1�、實驗拓撲
10年積累的成都網(wǎng)站制作、成都做網(wǎng)站經(jīng)驗�����,可以快速應(yīng)對客戶對網(wǎng)站的新想法和需求�����。提供各種問題對應(yīng)的解決方案�����。讓選擇我們的客戶得到更好�、更有力的網(wǎng)絡(luò)服務(wù)�����。我雖然不認識你��,你也不認識我���。但先建設(shè)網(wǎng)站后付款的網(wǎng)站建設(shè)流程�����,更有蓮都免費網(wǎng)站建設(shè)讓你可以放心的選擇與我們合作��。
2�����、基礎(chǔ)網(wǎng)絡(luò)配置
R1配置:
interface FastEthernet0/0
ip address 12.1.1.1 255.255.255.0
interface FastEthernet1/0
ip address 13.1.1.1 255.255.255.0
R2配置:
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.0
interface FastEthernet1/0
ip address 172.16.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.1.1.1
R3配置:
interface FastEthernet0/0
ip address 13.1.1.3 255.255.255.0
interface FastEthernet1/0
ip address 192.168.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 13.1.1.1
R4配置:
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.16.1.254
R5配置:
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.1.254
3�、配置Static p2p GRE over IPsec
3.1、配置GRE
R2配置:
interface Tunnel2
ip address 1.1.1.1 255.255.255.0
tunnel source 12.1.1.2
tunnel destination 13.1.1.3
R3配置:
interface Tunnel3
ip address 1.1.1.2 255.255.255.0
tunnel source 13.1.1.3
tunnel destination 12.1.1.2
3.2�、配置LAN-TO-LAN ×××(此時的ACL與普通的LAN-TO-LAN ×××有差異)
R2配置:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 13.1.1.3
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
access-list 100 permit gre host 12.1.1.2 host 13.1.1.3
crypto map mymap 1 ipsec-isakmp
set peer 13.1.1.3
set transform-set ccie
match address 100
interface FastEthernet0/0
crypto map mymap
R3配置:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 12.1.1.2
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
access-list 100 permit gre host 13.1.1.3 host 12.1.1.2
crypto map mymap 1 ipsec-isakmp
set peer 12.1.1.2
set transform-set ccie
match address 100
interface FastEthernet0/0
crypto map mymap
3.3、配置動態(tài)路由協(xié)議(此時私網(wǎng)流量走的都是隧道��。)
R2配置:
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
R3配置:
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
4�����、NAT對Static p2p GRE over IPsec的影響
通過上面得知�����,內(nèi)網(wǎng)流量走的都是GRE隧道��,所以���,當(dāng)NAT應(yīng)用在物理口時對Static p2p GRE over IPsec是沒有影響的。但當(dāng)NAT應(yīng)用在Tunnel口時��,必須將內(nèi)網(wǎng)網(wǎng)段排除���。
文章名稱:GNS3配置Staticp2pGREoverIPsec
當(dāng)前URL:
http://weahome.cn/article/jsgpdc.html
重慶分公司
重慶分公司
