105实验指导(GRE over IPsec)

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

实验指导(GREoverIPsec)一、实验任务R1:RotuerA、R2:Internet、R3:RotuerB、R4:RotuerCRouterB、RouterC采用VPN和总部连接总部和不同分部之间的VPN采用不同的参数、密码要保证三个site之间都可以互相通信配置路由协议RIP二、实验步骤1、R1、R2、R3上如图配置IP地址,打开接口,配置路由:Switch(S1):Switch(config)#intf0/0Switch(config-if)#shutdownRouterA(R1):ints1/1noshutdownclockrate128000ipadd202.96.134.1255.255.255.252intloopback0ipadd10.1.1.1255.255.255.0iproute0.0.0.00.0.0.0s1/1Internet(R2):ints1/0noshutdownclockrate128000ipadd202.96.134.2255.255.255.252ints1/1noshutdownclockrate128000ipadd61.0.0.1255.255.255.252inte0/0noshutdownduplexfullipadd198.133.0.1255.255.255.252RouterB(R3):ints1/0noshutdownclockrate128000ipadd61.0.0.02255.255.255.252intloopback0ipadd10.2.2.2255.255.255.0iproute0.0.0.00.0.0.0s1/0RouterC(R4):inte0/0noshutdownduplexfullipadd198.133.0.2255.255.255.252intloopback0ipadd10.3.3.3255.255.255.0iproute0.0.0.00.0.0.0198.133.0.12、RouterA、RouterB之间的Tunnel:RouterA:interfaceTunnel1ipaddress10.13.13.1255.255.255.0tunnelsourceSerial1/1tunneldestination61.0.0.2RouterB:interfaceTunnel1ipaddress10.13.13.3255.255.255.0tunnelsourceSerial1/0tunneldestination202.96.134.13、RouterA、RouterC之间的Tunnel:RouterA:interfaceTunnel2ipaddress10.14.14.1255.255.255.0tunnelsourceSerial1/1tunneldestination198.133.0.2RouterC:interfaceTunnel1ipaddress10.14.14.4255.255.255.0tunnelsourcee0/0tunneldestination202.96.134.14、路由协议配置RouterA:routerripnetwork10.0.0.0RouterB:routerripnetwork10.0.0.0RouterC:routerripnetwork10.0.0.05、测试:三地网络是否可以通信:•RouterA:ping10.2.2.2source10.1.1.1ping10.3.3.3source10.1.1.1•RouterB:ping10.1.1.1source10.2.2.2ping10.3.3.3source10.2.2.2•RouterC:ping10.1.1.1source10.3.3.3ping10.2.2.2source10.3.3.36、RouterA和RouterB的GREOverIPSecRouterA:cryptoisakmppolicy10hashmd5authenticationpre-share!cryptoisakmpkey0ciscoaddress61.0.0.2!cryptoipsectransform-setSITE2esp-desesp-md5-hmac!cryptoipsecprofileSITE2settransform-setSITE2!interfaceTunnel1tunnelprotectionipsecprofileSITE2RouterB:cryptoisakmppolicy10hashmd5authenticationpre-share!cryptoisakmpkey0ciscoaddress202.96.134.1!cryptoipsectransform-setSITE1esp-desesp-md5-hmac!cryptoipsecprofileSITE1settransform-setSITE1!interfaceTunnel1tunnelprotectionipsecprofileSITE17、RouterA和RouterC的GREOverIPSecRouterA:cryptoisakmppolicy20encr3desauthenticationpre-sharegroup2!cryptoisakmpkey0123456address198.133.0.2!cryptoipsectransform-setSITE3esp-3desesp-sha!cryptoipsecprofileSITE3settransform-setSITE3!interfaceTunnel2tunnelprotectionipsecprofileSITE3RouterC:cryptoisakmppolicy10encr3desauthenticationpre-sharegroup2!cryptoisakmpkey0123456address202.96.134.1!cryptoipsectransform-setSITE1esp-3desesp-sha!cryptoipsecprofileSITE1settransform-setSITE1!interfaceTunnel1tunnelprotectionipsecprofileSITE18、重新测试:三地网络是否可以通信RouterA:ping10.2.2.2source10.1.1.1ping10.3.3.3source10.1.1.1showcryptoengineconnectionsactive看数据是否有加密RouterB:ping10.1.1.1source10.2.2.2ping10.3.3.3source10.2.2.2showcryptoengineconnectionsactive看数据是否有加密RouterC:ping10.1.1.1source10.3.3.3ping10.2.2.2source10.3.3.3showcryptoengineconnectionsactive看数据是否有加密三、完整配置===============================R1===============================!hostnameR1!boot-start-markerboot-end-marker!!noaaanew-modelmemory-sizeiomem5!!ipcef!!!!!!!!!!!!!!!!!!!!!cryptoisakmppolicy10hashmd5authenticationpre-share!cryptoisakmppolicy20encr3desauthenticationpre-sharegroup2cryptoisakmpkeyciscoaddress61.0.0.2cryptoisakmpkey123456address198.133.0.2!!cryptoipsectransform-setSITE2esp-desesp-md5-hmaccryptoipsectransform-setSITE3esp-3desesp-sha-hmac!cryptoipsecprofileSITE2settransform-setSITE2!cryptoipsecprofileSITE3settransform-setSITE3!!!!!interfaceLoopback0ipaddress10.1.1.1255.255.255.0!interfaceTunnel1ipaddress10.13.13.1255.255.255.0tunnelsourceSerial1/1tunneldestination61.0.0.2tunnelprotectionipsecprofileSITE2!interfaceTunnel2ipaddress10.14.14.1255.255.255.0tunnelsourceSerial1/1tunneldestination198.133.0.2tunnelprotectionipsecprofileSITE3!interfaceEthernet0/0noipaddressshutdownhalf-duplex!interfaceEthernet0/1noipaddressshutdownhalf-duplex!interfaceEthernet0/2noipaddressshutdownhalf-duplex!interfaceEthernet0/3noipaddressshutdownhalf-duplex!interfaceSerial1/0noipaddressshutdownserialrestart-delay0!interfaceSerial1/1ipaddress202.96.134.1255.255.255.252serialrestart-delay0clockrate128000!interfaceSerial1/2noipaddressshutdownserialrestart-delay0!interfaceSerial1/3noipaddressshutdownserialrestart-delay0!routerripnetwork10.0.0.0!iphttpservernoiphttpsecure-server!iproute0.0.0.00.0.0.0Serial1/1!!!!!control-plane!!!!!!!!!!linecon0lineaux0linevty04!!End===============================R2===============================!hostnameR2!boot-start-markerboot-end-marker!!noaaanew-modelmemory-sizeiomem5!!ipcef!!!!!!!!!!!!!!!!!!!!!!!!interfaceEthernet0/0ipaddress198.133.0.1255.255.255.252full-duplex!interfaceEthernet0/1noipaddressshutdownhalf-duplex!interfaceEthernet0/2noipaddressshutdownhalf-duplex!interfaceEthernet0/3noipaddressshutdownhalf-duplex!interfaceSerial1/0ipaddress202.96.134.2255.255.255.252serialrestart-delay0clockrate128000!interfaceSerial1/1ipaddress61.0.0.1255.255.255.252serialrestar

1 / 17
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功