7200的GRE(隧道)+ipsec(传输模式+pre-share)配置

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了7200的GRE(隧道)+ipsec(传输模式+pre-share)配置相关的知识,希望对你有一定的参考价值。

R6路由器GRE部分配置


en

config t

no ip domain-lookup

ip classless

ip subnet-zero

host R6

interface loopback 0

ip address 10.1.1.1 255.255.255.0


interface serial 1/2

ip address 173.16.1.1 255.255.255.252

no shutdown


int fa 2/0

ip addr 11.0.0.1 255.0.0.0

no shutdown


interface tunnel 0

ip unnumbered serial 1/2

tunnel source serial 1/2

tunnel destination 173.16.1.2

no shut

exit


ip route 0.0.0.0 0.0.0.0 173.16.1.2

ip route 10.2.2.0 255.255.255.0 tunnel0

end 

show ip route


 

R7

en

config t

no ip domain-lookup

ip classless

ip subnet-zero

host r7


interface loopback0

ip addr 10.2.2.1 255.255.255.0


interface serial 1/5

ip addr 173.16.1.2 255.255.255.252

no shutdown


int fa 2/0

ip addr 12.0.0.1 255.0.0.0

no shut


interface tunnel0

ip unnumbered serial 1/5

tunnel source serial 1/5

tunnel destination 173.16.1.1

no shut

exit


ip route 0.0.0.0 0.0.0.0 173.16.1.1

ip route 10.1.1.0 255.255.255.0 tunnel0

ip route 0.0.0.0 0.0.0.0 tunnel0

end

show ip route

config t

router rip 

ver 2

net 12.0.0.0

net 10.2.2.0

net 173.16.1.0





R6 路由器ipsec部分配置

conf t

crypto isakmp enable

crypto isakmp policy 10

hash md5

authentication pre-share

encryption 3des

group 2

exit


crypto isakmp key cisco1234 addrss 173.16.1.2


crypto ipsec transform-set ccsp esp-des esp-md5-hmac

mode transport

exit


access-list 101 permit gre host 173.16.1.1 host 173.16.1.2

access-list 101 permit gre 11.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255



cyypto map cisco 10 ipsec-iskmp

set peer 173.16.1.2

set transform-set ccsp

match address 101

exit


interface serial 1/2

crypto map cisco

no shut

end

show ip int brief

show ip route


R7 路由器ipsec部分配置


config t

crypto isakmp enable

crypto isakmp policy 10

hash md5

authentication pre-share

encryption 3des

group2

exit


crypto isakmp key cisco1234 address 173.16.1.1


cypto ipsec transform-set ccsp esp-des esp-md5-hmac

mode transport

exit


access-list 101 permit gre host 173.16.1.2 host 173.16.1.1

access-list 101 permit gre 12.0.0.0 0.255.255.255 11.0.0.0 0.255.255.255


crypto map cisco 10 ipsec-isakmp

set peer 173.16.1.1

set transform-set ccsp

match address 101

exit


interface s1/5

crypto map cisco

no shut

end

show ip int brief

show ip route


本文出自 “网络工程师” 博客,请务必保留此出处http://zhengfei.blog.51cto.com/1617522/1883530

以上是关于7200的GRE(隧道)+ipsec(传输模式+pre-share)配置的主要内容,如果未能解决你的问题,请参考以下文章

VPN三层隧道协议GRE IPsec

Cisco1700路由器最大可以建立多少IPSec的隧道?

如何配置l2tp over gre隧道

配置GRE 隧道

隧道模式的使用 IPSec 隧道

GRE OVER IPSEC的数据包的IP地址是如何封装的