要求:R1做vrf穿 越,R5访问通过R1,R2做,并且R1,R2可以主动的访问R5
vrf穿越
写两条静态地址映射使 R1,R2可以主动的访问R5
R5pingR1、R4
R4pingR1、R5
R1pingR5、R4
R1
p vrf k
rd 1:1
crypto keyring k vrf k
pre-shared-key address 0.0.0.0 0.0.0.0 key 6 ccie
!
crypto isakmp policy 10
authentication pre-share
!
!
crypto ipsec transform-set k esp-3des esp-md5-hmac
mode transport
!
!
crypto ipsec profile k
set transform-set k
interface Loopback0
ip address 172.16.0.1 255.255.255.255
!
interface Tunnel0
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip ospf network broadcast
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel vrf k
tunnel protection ipsec profile k
!
interface FastEthernet0/0
ip vrf forwarding k
ip address 12.0.0.1 255.255.255.0
duplex full
router eigrp 1
network 172.16.0.0 0.0.0.255
network 192.168.0.0
!
ip route vrf k 0.0.0.0 0.0.0.0 12.0.0.2
R2
interface FastEthernet0/0
ip address 12.0.0.2 255.255.255.0
duplex full
!
interface FastEthernet1/0
ip address 23.0.0.2 255.255.255.0
duplex full
!
interface FastEthernet2/0
ip address 24.0.0.2 255.255.255.0
duplex full
R3
interface FastEthernet0/0
ip address 23.0.0.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex full
!
interface FastEthernet1/0
ip address 35.0.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex full
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static udp 35.0.0.1 500 23.0.0.1 500 extendable
ip nat inside source static udp 35.0.0.1 4500 23.0.0.1 4500 extendable
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
R5
crypto isakmp policy 10
authentication pre-share
crypto isakmp key 6 ccie address 0.0.0.0
!
!
crypto ipsec transform-set k esp-3des esp-md5-hmac
mode transport
crypto ipsec profile k
set transform-set k
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface Tunnel0
ip address 192.168.0.2 255.255.255.0
no ip redirects
ip nhrp map 192.168.0.1 12.0.0.1
ip nhrp map multicast 12.0.0.1
ip nhrp network-id 100
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile k
!
interface FastEthernet0/0
ip address 35.0.0.1 255.255.255.0
duplex full
router eigrp 1
network 172.16.1.1 0.0.0.0
network 192.168.0.0 0.0.0.255
R4
crypto isakmp policy 10
authentication pre-share
crypto isakmp key 6 ccie address 0.0.0.0
!
!
crypto ipsec transform-set k esp-3des esp-md5-hmac
mode transport
!
!
crypto ipsec profile k
set transform-set k
!
interface Loopback0
ip address 172.16.2.1 255.255.255.255
!
interface Tunnel0
ip address 192.168.0.3 255.255.255.0
no ip redirects
ip nhrp map 192.168.0.1 12.0.0.1
ip nhrp map multicast 12.0.0.1
ip nhrp network-id 100
ip nhrp nhs 192.168.0.1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile k
!
interface FastEthernet0/0
ip address 24.0.0.1 255.255.255.0
duplex full
router eigrp 1
network 172.16.2.1 0.0.0.0
network 192.168.0.0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0