本文档展示了如何在Center和Branch之间配置SVTI以实现1.1.1.1与3.3.3.3以及2002:3:3::3与2002:2:2::2之间的互通。配置包括ISAKMP策略、IPSec transform集、IPSec profile、OSPFv3区域认证。所有设备已配置完毕,接下来的测试将验证互通性和OSPFv3认证的有效性。
1) 在Center和Branch1之间配置SVTI,确保1.1.1.1与3.3.3.3之间互通;
2) 在Center和Branch2之间配置SVTI,确保2002:3:3::3与2002:2:2::2之间互通,并作OSPFv3区域认证,Area为1,密码为Cisc0123。
设备配置:
##此处展示各设备的配置,可以粘贴文字,也可以粘贴截图##
任务1
Branch
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 202.100.1.10
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
mode tunnel
!
!
crypto ipsec profile lxf_ipsec_profile
set transform-set cisco
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.0
ip ospf 1 area 0
!
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
ip ospf 1 area 0
tunnel source FastEthernet0/0
tunnel mode ipsec ipv4
tunnel destination 202.100.1.10
tunnel protection ipsec profile lxf_ipsec_profile
!
interface FastEthernet0/0
ip address 202.100.1.1 255.255.255.0
duplex half
router ospf 1
router-id 1.1.1.1
!
Center
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 202.100.1.1
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
mode tunnel
!
crypto ipsec profile lxf_ipsec_profile
set transform-set cisco
!
interface Loopback1
ip address 3.3.3.3 255.255.255.0
ip ospf 1 area 0
!
interface Tunnel0
ip address 192.168.1.10 255.255.255.0
ip ospf 1 area 0
tunnel source FastEthernet0/0
tunnel mode ipsec ipv4
tunnel destination 202.100.1.1
tunnel protection ipsec profile lxf_ipsec_profile
!
interface FastEthernet0/0
ip address 202.100.1.10 255.255.255.0
duplex half
router ospf 1
router-id 3.3.3.3
任务二
Branch
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address ipv6 2001::3/128
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
mode tunnel
!
crypto ipsec profile lxf_ipsec_profile
set transform-set cisco
!
interface Loopback0
no ip address
ipv6 address 2002:2:2::2/128
ipv6 ospf 1 area 0
!
interface Loopback1
ip address 2.2.2.2 255.255.255.0
!
interface Tunnel0
no ip address
ipv6 address 2003::2/64
ipv6 ospf 1 area 0
tunnel source FastEthernet0/0
tunnel mode ipsec ipv6
tunnel destination 2001::1
tunnel protection ipsec profile lxf_ipsec_profile
!
interface Tunnel1
no ip address
ipv6 address 2004::3/64
ipv6 ospf 1 area 0
tunnel source FastEthernet0/0
tunnel mode ipsec ipv6
tunnel destination 2001::3
tunnel protection ipsec profile lxf_ipsec_profile
!
interface FastEthernet0/0
no ip address
duplex half
ipv6 address 2001::2/64
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ipv6 router ospf 1
router-id 2.2.2.2
area 0 authentication ipsec spi 321 md5 12345678123465781234657812346578
Center
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address ipv6 2001::2/128
!
!crypto ipsec transform-set cisco esp-3des esp-md5-hmac
mode tunnel
!
crypto ipsec profile lxf_ipsec_profile
set transform-set cisco
!
interface Loopback0
no ip address
ipv6 address 2002:3:3::3/128
ipv6 ospf 1 area 0
!
interface Loopback1
ip address 3.3.3.3 255.255.255.0
!
interface Tunnel0
no ip address
ipv6 address 2004::3/64
ipv6 ospf 1 area 0
tunnel source FastEthernet0/0
tunnel mode ipsec ipv6
tunnel destination 2001::2
tunnel protection ipsec profile lxf_ipsec_profile
!
interface FastEthernet0/0
no ip address
duplex half
ipv6 address 2001::3/64
!
ipv6 route ::/0 2001::10
ipv6 router ospf 1
router-id 3.3.3.3
area 0 authentication ipsec spi 321 md5 12345678123465781234657812346578
测试现象:
##此处展示实验需求的测试结果,可以粘贴文字,也可以粘贴截图##
任务1
任务2
扫一扫
548
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
