c-1]proposal 1
[RT4-acl-adv-3000]rule permit ip source 202.112.2.1 0
destination 67.61.1.1 0
[RT4-ipsec-policy-isakmp-h3c-1]security acl 3000
[RT4-ipsec-policy-isakmp-h3c-1]ike-peer rt1
[RT4-ipsec-policy-isakmp-h3c-1]proposal 1
5、 应用ipsec
policy到接口
[RT1-GigabitEthernet0/0/0]ipsec policy h3c
[RT3-GigabitEthernet0/0/3]ipsec policy h3c
[RT4-GigabitEthernet0/0/2]ipsec policy h3c
6、 过滤RIP路由
[RT1-acl-basic-2000]rule deny source 192.168.2.0 0.0.0.255
[RT1-acl-basic-2000]rule deny source 192.168.1.0 0.0.0.255
[RT1-rip-1]filter-policy 2000 export
7、 测试
192.168.1.100 ping
172.16.1.100
192.168.2.100 ping 172.16.1.100
查看RT4的路由表
查看RT1的IKE SA
最新文章
- AD10的PCB设计规则
- Hadoop blocks
- cookie、 sessionStorage 、localStorage之间的区别和使用
- (任寒韬)WebApp群主 - MobileTech 资料
- java常量池
- ubuntu下mysql中文乱码问题
- PHP 数组处理
- [转载] Java NIO与IO
- WEB前端学习代码片段记录
- jquery延迟加载(懒加载)插件
- Redhat/CentOS7-环境虚拟机简单搭建Nginx+Tomcat负载均衡集群
- 缓存session,cookie,sessionStorage,localStorage的区别
- https Java SSL Exception protocol_version
- React文档(五)组件和props
- 第10章 网络安全(3)_安全套接字层SSL
- J2EE架构
- 初识Java ThreadLocal
- 【 Linux 】单台服务器上并发TCP连接数
- column count of mysql.proc is wrong. expected 20,found 16. the table is probably corruptd.
- 人脸识别(基于Caffe)
热门文章
- h和.cpp文件的区别
- listbox多选实现上下移动 js版和服务器版
- Citrix 服务器虚拟化之三十二 XenConvert
- python与其它语言进行比較
- LinearLayout具体解释二:LinearLayout的创建过程以及状态全程解析
- 【Unity3D自学记录】Unity3D网络之Socket聊天室初探
- .Net 配置文件——继承ConfigurationSection实现自己定义处理类处理自己定义配置节点
- 【ASP.NET Web API教程】5.4 ASP.NET Web API批处理器
- [Android学习笔记]try-catch
- Error: 17053 LogWriter: Operating system error 21(The device is not ready.)