一:GRE-over-IPSec:
文章插图
【DeviceA】
1.配置IP地址2.GRE
[DeviceA] interface tunnel 0 mode gre[DeviceA-Tunnel0] ip address 10.1.1.1 255.255.255.0[DeviceA-Tunnel0] source 202.115.22.48[DeviceA-Tunnel0] destination 202.115.24.50[DeviceA-Tunnel0] quit3.路由[DeviceA] ip route-static 192.168.2.1 255.255.255.0 tunnel 04.ACL[DeviceA] acl number 3000[DeviceA-acl-adv-3000] rule 0 permit gre source 202.115.22.48 0 destination 202.115.24.500[DeviceA-acl-adv-3000] quit5.IKE+IPSec:[DeviceA] ike keychain keychain1[DeviceA-ike-keychain-keychain1] pre-shared-key address 202.115.24.50 255.255.255.0 keysimple 123[DeviceA-ike-keychain-keychain1] quit[DeviceA] ike profile profile1[DeviceA-ike-profile-profile1] keychain keychain1[DeviceA-ike-profile-profile1] local-identity address 202.115.22.48[DeviceA-ike-profile-profile1] match remote identity address 202.115.24.50 255.255.255.0[DeviceA-ike-profile-profile1] quit[DeviceA] ipsec transform-set tran1[DeviceA-ipsec-transform-set-tran1] encapsulation-mode tunnel[DeviceA-ipsec-transform-set-tran1] protocol esp[DeviceA-ipsec-transform-set-tran1] esp encryption-algorithm des[DeviceA-ipsec-transform-set-tran1] esp authentication-algorithm sha1[DeviceA-ipsec-transform-set-tran1] quit25[DeviceA] ipsec policy policy1 1 isakmp[DeviceA-ipsec-policy-isakmp-policy1-1] security acl 3000[DeviceA-ipsec-policy-isakmp-policy1-1] remote-address 202.115.24.50[DeviceA-ipsec-policy-isakmp-policy1-1] transform-set tran1[DeviceA-ipsec-policy-isakmp-policy1-1] ike-profile profile1[DeviceA-ipsec-policy-isakmp-policy1-1] quit6.接口应用[DeviceA] interface gigabitethernet 2/0/2[DeviceA-GigabitEthernet2/0/2] ipsec Apply policy policy1[DeviceA-GigabitEthernet2/0/2] quit 二:IPSec-over-GRE:
文章插图
?【DeviceA】
1.配置IP地址2.GRE
[DeviceA] interface tunnel 0 mode gre[DeviceA-Tunnel0] ip address 10.1.1.1 255.255.255.0[DeviceA-Tunnel0] source 202.115.22.48[DeviceA-Tunnel0] destination 202.115.24.50[DeviceA-Tunnel0] quit3.路由[DeviceA] ip route-static 192.168.2.1 255.255.255.0 tunnel 04.ACL[DeviceA] acl number 3000[DeviceA-acl-adv-3000] rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255[DeviceA-acl-adv-3000] quit5.IKE+IPSec:[DeviceA] ike keychain keychain1[DeviceA-ike-keychain-keychain1] pre-shared-key address 10.1.1.2 255.255.255.0 key simple123[DeviceA-ike-keychain-keychain1] quit[DeviceA] ike profile profile1[DeviceA-ike-profile-profile1] keychain keychain1[DeviceA-ike-profile-profile1] local-identity address 10.1.1.1[DeviceA-ike-profile-profile1] match remote identity address 10.1.1.2 255.255.255.0[DeviceA-ike-profile-profile1] quit[DeviceA] ipsec transform-set tran1[DeviceA-ipsec-transform-set-tran1] encapsulation-mode tunnel[DeviceA-ipsec-transform-set-tran1] protocol esp[DeviceA-ipsec-transform-set-tran1] esp encryption-algorithm des[DeviceA-ipsec-transform-set-tran1] esp authentication-algorithm sha1[DeviceA-ipsec-transform-set-tran1] quit25[DeviceA] ipsec policy policy1 1 isakmp[DeviceA-ipsec-policy-isakmp-policy1-1] security acl 3000[DeviceA-ipsec-policy-isakmp-policy1-1] remote-address 10.1.1.2[DeviceA-ipsec-policy-isakmp-policy1-1] transform-set tran1[DeviceA-ipsec-policy-isakmp-policy1-1] ike-profile profile1[DeviceA-ipsec-policy-isakmp-policy1-1] quit6.接口应用 [DeviceA] interface tunnel 0[DeviceA-Tunnel0] ipsec apply policy policy1[DeviceA-Tunnel0] quit【IPSec热点】
推荐阅读
![[申申说财经]三个原因继续施压油价,原油亚盘:美油继续在20美元附近徘徊](https://imgcdn.toutiaoyule.com/20200418/20200418052035947596a_t.jpeg)
- 手机如何远程控制电脑?
- OpenVPN搭建部署
- 图解IP防护等级
- 养老保险一年交多少钱2019 养老保险一年交多少钱2020
- 上海必逛景点 上海景点攻略一日游
- 柴犬长大了 柴犬尴尬期图片对比
- 派出所几点上班?
- 耳机左右怎么分rl?
- 花生莲藕猪手汤的做法
- 猫咪回家后一直在沙发下躲着 猫从沙发上摔下来