RT2所需配置:
interface loopback 4
IP address 10.20.5.4 255.255.255.255
interface tunnel4
IP address 10.20.255.50 255.255.255.252
interface G0/3
IP address 200.200.200.6 255.255.255.252
crypto isakmp key 0 12345 address 200.200.200.2 255.255.255.255
crypto isakmp policy 10
authentication pre-share
encryption 3des
group 2
hash md5
lifetime 86400
exit
crypto ipsec transform-set p2 esp-3des esp-md5-hmac
exit
crypto map ipsecacl 10 ipsec-isakmp
match address ipsec
set peer 200.200.200.2
set transform-set p2
exit
crypto key load-keyconf end
interface tunnel4
tunnel source 200.200.200.6
tunnel destination 200.200.200.2
tunnel speed-up
exit
interface G0/3
crypto map ipsecacl
exit
ip route cache
ip route default 200.200.200.5
IProute 10.20.6.4 255.255.255.255 tunnel4
ip access-list extended ipsec
permit gre 200.200.200.6 255.255.255.252 200.200.200.2 255.255.255.252 sequence 10
deny ip any any sequence 20
FW1所需配置:
interface e0/3
zone untrust
IP address 200.200.200.2 255.255.255.252
manage ssh
manage ping
manage snmp
manage https
exit
interface loopback4
zone trust
IP address 10.20.6.4 255.255.255.255
manage ssh
manage ping
manage snmp
manage https
exit
interface tunnel4
zone VPNHub
IP address 10.20.255.46 255.255.255.252
manage ssh
manage ping
manage snmp
manage https
tunnel gre gre
source 200.200.200.2
destination 200.200.200.6
interface e0/3
next-tunnel ipsec ipsecacl
exit
interface e0/3
shutdown track track
exit
interface tunnel4
tunnel gre gre
exit
ip vrouter trust-vr
IP route 0.0.0.0/0 200.200.200.1
IP route 10.20.5.4/32 tunnel4