ensp模拟实现总校区、分校区1、分校区2使用IPSEC互连

ensp模拟环境：配置AR1、AR2、AR3为internet区域  AR1的GE0/0/0IP地址为10.10.10.1/24与AR3的GE0/0/0IP地址为10.10.10.2/24连接、AR1的GE0/0/1IP地址为10.10.20.1/24与AR2的GE0/0/1IP地址为10.10.20.2/24连接、AR3的GE0/0/1IP地址为10.10.30.1/24与AR2的GE0/0/0IP地址为10.10.30.2/24连接。

配置AR5、LSW5、LSW6为总校区区域  AR5的Ethernet0/0/0IP地址为192.168.10.2/24与AR1的Ethernet0/0/0IP地址为192.168.10.1/24连接、AR5的Ethernet0/0/1IP地址为10.20.10.1/24与LSW5的GE0/0/1IP地址为10.20.10.2/24连接、AR5的Ethernet0/0/2IP地址为10.30.10.1/24与LSW6的GE0/0/1IP地址为10.30.10.2/24连接。

配置AR4、LSW1、LSW2为分校区1区域  AR4的Ethernet0/0/0IP地址为192.168.20.2/24与AR3的Ethernet0/0/0IP地址为192.168.20.1/24连接、AR4的Ethernet0/0/1IP地址为172.16.10.1/24与LSW1的GE0/0/1IP地址为172.16.10.2/24连接、AR4的Ethernet0/0/2IP地址为172.16.20.1/24与LSW2的GE0/0/1IP地址为172.16.20.2/24连接。

配置AR6、LSW3、LSW4为分校区2区域  AR6的Ethernet0/0/0IP地址为192.168.30.2/24与AR2的Ethernet0/0/0IP地址为192.168.30.1/24连接、AR6的Ethernet0/0/1IP地址为172.168.10.1/24与LSW3的GE0/0/1IP地址为172.168.10.2/24连接、AR6的Ethernet0/0/2IP地址为172.168.20.1/24与LSW4的GE0/0/2IP地址为172.168.20.2/24连接。

让internet区域用ospf实现互相通信、让总校区区域接通internet用ospf实现总校区能互相通、让分校区1区域接通internet用ospf实现分校区1能互相通、让分校区2区域接通internet用ospf实现分校区2能互相通  让总校区区域、分校区1区域、分校区2区域都能够通过IPSEC实现互相通信。

#配置AR1
sysname AR1
interface GigabitEthernet 0/0/0
ip address 10.10.10.1 255.255.255.0
quit

interface GigabitEthernet 0/0/1
ip address 10.10.20.1 255.255.255.0
quit

#配置AR2
sysname AR2
interface GigabitEthernet 0/0/0
ip address 10.10.30.2 255.255.255.0
quit

interface GigabitEthernet 0/0/1
ip address 10.10.20.2 255.255.255.0
quit

#配置AR3
sysname AR3
interface GigabitEthernet 0/0/0
ip address 10.10.10.2 255.255.255.0
quit

interface GigabitEthernet 0/0/1
ip address 10.10.30.1 255.255.255.0
quit

#配置AR5
sysname AR5
interface Ethernet 0/0/0
ip address 192.168.10.2 255.255.255.0
quit

interface Ethernet 0/0/1
ip address 10.20.10.1 255.255.255.0
quit

interface Ethernet 0/0/2
ip address 10.30.10.1 255.255.255.0
quit

#配置LSW5
sysname LSW5
interface GigabitEthernet 0/0/1
ip address 10.20.10.2 255.255.255.0
quit

#配置LSW6
sysname LSW6
interface GigabitEthernet 0/0/1
ip address 10.30.10.2 255.255.255.0
quit

#配置AR4
sysname AR4
interface Ethernet 0/0/0
ip address 192.168.20.2 255.255.255.0
quit

interface Ethernet 0/0/1
ip address 172.16.10.1 255.255.255.0
quit

interface Ethernet 0/0/2
ip address 172.16.20.1 255.255.255.0
quit

#配置LSW1
sysname LSW1
interface GigabitEthernet 0/0/1
ip address 172.16.10.2 255.255.255.0
quit

#配置LSW2
sysname LSW2
interface GigabitEthernet 0/0/1
ip address 172.16.20.2 255.255.255.0
quit

#配置AR6
sysname AR6
interface Ethernet 0/0/0
ip address 192.168.30.2 255.255.255.0
quit

interface Ethernet 0/0/1
ip address 172.168.10.1 255.255.255.0
quit

interface Ethernet 0/0/2
ip address 172.168.20.1 255.255.255.0
quit

#配置LSW3
sysname LSW3
interface GigabitEthernet 0/0/1
ip address 172.168.10.2 255.255.255.0
quit

#配置LSW4
sysname LSW4
interface GigabitEthernet 0/0/2
ip address 172.168.20.2 255.255.255.0
quit

#配置OSPF
#配置AR1、AR2、AR3之间的OSPF
sysname AR1
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.10.20.0 0.0.0.255
quit

sysname AR2
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 10.10.20.0 0.0.0.255
network 10.10.30.0 0.0.0.255
quit

sysname AR3
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.10.30.0 0.0.0.255
quit

#配置AR5与AR1之间的OSPF
sysname AR5
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 192.168.10.0 0.0.0.255
network 10.20.10.0 0.0.0.255
network 10.30.10.0 0.0.0.255
quit

#配置AR4与AR3之间的OSPF
sysname AR4
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 192.168.20.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 172.16.20.0 0.0.0.255
quit

#配置AR6与AR2之间的OSPF
sysname AR6
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 192.168.30.0 0.0.0.255
network 172.168.10.0 0.0.0.255
network 172.168.20.0 0.0.0.255
quit

#配置IPSec
sysname AR5
ipsec proposal proposal1
esp authentication-algorithm sha1
esp encryption-algorithm aes 128
quit

ipsec policy policy1 10 isakmp
security acl 3000
proposal proposal1
quit

ipsec peer ar4-ar5
pre-shared-key cipher %^%#TU0\n%^%#OU0\n%^%#PU0\n%^%#OU0\n%^%#OU0\n%^%#OU0\n%^\n
ike proposal 10
remote-address 192.168.20.1
quit

ipsec policy policy1
ike peer ar4-ar5
quit

ipsec peer ar6-ar5
pre-shared-key cipher %^%#TU0\n%^%#OU0\n%^%#PU0\n%^%#OU0\n%^%#OU0\n%^%#OU0\n%^\n
ike proposal 10
remote-address 192.168.30.1
quit

ipsec policy policy1
ike peer ar6-ar5
quit

sysname AR4
ipsec proposal proposal1
esp authentication-algorithm sha1
esp encryption-algorithm aes 128
quit

ipsec policy policy1 10 isakmp
security acl 4000
proposal proposal1
quit

ipsec peer ar5-ar4
pre-shared-key cipher %^%#TU0\n%^%#OU0\n%^%#PU0\n%^%#OU0\n%^%#OU0\n%^%#OU0\n%^\n
ike proposal 10
remote-address 192.168.10.1
quit

ipsec policy policy1
ike peer ar5-ar4
quit

sysname AR6
ipsec proposal proposal1
esp authentication-algorithm sha1
esp encryption-algorithm aes 128
quit

ipsec policy policy1 10 isakmp
security acl 5000
proposal proposal1
quit

ipsec peer ar5-ar6
pre-shared-key cipher %^%#TU0\n%^%#OU0\n%^%#PU0\n%^%#OU0\n%^%#OU0\n%^%#OU0\n%^\n
ike proposal 10
remote-address 192.168.10.1
quit

ipsec policy policy1
ike peer ar5-ar6
quit