3分支GRE OVER IPSEC + OSPF
注意:ospf宣告不要用0.0.0.0 255.255.255.255 宣告
AR21 与 23之间的ipsce 和 21 与 24、23 与24之间不一样。
AR21
[AR 21]dis cu
[V200R003C00]
sysname AR 21
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
acl number 3000
rule 5 permit ip
acl number 3001
rule 5 permit ip source 100.0.12.1 0 destination 100.0.23.3 0
ipsec proposal huawei
ipsec proposal ospf
ike proposal 10
ike peer ospf v2
pre-shared-key simple 12345678
ike-proposal 10
peer-id-type ip
ike peer r1 v2
pre-shared-key simple 12345678
ike-proposal 10
remote-address 100.0.23.3
ipsec policy huawei 10 isakmp
security acl 3001
ike-peer r1
proposal huawei
ipsec profile ospf
ike-peer ospf
proposal ospf
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 100.0.12.1 255.255.255.0
ipsec policy huawei
nat outbound 3000
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
ip address 192.168.1.1 255.255.255.0
interface NULL0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
interface Tunnel0/0/0
ip address 10.1.1.21 255.255.255.0
tunnel-protocol gre
source 100.0.12.1
destination 100.0.23.3
interface Tunnel0/0/1
ip address 10.1.2.21 255.255.255.0
tunnel-protocol gre
source 100.0.12.1
destination 100.0.24.24
ipsec profile ospf
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 192.168.1.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 100.0.12.2
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
wlan ac
return
AR23
<AR 23>DIS CU
[V200R003C00]
sysname AR 23
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
acl number 3000
rule 5 permit ip
acl number 3001
rule 5 permit ip source 100.0.23.3 0 destination 100.0.12.1 0
ipsec proposal huawei
ipsec proposal ospf
ike proposal 10
ike peer ospf v2
pre-shared-key simple 12345678
ike-proposal 10
peer-id-type ip
ike peer r3 v2
pre-shared-key simple 12345678
ike-proposal 10
remote-address 100.0.12.1
ipsec policy huawei 10 isakmp
security acl 3001
ike-peer r3
proposal huawei
ipsec profile ospf
ike-peer ospf
proposal ospf
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
interface GigabitEthernet0/0/1
ip address 100.0.23.3 255.255.255.0
ipsec policy huawei
nat outbound 3000
interface GigabitEthernet0/0/2
ip address 192.168.2.1 255.255.255.0
interface NULL0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
interface Tunnel0/0/0
ip address 10.1.1.23 255.255.255.0
tunnel-protocol gre
source 100.0.23.3
destination 100.0.12.1
interface Tunnel0/0/1
ip address 10.1.2.23 255.255.255.0
tunnel-protocol gre
source 100.0.23.3
destination 100.0.24.24
ipsec profile ospf
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 100.0.23.2
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
wlan ac
return
AR24
<AR 24>DIS CU
[V200R003C00]
sysname AR 24
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load portalpage.zip
drop illegal-mac alarm
set cpu-usage threshold 80 restore 75
acl number 3000
rule 10 permit ip
ipsec proposal ospf
ike proposal 10
ike peer ospf v2
pre-shared-key simple 12345678
ike-proposal 10
peer-id-type ip
ipsec profile ospf
ike-peer ospf
proposal ospf
ipsec profile ospf1
ike-peer ospf
proposal ospf
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 100.0.24.24 255.255.255.0
nat outbound 3000
interface GigabitEthernet0/0/1
interface GigabitEthernet0/0/2
ip address 192.168.3.1 255.255.255.0
interface NULL0
interface LoopBack0
ip address 24.24.24.24 255.255.255.255
interface Tunnel0/0/0
ip address 10.1.2.25 255.255.255.0
tunnel-protocol gre
source 100.0.24.24
destination 100.0.23.3
ipsec profile ospf1
interface Tunnel0/0/1
ip address 10.1.1.24 255.255.255.0
tunnel-protocol gre
source 100.0.24.24
destination 100.0.12.1
ipsec profile ospf
ospf 1 router-id 24.24.24.24
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 24.24.24.24 0.0.0.0
network 192.168.3.0 0.0.0.255
ip route-static 0.0.0.0 0.0.0.0 100.0.24.22
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
wlan ac
return
AR 22
dis cu
[V200R003C00]
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
firewall zone Local
priority 15
interface GigabitEthernet0/0/0
ip address 100.0.12.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 100.0.23.2 255.255.255.0
interface GigabitEthernet0/0/2
ip address 100.0.24.22 255.255.255.0
interface NULL0
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
wlan ac
return