路由器设置网助您成为路由专家
高级搜索|网站地图|TAG标签RSS订阅[设为首页] [加入收藏]

路由器设置|192.168.1.1|192.168.0.1|192.168.1.1 路由器设置|192.168.0.1 路由器设置|无线路由器设置

搜索

当前位置: 主页 > 路由器设置 >

思科路由器点对点IPsec+GRE配置方法介绍

时间:2013-06-04 11:46来源:未知 作者:admin 点击:
基本配置: Hub Router hostname Hub ! crypto isakmp policy 1 authentication pre-share crypto isakmp key cisco47 address 0.0.0.0 //0.0.0.0指定对端可为任意 ! crypto ipsec transform-set trans2 esp-des esp-md5-hmac mode transport ! crypto map v

基本配置:

Hub Router

hostname Hub

crypto isakmp policy 1
  authentication pre-share
crypto isakmp key cisco47 address 0.0.0.0  //0.0.0.0指定对端可为任意
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
  mode transport

crypto map vpnmap1 local-address Ethernet0 
crypto map vpnmap1 10 ipsec-isakmp 
  set peer 172.16.1.1 
  set transform-set trans2 
  match address 101 
crypto map vpnmap1 20 ipsec-isakmp 
  set peer 172.16.2.1 
  set transform-set trans2 
  match address 102 
. . . 
crypto map vpnmap1 <10*n> ipsec-isakmp 
  set peer 172.16.<n>.1 
  set transform-set trans2 
  match address <n+100> 

interface Tunnel1 
  bandwidth 1000 
  ip address 10.0.0.1 255.255.255.252 
  ip mtu 1400 
  delay 1000 
  tunnel source Ethernet0 
  tunnel destination 172.16.1.1 

interface Tunnel2
  bandwidth 1000 
  ip address 10.0.0.5 255.255.255.252 
  ip mtu 1400 
  delay 1000 
  tunnel source Ethernet0 
  tunnel destination 172.16.2.1 

. . . 

interface Tunnel<n> 
  bandwidth 1000 
  ip address 10.0.0.<4n-3> 255.255.255.252 
  ip mtu 1400 
  delay 1000 
  tunnel source Ethernet0 
  tunnel destination 172.16.<n>.1 

interface Ethernet0 
  ip address 172.17.0.1 255.255.255.0 
  crypto map vpnmap1 

interface Ethernet1 
  ip address 192.168.0.1 255.255.255.0 

router eigrp 1 
  network 10.0.0.0 0.0.0.255 
  network 192.168.0.0 0.0.0.255 
  no auto-summary 

access-list 101 permit gre host 172.17.0.1 host 172.16.1.1 
access-list 102 permit gre host 172.17.0.1 host 172.16.2.1 
… 
access-list <n+100> permit gre host 172.17.0.1 host 172.16.<n>.1

Spoke1 Router

hostname Spoke1 

crypto isakmp policy 1 
  authentication pre-share 
crypto isakmp key cisco47 address 0.0.0.0 

crypto ipsec transform-set trans2 esp-des esp-md5-hmac 
  mode transport 

crypto map vpnmap1 local-address Ethernet0 
crypto map vpnmap1 10 ipsec-isakmp 
  set peer 172.17.0.1 
  set transform-set trans2 
  match address 101 

interface Tunnel0 
  bandwidth 1000 
  ip address 10.0.0.2 255.255.255.252 
  ip mtu 1400 
  delay 1000 
  tunnel source Ethernet0 
  tunnel destination 172.17.0.1 

interface Ethernet0 
  ip address 172.16.1.1 255.255.255.252
  crypto map vpnmap1 

interface Ethernet1 
  ip address 192.168.1.1 255.255.255.0 

router eigrp 1 
  network 10.0.0.0 0.0.0.255 
  network 192.168.1.0 0.0.0.255 
  no auto-summary 

access-list 101 permit gre host 172.16.1.1 host 172.17.0.1

注意:在Cisco IOS 12.2(13)T 前crypto map vpnmap必须同时映射到物理接口和所有的隧道端口上,而在Cisco IOS 12.2(13)T 之后只要映射到物理接口上就可以了。
本文由路由器设置网www.luyouqiwang.net站长原创,转载请注明出处。

(责任编辑:jida201010)
顶一下
(0)
0%
踩一下
(0)
0%
------分隔线----------------------------
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
验证码: 点击我更换图片
最新评论 进入详细评论页>>
栏目列表
推荐内容
热点内容

Powered by 192.168.1.1 192.168.0.1192.168.0.1