RT2:
设置静态路由 ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx(交换机3和RT2相连的ip地址)
设置 Tunnel 端口添加源地址和对端地址
interface Tunnel1
ip address 172.16.52.2 255.255.255.252
tunnel source 211.68.59.2(RT2的g0/3口ip地址)(source 源地址)
tunnel destination 203.37.1.2(FW1的e0/3口ip地址)(destination 对端地址)
配置预共享密钥
crypto isakmp key 0 Key-1122 address 203.37.1.2 255.255.255.252 (对端地址)
配置提倡 1
crypto isakmp policy 10
authentication pre-share
encryption 3des
group 2
hash md5
lifetime 86400
配置提倡 2
crypto ipsec transform-set 1 esp-3des esp-md5-hmac
绑定数据流
ip access-list extended ipsecacl
permit gre 211.68.59.2 255.255.255.252 203.37.1.2 255.255.255.252 (前面是源地址,后面是对端地址)
配置加密映射表
crypto map 1 1 ipsec-isakmp
match address ipsecacl
set peer 203.37.1.2(对端地址)
set transform-set 1
接口下绑定
map interface GigaEthernet0/3
crypto map 1
后续可联系我学习
墨北的博客 - - 墨北的博客 - (mobei.space)
此网站有服务器Linux的讲解
3305425314@qq 可以加我学习