GRE over IPSEC

最新推荐文章于 2024-05-16 16:52:36 发布

ikaros_ios

最新推荐文章于 2024-05-16 16:52:36 发布

阅读量3.6k

点赞数 1

本文链接：https://blog.csdn.net/ikaros_fire/article/details/83110642

版权

前提：路由可达，相互可通信。
GRE提供通道，IPSEC保护通道数据。
GRE over IPSEC与IPSEC over GRE 哪个好？肯定是前者。
在这里插入图片描述
在R2与R4之间建立tunnel，ipsec为tunnel数据加密，即GRE over IPSEC
起接口IP规则依旧是老样子：R1-R2,那么就是12.1.1.1-12.1.1.2，其余类似。
R2配置如下：
R2#sh run
Building configuration…
Current configuration : 1378 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
multilink bundle-name authenticated
archive
log config
hidekeys
!

crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 34.1.1.4
!
crypto ipsec transform-set ikaros esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile test
set transform-set ikaros
!
ip tcp synwait-time 5
!

interface Tunnel24
ip unnumbered FastEthernet0/1
tunnel source 23.1.1.2
tunnel destination 34.1.1.4
tunnel protection ipsec profile test
!
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 23.1.1.2 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip route 34.1.1.0 255.255.255.0 FastEthernet0/1 23.1.1.3
ip route 45.1.1.0 255.255.255.0 FastEthernet0/1 23.1.1.3
!
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end

R4配置如下：
R4#sh run
Building configuration…

Current configuration : 1378 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 23.1.1.2
!
crypto ipsec transform-set ikaros esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile test
set transform-set ikaros
!
ip tcp synwait-time 5
!
interface Tunnel42
ip unnumbered FastEthernet0/0
tunnel source 34.1.1.4
tunnel destination 23.1.1.2
tunnel protection ipsec profile test
!
interface FastEthernet0/0
ip address 34.1.1.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 45.1.1.4 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
ip route 12.1.1.0 255.255.255.0 FastEthernet0/0 34.1.1.3
ip route 23.1.1.0 255.255.255.0 FastEthernet0/0 34.1.1.3
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
在这里插入图片描述
其他查看方法不赘述。
另，这是一种相对于之前的IPsec配置方式，这是一种全新的IPsec Profile的配置方式，仅仅在ipsec profile下配置了转换集，而没有设置对等体和感兴趣的内容。但需要注意的是，这个配置是被运用在接口下的，因此用来保护的是这个tunnel接口下的流量，所以感兴趣流是有的。对等体也不缺少，因为保护隧道，隧道的目的自然是IPSEC的对等体。这种配置方式在DMVPN中也有使用。

ikaros_ios

关注

1
点赞
踩
7

收藏

觉得还不错? 一键收藏
1
评论
GRE over IPSEC

前提：路由可达，相互可通信。GRE提供通道，IPSEC保护通道数据。GRE over IPSEC与IPSEC over GRE 哪个好？肯定是前者。在R2与R4之间建立tunnel，ipsec为tunnel数据加密，即GRE over IPSEC起接口IP规则依旧是老样子：R1-R2,那么就是12.1.1.1-12.1.1.2，其余类似。R2配置如下：R2#sh runBuildi...
复制链接

扫一扫