GRE over IPsec
2013-11-02 21:56
211 查看
----------------------------------上海分公司----------------------------------
R6(config)#interface fastEthernet 0/0
R6(config-if)#ip address 172.17.10.20 255.255.255.0
R6(config-if)#no sh
R6(config)#router eigrp 1
R6(config-router)#no auto-summary
R6(config-router)#network 172.17.10.0 0.0.0.255
R5(config)#interface fastEthernet 0/0
R5(config-if)#ip address 172.17.10.10 255.255.255.0
R5(config-if)#no sh
R5(config)#interface fastEthernet 0/1
R5(config-if)#ip address 10.1.1.5 255.255.255.0
R5(config-if)#no sh
R5(config)#router eigrp 1
R5(config-router)#no auto-summary
R5(config-router)#network 172.17.10.0 0.0.0.255
R5(config-router)#network 10.1.1.0 0.0.0.255
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
R1(config-router)#network 10.1.1.0 0.0.0.255
R1#ping 172.17.10.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.10.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 428/462/480 ms
-----------------------------------Internet-----------------------------------
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no sh
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip address 23.1.1.2 255.255.255.0
R2(config-if)#no sh
R3(config)#interface fastEthernet 0/1
R3(config-if)#ip address 23.1.1.3 255.255.255.0
R3(config-if)#no sh
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 192.168.1.3 255.255.255.0
R3(config-if)#no sh
R3(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/1
R3(config)#router eigrp 1
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.1.0 0.0.0.255
R3#ping 12.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 348/384/424 ms
R3#ping 10.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
-----------------------------------北京总部-----------------------------------
R4(config)#interface fastEthernet 0/0
R4(config-if)#ip address 192.168.1.4 255.255.255.0
R4(config-if)#no sh
R4(config)#interface fastEthernet 0/1
R4(config-if)#ip address 192.168.20.10 255.255.255.0
R4(config-if)#no sh
R4(config)#router eigrp 1
R4(config-router)#no auto-summary
R4(config-router)#network 192.168.1.0 0.0.0.255
R4(config-router)#network 192.168.20.0 0.0.0.255
R7(config)#interface fastEthernet 0/1
R7(config-if)#ip address 192.168.20.20 255.255.255.0
R7(config-if)#no sh
R7(config)#router eigrp 1
R7(config-router)#no auto-summary
R7(config-router)#network 192.168.20.0 0.0.0.255
R7#ping 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 440/596/688 ms
-------------------------------------GRE-------------------------------------
R1(config)#interface tunnel 1
R1(config-if)#ip addr 1.1.1.1 255.255.255.0
R1(config-if)#tunnel source 12.1.1.1
R1(config-if)#tunnel destination 23.1.1.3
R3(config)#interface tunnel 3
R3(config-if)#ip address 1.1.1.3 255.255.255.0
R3(config-if)#tunnel source 23.1.1.3
R3(config-if)#tunnel destination 12.1.1.1
------------------------------------IPsec------------------------------------
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#hash sha
R1(config-isakmp)#group 2
R1(config)#crypto isakmp key 0 cisco address 23.1.1.3
R1(config)#crypto ipsec transform-set SH esp-3des esp-sha-hmac
R1(cfg-crypto-trans)#mode tunnel
R1(config)#ip access-list extended SH-TO-BJ
R1(config-ext-nacl)#permit gre host 12.1.1.1 host 23.1.1.3
R1(config)#crypto map SH_BJ 1 ipsec-isakmp
R1(config-crypto-map)#set peer 23.1.1.3
R1(config-crypto-map)#set transform-set SH
R1(config-crypto-map)#match address SH-TO-BJ
R1(config)#interface fastEthernet 0/0
R1(config-if)#crypto map SH_BJ
R3(config)#crypto isakmp policy 1
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#encryption 3des
R3(config-isakmp)#hash sha
R3(config-isakmp)#group 2
R3(config)#crypto isakmp key 0 cisco address 12.1.1.1
R3(config)#crypto ipsec transform-set BJ esp-3des esp-sha-hmac
R3(cfg-crypto-trans)#mode tunnel
R3(config)#ip access-list extended BJ-TO-SH
R3(config-ext-nacl)#permit gre host 23.1.1.3 host 12.1.1.1
R3(config)#crypto map BJ_SH 1 ipsec-isakmp
R3(config-crypto-map)#set peer 12.1.1.1
R3(config-crypto-map)#set transform-set BJ
R3(config-crypto-map)#match address BJ-TO-SH
R3(config)#interface fastEthernet 0/1
R3(config-if)#crypto map BJ_SH
R7#ping 10.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
-----------------------------------EIGRP-----------------------------------
R1(config)#router eigrp 1
R1(config-router)#network 1.1.1.1 0.0.0.0
R3(config)#router eigrp 1
R3(config-router)#network 1.1.1.3 0.0.0.0
R7#ping 172.17.10.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.10.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1192/1488/1844 ms
R7#traceroute 172.17.10.20
Type escape sequence to abort.
Tracing the route to 172.17.10.20
1 192.168.20.10 104 msec 92 msec 132 msec
2 192.168.1.3 388 msec 24 msec 428 msec
3 1.1.1.1 852 msec 852 msec 1116 msec
4 10.1.1.5 1240 msec 644 msec 1100 msec
5 172.17.10.20 1224 msec 1304 msec 1072 msec
本文出自 “Kingcraft” 博客,请务必保留此出处http://kingcraft.blog.51cto.com/2776630/1319291
R6(config)#interface fastEthernet 0/0
R6(config-if)#ip address 172.17.10.20 255.255.255.0
R6(config-if)#no sh
R6(config)#router eigrp 1
R6(config-router)#no auto-summary
R6(config-router)#network 172.17.10.0 0.0.0.255
R5(config)#interface fastEthernet 0/0
R5(config-if)#ip address 172.17.10.10 255.255.255.0
R5(config-if)#no sh
R5(config)#interface fastEthernet 0/1
R5(config-if)#ip address 10.1.1.5 255.255.255.0
R5(config-if)#no sh
R5(config)#router eigrp 1
R5(config-router)#no auto-summary
R5(config-router)#network 172.17.10.0 0.0.0.255
R5(config-router)#network 10.1.1.0 0.0.0.255
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip address 10.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
R1(config-if)#no sh
R1(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0
R1(config)#router eigrp 1
R1(config-router)#no auto-summary
R1(config-router)#network 10.1.1.0 0.0.0.255
R1#ping 172.17.10.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.10.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 428/462/480 ms
-----------------------------------Internet-----------------------------------
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 12.1.1.2 255.255.255.0
R2(config-if)#no sh
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip address 23.1.1.2 255.255.255.0
R2(config-if)#no sh
R3(config)#interface fastEthernet 0/1
R3(config-if)#ip address 23.1.1.3 255.255.255.0
R3(config-if)#no sh
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 192.168.1.3 255.255.255.0
R3(config-if)#no sh
R3(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/1
R3(config)#router eigrp 1
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.1.0 0.0.0.255
R3#ping 12.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 348/384/424 ms
R3#ping 10.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
-----------------------------------北京总部-----------------------------------
R4(config)#interface fastEthernet 0/0
R4(config-if)#ip address 192.168.1.4 255.255.255.0
R4(config-if)#no sh
R4(config)#interface fastEthernet 0/1
R4(config-if)#ip address 192.168.20.10 255.255.255.0
R4(config-if)#no sh
R4(config)#router eigrp 1
R4(config-router)#no auto-summary
R4(config-router)#network 192.168.1.0 0.0.0.255
R4(config-router)#network 192.168.20.0 0.0.0.255
R7(config)#interface fastEthernet 0/1
R7(config-if)#ip address 192.168.20.20 255.255.255.0
R7(config-if)#no sh
R7(config)#router eigrp 1
R7(config-router)#no auto-summary
R7(config-router)#network 192.168.20.0 0.0.0.255
R7#ping 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 440/596/688 ms
-------------------------------------GRE-------------------------------------
R1(config)#interface tunnel 1
R1(config-if)#ip addr 1.1.1.1 255.255.255.0
R1(config-if)#tunnel source 12.1.1.1
R1(config-if)#tunnel destination 23.1.1.3
R3(config)#interface tunnel 3
R3(config-if)#ip address 1.1.1.3 255.255.255.0
R3(config-if)#tunnel source 23.1.1.3
R3(config-if)#tunnel destination 12.1.1.1
------------------------------------IPsec------------------------------------
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#hash sha
R1(config-isakmp)#group 2
R1(config)#crypto isakmp key 0 cisco address 23.1.1.3
R1(config)#crypto ipsec transform-set SH esp-3des esp-sha-hmac
R1(cfg-crypto-trans)#mode tunnel
R1(config)#ip access-list extended SH-TO-BJ
R1(config-ext-nacl)#permit gre host 12.1.1.1 host 23.1.1.3
R1(config)#crypto map SH_BJ 1 ipsec-isakmp
R1(config-crypto-map)#set peer 23.1.1.3
R1(config-crypto-map)#set transform-set SH
R1(config-crypto-map)#match address SH-TO-BJ
R1(config)#interface fastEthernet 0/0
R1(config-if)#crypto map SH_BJ
R3(config)#crypto isakmp policy 1
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#encryption 3des
R3(config-isakmp)#hash sha
R3(config-isakmp)#group 2
R3(config)#crypto isakmp key 0 cisco address 12.1.1.1
R3(config)#crypto ipsec transform-set BJ esp-3des esp-sha-hmac
R3(cfg-crypto-trans)#mode tunnel
R3(config)#ip access-list extended BJ-TO-SH
R3(config-ext-nacl)#permit gre host 23.1.1.3 host 12.1.1.1
R3(config)#crypto map BJ_SH 1 ipsec-isakmp
R3(config-crypto-map)#set peer 12.1.1.1
R3(config-crypto-map)#set transform-set BJ
R3(config-crypto-map)#match address BJ-TO-SH
R3(config)#interface fastEthernet 0/1
R3(config-if)#crypto map BJ_SH
R7#ping 10.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
-----------------------------------EIGRP-----------------------------------
R1(config)#router eigrp 1
R1(config-router)#network 1.1.1.1 0.0.0.0
R3(config)#router eigrp 1
R3(config-router)#network 1.1.1.3 0.0.0.0
R7#ping 172.17.10.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.17.10.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1192/1488/1844 ms
R7#traceroute 172.17.10.20
Type escape sequence to abort.
Tracing the route to 172.17.10.20
1 192.168.20.10 104 msec 92 msec 132 msec
2 192.168.1.3 388 msec 24 msec 428 msec
3 1.1.1.1 852 msec 852 msec 1116 msec
4 10.1.1.5 1240 msec 644 msec 1100 msec
5 172.17.10.20 1224 msec 1304 msec 1072 msec
本文出自 “Kingcraft” 博客,请务必保留此出处http://kingcraft.blog.51cto.com/2776630/1319291
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 