ensp-virtual private network 配置

最新推荐文章于 2024-08-20 23:29:03 发布

西部壮仔

最新推荐文章于 2024-08-20 23:29:03 发布

阅读量733

点赞数

分类专栏：网络工程文章标签：路由器

本文链接：https://blog.csdn.net/qq_45089570/article/details/106015908

版权

网络工程专栏收录该内容

70 篇文章 38 订阅

订阅专栏

GRE virtual private network 配置

实验拓扑:
在这里插入图片描述 AR5:

[AR5]int g0/0/0
[AR5-GigabitEthernet0/0/0]ip address 15.1.1.1 29
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[AR5]ip route-static 0.0.0.0 0 15.1.1.6
[AR5]interface Tunnel 0/0/0
[AR5-Tunnel0/0/0]description TO_fenbu
[AR5-Tunnel0/0/0]tunnel-protocol gre
[AR5-Tunnel0/0/0]source 15.1.1.1
[AR5-Tunnel0/0/0]destination 46.1.1.1
[AR5-Tunnel0/0/0]ip address 192.168.254.1 24    #  给隧道配置ip地址
[AR5-Tunnel0/0/0]qu
[AR5]ip route-static 192.168.100.0 24 192.168.254.2

AR6:

[AR6]int g0/0/0
[AR6-GigabitEthernet0/0/0]ip address 46.1.1.1 29
[AR6-GigabitEthernet0/0/0]int g0/0/1
[AR6-GigabitEthernet0/0/1]ip address 192.168.100.1 24
[AR6-GigabitEthernet0/0/1]qu
[AR6]ip route-static 0.0.0.0 0 46.1.1.6
[AR6]interface Tunnel 0/0/0
[AR6-Tunnel0/0/0]description TO_zongbu
[AR6-Tunnel0/0/0]tunnel-protocol gre 
[AR6-Tunnel0/0/0]source 46.1.1.1
[AR6-Tunnel0/0/0]destination 15.1.1.1
[AR6-Tunnel0/0/0]ip address 192.168.254.2 24
[AR6-Tunnel0/0/0]qu
[AR6]ip route-static 192.168.1.0 24 192.168.254.1

PC1与PC2通讯:
在这里插入图片描述缺点：数据在经过运营商时没有加密。

ipsec virtual private network

实验拓扑:
在这里插入图片描述 AR5:

acl number 3000  
 rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.100.0 0.0.0.255 

ipsec proposal aa
#
ipsec policy bb 10 manual
 security acl 3000
 proposal aa
 tunnel local 15.1.1.1
 tunnel remote 46.1.1.1
 sa spi inbound esp 123456
 sa string-key inbound esp simple 234567
 sa spi outbound esp 123456
 sa string-key outbound esp simple 234567
#
interface GigabitEthernet0/0/0
 ip address 15.1.1.1 255.255.255.248 
 ipsec policy bb
#
interface GigabitEthernet0/0/1
 ip address 192.168.1.1 255.255.255.0 
#
interface Tunnel0/0/0
#
ip route-static 0.0.0.0 0.0.0.0 15.1.1.6
ip route-static 192.168.100.0 255.255.255.0 192.168.254.2

AR6:

acl number 3000  
 rule 5 permit ip source 192.168.100.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 
#
ipsec proposal aa
#
ipsec policy bb 10 manual
 security acl 3000
 proposal aa
 tunnel local 46.1.1.1
 tunnel remote 15.1.1.1
 sa spi inbound esp 123456
 sa string-key inbound esp simple 234567
 sa spi outbound esp 123456
 sa string-key outbound esp simple 234567
#
interface GigabitEthernet0/0/0
 ip address 46.1.1.1 255.255.255.248 
 ipsec policy bb
#
interface GigabitEthernet0/0/1
 ip address 192.168.100.1 255.255.255.0 
#
ip route-static 0.0.0.0 0.0.0.0 46.1.1.6
ip route-static 192.168.1.0 255.255.255.0 192.168.254.1
#

验证：
在这里插入图片描述抓包观察:

命令解释: