H3CTE实验：GRE-over-IPsec.doc_文客久久网wenke99.com

资源描述

1、H3CTE实验：GRE Over IPsecVPN+OSPF实验拓扑： OSPFR1 R2 R3 R4 R510.23010.340192.6810 192.680GRE10.210.1 P MCHAP双向认证RT1(Ethern 0/)-连接 -RT2(Ethern 0/)2Sial连接 3Sial31连接 4RT(er 0/2)-连接 -RT(er 0/1)4Ethn 连接 5Ethn配置脚本：R1dis currinterface Ethernet0/0/0port link-mode routeip address 192.168.1.2 255.255.255.0#i

2、p route-static 0.0.0.0 0.0.0.0 192.168.1.1#R5dis currinterface Ethernet0/0/0port link-mode routeip address 192.168.2.2 255.255.255.0#ip route-static 0.0.0.0 0.0.0.0 192.168.2.1#R2dis curr#acl number 3000rule 0 permit ip source 10.1.23.2 0 destination 10.1.34.4 0rule 5 deny ip#domain ekestinauthentic

3、ation ppp localaccess-limit disablestate activeidle-cut disableself-service-url disable#ike proposal 1#ike peer peer1proposal 1pre-shared-key simple ekestinremote-address 10.1.34.4R4dis curr#acl number 3000rule 0 permit ip source 10.1.34.4 0 destination 10.1.23.2 0rule 5 deny ip#domain ekestinauthen

4、tication ppp localaccess-limit disablestate activeidle-cut disableself-service-url disable#ike proposal 1#ike peer peer1proposal 1pre-shared-key simple ekestinremote-address 10.1.23.2local-address 10.1.23.2#ipsec proposal 1esp authentication-algorithm sha1esp encryption-algorithm aes 128#ipsec polic

5、y map 10 isakmpsecurity acl 3000ike-peer peer1proposal 1 #local-user R2password simple ekestinservice-type ppp#interface Ethernet0/0/0port link-mode routeip address 192.168.1.1 255.255.255.0#interface Serial0/0/0link-protocol pppppp authentication-mode chap domain ekestinppp chap user R3ppp chap pas

6、sword simple ekestinip address ppp-negotiateipsec policy map#interface LoopBack0ip address 2.2.2.2 255.255.255.255#interface Tunnel0ip address 10.1.100.1 255.255.255.0source 10.1.23.2destination 10.1.34.4# ospf 1area 0.0.0.0network 10.1.23.2 0.0.0.0#ospf 2area 0.0.0.0network 10.1.100.1 0.0.0.0networ

7、k 192.168.1.1 0.0.0.0#ip route-static 192.168.2.0 255.255.255.0 Tunnel0#local-address 10.1.34.4#ipsec proposal 1esp authentication-algorithm sha1esp encryption-algorithm aes 128#ipsec policy map 10 isakmpsecurity acl 3000ike-peer peer1proposal 1#local-user R4password simple ekestinservice-type ppp#i

8、nterface Ethernet0/0/0port link-mode routeip address 192.168.2.1 255.255.255.0#interface Serial0/0/0link-protocol pppppp mp Mp-group 1#interface Serial0/0/1link-protocol pppppp mp Mp-group 1#interface Mp-group1ip address 10.1.34.4 255.255.255.0ipsec policy map# interface LoopBack0ip address 4.4.4.4

9、255.255.255.255#interface Tunnel0ip address 10.1.100.2 255.255.255.0source 10.1.34.4destination 10.1.23.2#ospf 1area 0.0.0.0network 10.1.34.4 0.0.0.0# ospf 2area 0.0.0.0network 192.168.2.1 0.0.0.0network 10.1.100.2 0.0.0.0# ip route-static 192.168.1.0 255.255.255.0 Tunnel0R3dis curr#domain default e

10、nable ekestin#router id 3.3.3.3#rpr mac-address timer aging 100#domain ekestinauthentication ppp localaccess-limit disablestate activeidle-cut disableself-service-url disableip pool 1 10.1.23.2domain systemaccess-limit disablestate activeidle-cut disableself-service-url disable#local-user R3password

11、 simple ekestinservice-type ppp#interface Serial0/0/0link-protocol pppppp authentication-mode chap domain ekestinppp chap user R2ppp chap password simple ekestinppp ipcp remote-address forcedremote address pool 1ip address 10.1.23.3 255.255.255.0#interface Serial0/0/1link-protocol pppppp mp Mp-group

12、 1#interface Serial0/0/2link-protocol pppppp mp Mp-group 1#interface Mp-group1ip address 10.1.34.3 255.255.255.0#interface LoopBack0ip address 3.3.3.3 255.255.255.255#ospf 1area 0.0.0.0network 10.1.23.3 0.0.0.0network 10.1.34.3 0.0.0.0R5 ping -c 1000 192.168.1.2PING 192.168.1.2: 56 data bytes, press

13、 CTRL_C to breakReply from 192.168.1.2: bytes=56 Sequence=1 ttl=253 time=30 msReply from 192.168.1.2: bytes=56 Sequence=2 ttl=253 time=4 msReply from 192.168.1.2: bytes=56 Sequence=3 ttl=253 time=35 msReply from 192.168.1.2: bytes=56 Sequence=4 ttl=253 time=11 msReply from 192.168.1.2: bytes=56 Sequ

14、ence=5 ttl=253 time=25 msR1ping -c 1000 192.168.2.2PING 192.168.2.2: 56 data bytes, press CTRL_C to breakReply from 192.168.2.2: bytes=56 Sequence=1 ttl=253 time=44 msReply from 192.168.2.2: bytes=56 Sequence=2 ttl=253 time=26 msReply from 192.168.2.2: bytes=56 Sequence=3 ttl=253 time=20 msReply from 192.168.2.2: bytes=56 Sequence=4 ttl=253 time=46 msReply from 192.168.2.2: bytes=56 Sequence=5 ttl=253 time=10 ms

展开阅读全文