[DCN]IPSEC-GRE VPN实验

浅见·莉莉丝

已于 2024-08-12 15:52:31 修改

阅读量105

点赞数 3

文章标签：网络

于 2024-08-09 20:42:56 首次发布

本文链接：https://blog.csdn.net/iustinianu/article/details/141070405

版权

FW1 与 RT2 之间用 Internet 互联地址建立 GRE Over IPSec VPN，实现 Loopback4 之间的加密访问。RT2 的 ACL 名称为 ACL-VPN，transform-set 名称为 SET-1，crypto map 名称为 MAP-1。FW1 的isakmp proposal 名称为 P-1，isakmp peer 名称为 PEER-1，ipsecproposal 名称为 P-2，tunnel ipsec 名称为 IPSEC-1，tunnel gre 名称为 GRE-1。

SW3

ip vrf Internet
rd 2:2
!

vlan  1017;1018

interface ethernet 1/0/17
switchport access vlan 1017
!

interface ethernet 1/0/18
switchport access vlan 1018
!

interface vlan 1017
ip vrf forwarding Internet 
ip address 200.200.200.1 255.255.255.252
!

interface vlan 1018
ip vrf forwarding Internet 
ip address 200.200.200.5 255.255.255.252
!

ip route vrf Internet 0.0.0.0 0.0.0.0 200.200.200.2
ip route vrf Internet 0.0.0.0 0.0.0.0 200.200.200.6

RT2

interface Loopback 1
ip address 10.4.6.1 255.255.255.255
!

interface Loopback 4
ip address 10.4.6.4 255.255.255.255
!

interface GigaEthernet 0/2
ip address 200.200.200.6 255.255.255.252
!

interface Tunnel 4 
ip address 10.4.255.50 255.255.255.252
tunnel source 200.200.200.6
tunnel destination 200.200.200.2
!

ip route default 200.200.200.5  使得物理链路连通
ip route 10.4.7.4 255.255.255.255 Tunnel4 设置静态路由使目的为10.4.7.4 的流量从Tunnel4发出



crypto isakmp key 0 Key-1122 address 200.200.200.2 255.255.255.252 
crypto isakmp policy 10
 authentication pre-share 设置认证方式为预共享密钥
 encryption 3des 封装格式为3des
 hash md5 哈希算法为md5
 lifetime 4000 生存时间为4000
!

crypto ipsec transform-set SET-1 esp-3des esp-md5-hmac esp验证算法为md5，加密算法为3des
 mode transport 传输模式
!

crypto map MAP-1 10 ipsec-isakmp
 match address ACL-VPN
 set peer 200.200.200.2
 set transform-set SET-1
!

ip access-list extended ACL-VPN
 permit gre 200.200.200.6 255.255.255.252 200.200.200.2 255.255.255.252 sequence 10
!

interface GigaEthernet0/2
crypto map MAP-1 绑定加密组
!

FW1

rule id 1
  action permit
  src-addr "Any"
  dst-addr "Any"
  service "Any"
exit
interface ethernet0/3
  zone  "untrust"
  ip address 200.200.200.2 255.255.255.252
  manage ping
exit
interface loopback1
  zone  "trust"
  ip address 10.4.7.1 255.255.255.255
  manage ssh
  manage ping
exit
interface loopback4
  zone  "trust"
  ip address 10.4.7.4 255.255.255.255
  manage ping
  manage ssh
exit
interface tunnel4
  zone  "VPNHub"
  ip address 10.4.255.49 255.255.255.252
  manage ping
exit
ip vrouter "trust-vr"
	ip route 10.4.6.4/32 10.3.255.50
  ip route 0.0.0.0/0 200.200.200.1
exit

tunnel gre "GRE-1"
  source 200.200.200.2
  destination 200.200.200.6
  interface ethernet0/3
  next-tunnel ipsec IPSEC-1
exit
interface tunnel4
  tunnel gre "GRE-1" gw 10.4.255.50 对端隧道地址
exit

浅见·莉莉丝

关注

3
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
[DCN]IPSEC-GRE VPN实验

RT2 的 ACL 名称为 ACL-VPN，transform-set 名称为 SET-1，crypto map 名称为 MAP-1。FW1 的isakmp proposal 名称为 P-1，isakmp peer 名称为 PEER-1，ipsecproposal 名称为 P-2，tunnel ipsec 名称为 IPSEC-1，tunnel gre 名称为 GRE-1。
复制链接

扫一扫