R1
hostname R1
enable password cisco
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key ccie add 10.0.0.2
crypto ipsec transform-set anyname esp-des esp-sha-hmac
mode transport
crypto map anyname1 1 ipsec-isakmp
set peer 10.0.0.2
set security-association lifetime seconds 180
set transform-set anyname
match add 100
int fa0/0
ip add 10.0.1.1 255.255.255.0
no shut
int fa0/1
ip add 10.0.0.1 255.255.255.0
crypto map anyname1
router osfp 1
net 10.0.0.0 0.0.255.255 area 0
access-list 100 permit ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255
R2:
hostname R2
enable password cisco
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key ccie add 10.0.0.1
crypto ipsec transform-set anyname esp-des esp-sha-hmac
mode transport
crypto map anyname1 1 ipsec-isakmp
set peer 10.0.0.1
set security-association lifetime seconds 180
set transform-set anyname
match add 100
int fa0/0
ip add 10.0.2.1 255.255.255.0
no shut
int fa0/1
ip add 10.0.0.2 255.255.255.0
crypto map anyname1
router osfp 1
net 10.0.0.0 0.0.255.255 area 0
access-list 100 permit ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255
GRE隧道
R1
int fa0/1
de outside
ip add 202.100.1.1 255.255.255.0
no shut
route 0.0.0.0 0.0.0.0 202.100.1.2
int fa0/0
ip add 10.0.0.1 255.255.0.0
de inside
int t 0
ip add 172.16.0.1 255.255.255.0
tunnel source fa0/1
tunnel destination 202.100.1.2
router ospf 1
net 10.0.0.0 0.0.255.255 area 0
net 172.16.0.0 0.0.0.255 area 0
R2
int fa0/1
de outside
ip add 202.100.1.2 255.255.255.0
no shut
int fa0/0
ip add 10.1.0.1 255.255.0.0
de inside
ip route 0.0.0.0 0.0.0.0 202.100.1.1
int t 0
ip add 172.16.0.2 255.255.255.0
tunnel source fa0/1
tunnel destionation 202.100.1.1
router ospf 1
net 10.1.0.0 0.0.255.255 area 0
net 172.16.0.0 0.0.0.255 area 0
|
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)