IP地址:
| R1 | F0/0 | 1.1.1.1/24 |
| F0/1 | 192.168.1.1/24 | |
| R2 | F0/0 | 1.1.1.2/24 |
| F0/1 | 2.2.2.2/24 | |
| R3 | F0/0 | 2.2.2.3/24 |
| F0/1 | 3.3.3.1/24 | |
| R4 | F0/0 | 3.3.3.2/24 |
| F0/1 | 192.168.2.1/24 | |
| Server0 |
| 192.168.1.3/24 |
| Server1 |
| 192.168.2.3/24 |
| PC0 |
| 192.168.1.2/24 |
| PC1 |
| 192.168.2.2/24 |
1、 在R2、R3上边运行ospf协议
2、 在R1、R4配置静态默认路由,pc1与R2,R3,R4,都无法ping通,pc2与R1,R2,R3,都无法ping通,pc1 与pc2不通
3、 在R1与R4上边配置IPsec×××(配置成功后pc1 ,pc2,server0,server1可以互通)
R1上的配置如下:
R1#show run
Building configuration...
Current configuration : 1091 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
crypto isakmp policy 1
encr 3des
authentication pre-share
lifetime 14400
!
crypto isakmp key 123 address 3.3.3.2
!
!
crypto ipsec transform-set cmap1 esp-3des esp-sha-hmac
!
crypto map cmap1 1 ipsec-isakmp
set peer 3.3.3.2
set security-association lifetime seconds 1800
set transform-set cmap1
match address 111
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
crypto map cmap1
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
access-list 111 permit ip any any
line con 0
line vty 0 4
login
end
R2路由器上配置:
R2#show run
Building configuration...
Current configuration : 601 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2
!
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 2.2.2.2 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute static subnets
network 1.1.1.0 0.0.0.255 area 0
network 2.2.2.0 0.0.0.255 area 0
!
ip classless
!
line con 0
line vty 0 4
login
!
!
!
End
R3路由器上配置:
R3#show run
Building configuration...
Current configuration : 601 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R3
!
!
!
!
interface FastEthernet0/0
ip address 2.2.2.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 3.3.3.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute static subnets
network 2.2.2.0 0.0.0.255 area 0
network 3.3.3.0 0.0.0.255 area 0
!
ip classless
!
!
line con 0
line vty 0 4
login
!
!
!
End
R4路由器上配置:
R4#show run
Building configuration...
Current configuration : 881 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R4
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
lifetime 14400
!
crypto isakmp key 123 address 1.1.1.1
!
!
crypto ipsec transform-set cmap1 esp-3des esp-sha-hmac
!
crypto map cmap1 1 ipsec-isakmp
set peer 1.1.1.1
set security-association lifetime seconds 1800
set transform-set cmap1
match address 111
!
interface FastEthernet0/0
ip address 3.3.3.2 255.255.255.0
duplex auto
speed auto
crypto map cmap1
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
access-list 111 permit ip any any
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
End
测试结果:
PC0可以ping通对端主机,也可以登录到web服务器,但与
转载于:https://blog.51cto.com/zyzdm/1082063
1568
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
