时间:2021-07-01 10:21:17 帮助过:104人阅读
650) this.width=650;" onclick='window.open("http://blog.51cto.com/viewpic.php?refimg=" + this.src)' alt="" border="0" src="http://cdn.verydemo.com/upload/2013_05_27/13695968912170.jpg" /> 配置如下: R1#show run Building configuration... !
配置如下:
R1#show run
Building configuration...
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key 6 cisco address 200.1.1.6
!
crypto ipsec transform-set sec esp-des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 200.1.1.6
set transform-set sec
match address 100
!
interface Tunnel1
ip address 172.16.1.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 200.1.1.6
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.252
duplex full
crypto map vpn
!
router rip
version 2
network 172.16.0.0
network 192.168.1.0
network 192.168.3.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
access-list 100 permit gre host 200.1.1.6 host 200.1.1.1
R3#show run
Building configuration...
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key 6 cisco address 200.1.1.1
!
crypto ipsec transform-set sec esp-des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 200.1.1.1
set transform-set sec
match address 100
!
interface Tunnel2
ip address 172.16.1.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 200.1.1.1
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 200.1.1.6 255.255.255.252
duplex full
crypto map vpn
!
router rip
version 2
network 172.16.0.0
network 192.168.2.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
access-list 100 permit gre host 200.1.1.6 host 200.1.1.1
!
*GRE over IPSEC VPN一般使用传输模式。
*创建的tunnel中的源目的地址为公网地址。
*ACL定义感兴趣的流量,协议为GRE,源目的地址为公网地址。
*路由应宣告tunnel的地址,而不是公网地址。
aha飞扬个人主页