本文共 3964 字,大约阅读时间需要 13 分钟。
试验目的:GRE OVER IPSEC的配置方法:
试验拓扑:
R1:
interface Tunnel0
ip unnumbered Loopback1
tunnel source Serial1/1
tunnel destination 202.100.23.3
ip route 0.0.0.0 0.0.0.0 Serial1/1
ip route 192.168.23.0 255.255.255.0 Tunnel0
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco address 202.100.23.3
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 202.100.23.3
set transform-set myset
match address VPN
interface Serial1/1
ip address 202.100.12.2 255.255.255.0
serial restart-delay 0
crypto map mymap
interface Serial1/1
ip address 202.100.12.2 255.255.255.0
serial restart-delay 0
crypto map mymap
R3:
interface Tunnel0
ip unnumbered Loopback1
tunnel source Serial1/0
tunnel destination 202.100.12.2
ip route 0.0.0.0 0.0.0.0 Serial1/0
ip route 192.168.12.0 255.255.255.0 Tunnel0
ip access-list extended VPN
permit gre host 202.100.23.3 host 202.100.12.2
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco address 202.100.12.2
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 202.100.12.2
set transform-set myset
match address VPN
interface Serial1/0
ip address 202.100.23.3 255.255.255.0
serial restart-delay 0
crypto map mymap
在R2上ping时R1的调试信息:
R3#ping 192.168.12.2 source lo1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.23.3
!!!!!
*Jun 8 17:50:12.719: IP: tableid=0, s=192.168.23.3 (Tunnel0), d=192.168.12.2 (Loopback1), routed via RIB
*Jun 8 17:50:12.719: IP: s=192.168.23.3 (Tunnel0), d=192.168.12.2, len 100, rcvd 4
*Jun 8 17:50:12.723: IP: tableid=0, s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), routed via FIB
*Jun 8 17:50:12.727: IP: s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), len 100, sending
*Jun 8 17:50:12.731: IP: s=202.100.12.2 (Tunnel0), d=202.100.23.3 (Serial1/1), len 124, sending
*Jun 8 17:50:12.859: IP: tableid=0, s=192.168.23.3 (Tunnel0), d=192.168.12.2 (Loopback1), routed via RIB
*Jun 8 17:50:12.863: IP: s=192.168.23.3 (Tunnel0), d=192.168.12.2, len 100, rcvd 4
*Jun 8 17:50:12.867: IP: tableid=0, s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), routed via FIB
*Jun 8 17:50:12.867: IP: s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), len 100, sending
*Jun 8 17:50:12.871: IP: s=202.100.12.2 (Tunnel0), d=202.100.23.3 (Serial1/1), len 124, sending
*Jun 8 17:50:12.979: I
R1#P: tableid=0, s=192.168.23.3 (Tunnel0), d=192.168.12.2 (Loopback1), routed via RIB
*Jun 8 17:50:12.983: IP: s=192.168.23.3 (Tunnel0), d=192.168.12.2, len 100, rcvd 4
*Jun 8 17:50:12.987: IP: tableid=0, s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), routed via FIB
*Jun 8 17:50:12.987: IP: s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), len 100, sending
*Jun 8 17:50:12.991: IP: s=202.100.12.2 (Tunnel0), d=202.100.23.3 (Serial1/1), len 124, sending
*Jun 8 17:50:13.079: IP: tableid=0, s=192.168.23.3 (Tunnel0), d=192.168.12.2 (Loopback1), routed via RIB
*Jun 8 17:50:13.079: IP: s=192.168.23.3 (Tunnel0), d=192.168.12.2, len 100, rcvd 4
*Jun 8 17:50:13.083: IP: tableid=0, s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), routed via FIB
*Jun 8 17:50:13.087: IP: s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), len 100, sending
*Jun 8 17:50:13.091: IP: s=202.100.12.2 (Tunnel0), d=202.100.23.3 (Serial1/1), len 124, sending
R1#
*Jun 8 17:50:13.175: IP: tableid=0, s=192.168.23.3 (Tunnel0), d=192.168.12.2 (Loopback1), routed via RIB
*Jun 8 17:50:13.175: IP: s=192.168.23.3 (Tunnel0), d=192.168.12.2, len 100, rcvd 4
*Jun 8 17:50:13.179: IP: tableid=0, s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), routed via FIB
*Jun 8 17:50:13.183: IP: s=192.168.12.2 (local), d=192.168.23.3 (Tunnel0), len 100, sending
*Jun 8 17:50:13.187: IP: s=202.100.12.2 (Tunnel0), d=202.100.23.3 (Serial1/1), len 124, sending
本文转自 gehailong 51CTO博客,原文链接:http://blog.51cto.com/gehailong/297421,如需转载请自行联系原作者