1、實(shí)驗(yàn)拓?fù)?/p>
成都創(chuàng)新互聯(lián)服務(wù)項(xiàng)目包括成安網(wǎng)站建設(shè)、成安網(wǎng)站制作、成安網(wǎng)頁制作以及成安網(wǎng)絡(luò)營銷策劃等。多年來,我們專注于互聯(lián)網(wǎng)行業(yè),利用自身積累的技術(shù)優(yōu)勢、行業(yè)經(jīng)驗(yàn)、深度合作伙伴關(guān)系等,向廣大中小型企業(yè)、政府機(jī)構(gòu)等提供互聯(lián)網(wǎng)行業(yè)的解決方案,成安網(wǎng)站推廣取得了明顯的社會效益與經(jīng)濟(jì)效益。目前,我們服務(wù)的客戶以成都為中心已經(jīng)輻射到成安省份的部分城市,未來相信會繼續(xù)擴(kuò)大服務(wù)區(qū)域并繼續(xù)獲得客戶的支持與信任!
2、基礎(chǔ)網(wǎng)絡(luò)配置
R1配置:
ip dhcp excluded-address 13.1.1.1 13.1.1.2
ip dhcp pool net13
network 13.1.1.0 255.255.255.0
default-router 13.1.1.1
interface FastEthernet0/0
ip address 12.1.1.1 255.255.255.0
interface FastEthernet1/0
ip address 13.1.1.1 255.255.255.0
R2配置:
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.0
interface FastEthernet1/0
ip address 172.16.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.1.1.1
R3配置:
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface FastEthernet0/0
ip address dhcp
interface FastEthernet1/0
ip address 192.168.1.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 13.1.1.1
R4配置:
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.16.1.254
R5配置:
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.1.254
3、配置Dynamic p2p GRE over IPsec
3.1、配置GRE
R2配置:
interface Tunnel2
ip address 1.1.1.1 255.255.255.0
tunnel source 12.1.1.2
tunnel destination 3.3.3.3
ip route 3.3.3.3 255.255.255.255 12.1.1.1
這條路由必須配置,這是配置規(guī)則要求的
R3配置:
interface Tunnel3
ip address 1.1.1.2 255.255.255.0
tunnel source Loopback0
tunnel destination 12.1.1.2
3.2、R2配置Dynamic LAN-to-LAN ×××(相對普通的Dynamic LAN-to-LAN ×××多了一條指令)
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
crypto dynamic-map dymap 1
set transform-set ccie
crypto map mymap 1 ipsec-isakmp dynamic dymap (經(jīng)測試,這條指令可以不寫)
crypto map mymap local-address FastEthernet0/0
interface FastEthernet0/0
crypto map mymap
3.3、R3配置LAN-to-LAN ×××(與普通LAN-to-LAN ×××的ACL不同,多了一條指令)
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 12.1.1.2
crypto ipsec transform-set ccie esp-3des esp-sha-hmac
access-list 100 permit gre 3.3.3.0 0.0.0.255 12.1.1.0 0.0.0.255
crypto map mymap 1 ipsec-isakmp
set peer 12.1.1.2
set transform-set ccie
match address 100
crypto map mymap local-address FastEthernet0/0(經(jīng)測試,這條指令可以不寫)
interface FastEthernet0/0
crypto map mymap
3.4、配置動態(tài)路由協(xié)議(此時私網(wǎng)流量走的都是隧道。)
R2配置:
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0
R3配置:
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
4、NAT對Dynamic p2p GRE over IPsec的影響與NAT對Static p2p GRE over IPsec的影響一樣
文章標(biāo)題:GNS3配置Dynamicp2pGREoverIPsec
分享鏈接:http://muchs.cn/article16/pdjcgg.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供網(wǎng)站設(shè)計(jì)、網(wǎng)站改版、ChatGPT、標(biāo)簽優(yōu)化、用戶體驗(yàn)、網(wǎng)站內(nèi)鏈
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請盡快告知,我們將會在第一時間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場,如需處理請聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時需注明來源: 創(chuàng)新互聯(lián)