EVE-NG模拟锐捷设备实现动态IPSec隧道（主要包含NAPT,IPSec VPN,IBGP,静态路由）

 EG1(config)#show run

Building configuration...

Current configuration: 1506 bytes

version RG-NSE-Route(V1.06)

hostname EG1

!

//抓取感兴趣流

ip access-list extended 101

 10 permit ip 192.168.1.0 0.0.0.255 193.1.0.0 0.0.0.255 

!

//排除感兴趣流，匹配相应流量配置NAPT

ip access-list extended 110

 10 deny ip 192.168.1.0 0.0.0.255 193.1.0.0 0.0.0.255 

 20 deny ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255 

 30 permit ip 192.168.1.0 0.0.0.255 any 

!

crypto isakmp policy 1

 encryption 3des

 authentication pre-share

!

crypto isakmp key 7 127657411e5877 address 12.1.0.1 

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

crypto map mymap 1 ipsec-isakmp

 set peer 12.1.0.1  

 set transform-set myset

 match address 101

!

interface GigabitEthernet 0/0

 ip address 10.1.0.17 255.255.255.252

 crypto map mymap

 ip nat outside

!

interface GigabitEthernet 0/1

 ip address 192.168.1.254 255.255.255.0

 ip nat inside

!

ip nat inside source list 110 interface GigabitEthernet 0/0 overload

!<