Cisco GRE Over IPSec配置

原創 cocoe 2018-09-11 08:38

 

R1 

interface tunnel 0

tunnel source serial0/0/0

tunnel destination 61.0.0.4

ip address 172.16.14.1 255.255.255.0

tunnel key 123456

exit

 

ip route 0.0.0.0 0.0.0.0 serial 

 

route eigrp 1

no auto-summary

network 172.16.1.1 0.0.0.0

network 172.16.14.1 0.0.0.0

passive-interface fastethernet 0/0

 

crypto isakmp policy 10

       encryption aes

       authentication pre-share

       hash sha

       group 5 

       lifetime 1800

 

crypto isakmp key cisco address 61.0.0.4

 

crypto ipsec transform-set TRAN esp-aes esp-sha-hmac 

       mode transport 

 

ip access-list extended ***

       permit gre host 202.96.134.1 host 61.0.0.4 

 

crypto map MAP 10 ipsec-isakmp

       set peer 61.0.0.4

       set transform-set TRAN

       set pfs group 5 

       match address ***

interface serial0/0/0

      crypto map MAP

 

interface serial 0/0/0

      ip nat outside

  

interface f0/0

      ip nat inside 

access-list 100 deny ip 172.16.1.0 0.0.0.255 172.16.4.0 0.0.0.255

access-list 100 permit ip 172.16.1.0 0.0.0.255 any 

ip nat inside source list 100 interface serial0/0/0 overload 

 

R2

ip route 61.0.0.0 255.255.255.0 serial 0/0/1

 

R3

ip route 202.96.134.0 255.255.255.0 serial0/0/1

 

R4

interface tunnel 0

tunnel source serial 0/0/0

tunnel destination 202.96.134.1

ip address 172.16.14.4 255.255.255.0

tunnel key 123456

exit

ip route 0.0.0.0 0.0.0.0 serial 0/0/0

route eigrp 1

no auto-summary

network 172.16.4.4 0.0.0.0

network 172.16.14.4 0.0.0.0

passive-interface fastethernet 0/0

 

crypto isakmp policy 10 

       encryption aes

       authentication pre-share

       hash sha 

       group 5

       lifetime 1800

 

crypto isakmp key cisco address 202.96.134.1

 

crypto ipsec transform-set TRAN esp-aes esp-sha-hmac

       mode transport

 

ip access-list extended ***

       permit gre host 61.0.0.4 host 202.96.134.1

      

crypto map MAP 10 ipsec-isakmp

 

       set peer  202.96.134.1 

       set transform-set TRAN

       set pfs group 5

       reverse-route static

       match address ***

 

interface serial0/0/0

       crypto map MAP

 

interface serial0/0/0

       ip nat outsie 

interface f0/0

       ip nat inside 

 

access-list 100 deny ip 172.16.4.0 0.0.0.255 172.16.1.0 0.0.0.255

access-list 100 permit ip  172.16.4.0 0.0.0.255 any 

ip nat inside source list 100 interface serial0/0/0 overload 

 

實驗調試部分

R1 

show crypto ipsec transform-set 

show crypto ipsec sa 

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Cisco 300-630 DCACIA Exam Questions - Get Success With Best Grades

jacobjerry012 2022-05-30 19:47:25

GNS3、VMware和物理機搭建網絡模擬環境(一)

lvqingpu 2019-02-24 13:15:35

Cisco路由器上配置DHCP全程詳解

wbzjacky 2019-02-24 13:12:37

關於Cisco的CCNA

179390988 2019-02-23 14:05:54

CISCO ACL配置全解

talkstone 2019-02-23 13:59:02

Cisco設備初始配置的幾個必備點

781732825 2019-02-23 13:43:04

Cisco常用單詞詞典

lzh0601 2019-02-23 13:41:43

Cisco 設備上設置DHCP

twt5566 2019-02-23 13:31:06

Cisco *** Client 相關問題的解決辦法

itserver_live 2019-02-23 13:29:47

思科路由器接口及模塊

s0lo 2019-02-23 13:16:07

Cisco交換機配置命令

陳涯 2019-02-23 13:09:52

Cisco路由器配置命令

陳涯 2019-02-23 13:09:52

Cisco IOS 軟件版本

s0lo 2019-02-23 13:08:46

Cisco防火牆

風吹白楊樹 2019-02-23 13:03:09

Cisco VRRP configuration

Yeexw 2019-02-23 12:55:22