第一步:配置基本
直連路由信息見圖
第二步:爲了使R1和R3能連通互聯網
R1(config)#ip route 0.0.0.0 0.0.0.0 f0/0
R3(config)#ip route 0.0.0.0 0.0.0.0 f0/1
第三步:配置GRE隧道
R1(config)#interface tunnel 1
R1(config-if)#tu so f0/0
R1(config-if)#tu de 23.0.0.3
R1(config-if)#ip add 10.0.0.1 255.255.255.0
*May 13 16:13:30.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
R3(config)#interface tunnel 1
R3(config-if)#ip add 10.0.0.2 255.255.255.0
R3(config-if)#tu so f0/1
R3(config-if)#tu de 12.0.0.1
測試隧道
R1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/69/144 ms
第四步:配置路由協議,這樣R1和R3上其它路由能通過協議建立關係
R1(config)#router ei 1
R1(config-router)#no au
R1(config-router)#net 10.0.0.0
R1(config-router)#net 1.1.1.1
R1(config-router)#net 192.168.1.1
R3(config)#router ei 1
R3(config-router)#no au
R3(config-router)#net 10.0.0.0
R3(config-router)#net 3.3.3.3
R1#traceroute 3.3.3.3 so 1.1.1.1
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 10.0.0.2 116 msec * 64 msec
//這裏能通了,但是pc不能上網,我們配置PAT
第五步:配置PAT
R1(config)#access-list 100 permit ip 192.168.1.0 0.0.0.255 any
R1(config)#int f0/0
R1(config-if)#ip nat ou
R1(config-if)#int f0/1
R1(config-if)#ip nat in
R1(config)#ip nat inside source list 100 interface f0/0
第六步:測試,我們從pc上ping 外網,比如說2.2.2.2 和3.3.3.3
pc#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/49/72 ms
pc#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/49/72 ms
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 12.0.0.1:2 192.168.1.2:2 2.2.2.2:2 2.2.2.2:2
//我們分別ping了2.2.2.2和3.3.3.3,但只有2.2.2.2轉換了,因爲3.3.3.3走的是隧道
注意,我們不能將PAT轉換的outside用到int tunnel接口上,因爲tunnel上的地址爲私有的,這樣PAT轉換將沒有意義