GRE over IPSEC VPN

650) this.width=650;" onclick='window.open("http://blog.51cto.com/viewpic.php?refimg=" + this.src)' alt="" border="0" src="http://cdn.verydemo.com/upload/2013_05_27/13695968912170.jpg" /> 配置如下: R1#show run Building configuration... !

配置如下:

R1#show run
Building configuration...

!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key 6 cisco address 200.1.1.6
!
crypto ipsec transform-set sec esp-des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 200.1.1.6
set transform-set sec
match address 100
!
interface Tunnel1
ip address 172.16.1.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 200.1.1.6
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Loopback1
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.252
duplex full
crypto map vpn
!
router rip
version 2
network 172.16.0.0
network 192.168.1.0
network 192.168.3.0
no auto-summary

!

ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!

access-list 100 permit gre host 200.1.1.6 host 200.1.1.1

R3#show run
Building configuration...

!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key 6 cisco address 200.1.1.1
!
crypto ipsec transform-set sec esp-des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 200.1.1.1
set transform-set sec
match address 100
!
interface Tunnel2
ip address 172.16.1.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 200.1.1.1

!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 200.1.1.6 255.255.255.252
duplex full
crypto map vpn
!
router rip
version 2
network 172.16.0.0
network 192.168.2.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
no ip http secure-server
!
access-list 100 permit gre host 200.1.1.6 host 200.1.1.1
!

*GRE over IPSEC VPN一般使用传输模式。

*创建的tunnel中的源目的地址为公网地址。

*ACL定义感兴趣的流量,协议为GRE,源目的地址为公网地址。

*路由应宣告tunnel的地址,而不是公网地址。

aha飞扬个人主页

郑重声明:本文版权包含图片归原作者所有,转载文章仅为传播更多信息之目的,如作者信息标记有误,请第一时间联系我们(delete@yzlfxy.com)修改或删除,多谢。

郑重声明:本文版权归原作者所有,转载文章仅为传播更多信息之目的,如作者信息标记有误,请第一时间联系我们修改或删除,多谢。

留言与评论(共有 0 条评论)
昵称:
匿名发表
   
验证码: