CCIE学习笔记 ----GRE over IPsec

GRE over IPsec

这种东西主要可以传nat和各种加密包头的东西

R1:

!

interface Ethernet0/0

 ip address 192.168.12.1 255.255.255.0

 ip ospf 1 area 0

 

 ---------------------------------------------------------------------------------

 

R2:

 

crypto isakmp policy 10

 authentication pre-share

crypto isakmp key cisco address 192.168.34.4   

!

!

crypto ipsec transform-set ccna esp-des esp-md5-hmac

 mode transport

!

!

!

crypto map jiance 1 ipsec-isakmp

 set peer 192.168.34.4

 set transform-set ccna

 match address 100

!

!

!

!

!

interface Tunnel0

 ip address 10.0.0.1 255.255.255.0

 tunnel source Ethernet0/1

 tunnel destination 192.168.34.4

 tunnel key 100

!

interface Ethernet0/0

 ip address 192.168.12.2 255.255.255.0

!

interface Ethernet0/1

 ip address 192.168.23.2 255.255.255.0

 crypto map jiance

!

router ospf 1

 network 192.168.23.2 0.0.0.0 area 0

!

router ospf 2

 network 10.0.0.1 0.0.0.0 area 0

 network 192.168.12.2 0.0.0.0 area 0

!

ip forward-protocol nd

!         

!

ip route 192.168.34.0 255.255.255.0 192.168.23.3

!

!

!

access-list 100 permit ip host 192.168.23.2 host 192.168.34.4

!

 

  ---------------------------------------------------------------------------------

 

 

R3:

!

interface Ethernet0/0

 ip address 192.168.34.3 255.255.255.0

!

interface Ethernet0/1

 ip address 192.168.23.3 255.255.255.0

!

!

router ospf 1

 network 0.0.0.0 255.255.255.255 area 0

!

 

 ---------------------------------------------------------------------------------

 

 

R4:

 

 

crypto isakmp policy 10

 authentication pre-share

crypto isakmp key cisco address 192.168.23.2   

!

!

crypto ipsec transform-set ccna esp-des esp-md5-hmac

 mode transport

!

!

!

crypto map jiance 1 ipsec-isakmp

 set peer 192.168.23.2

 set transform-set ccna

 match address 100

!         

!

!

!

!

interface Tunnel0

 ip address 10.0.0.2 255.255.255.0

 tunnel source Ethernet0/0

 tunnel destination 192.168.23.2

 tunnel key 100

!

interface Ethernet0/0

 ip address 192.168.34.4 255.255.255.0

 crypto map jiance

!

interface Ethernet0/1

 ip address 192.168.45.4 255.255.255.0

!

router ospf 1

 network 192.168.34.4 0.0.0.0 area 0

!

router ospf 2

 network 10.0.0.2 0.0.0.0 area 0

!

!

!

access-list 100 permit ip host 192.168.34.4 host 192.168.23.2

!

 

 ---------------------------------------------------------------------------------

 

 

R5

!

interface Ethernet0/1

 ip address 192.168.45.5 255.255.255.0

 ip ospf 1 area 0

!

 

 ---------------------------------------------------------------------------------

 

实验效果：

 

R1#show ip ospf neighbor

 

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.12.2      1   FULL/BDR        00:00:38    192.168.12.2    Ethernet0/0

R1#

 

 --------------------------------------------------------------------------------- 

 

R2#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       a - application route

       + - replicated route, % - next hop override

 

Gateway of last resort is not set

 

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.0.0.0/24 is directly connected, Tunnel0

L        10.0.0.1/32 is directly connected, Tunnel0

      192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.12.0/24 is directly connected, Ethernet0/0

L        192.168.12.2/32 is directly connected, Ethernet0/0

      192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.23.0/24 is directly connected, Ethernet0/1

L        192.168.23.2/32 is directly connected, Ethernet0/1

S     192.168.34.0/24 [1/0] via 192.168.23.3

 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

R2#show ip ospf neighbor

 

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.12.1      1   FULL/DR         00:00:39    192.168.12.1    Ethernet0/0

192.168.34.4      0   FULL/  -        00:00:31    10.0.0.2        Tunnel0

192.168.34.3      1   FULL/DR         00:00:31    192.168.23.3    Ethernet0/1

 

 --------------------------------------------------------------------------------- 

 

R4#show ip ospf neighbor 

 

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.12.2      0   FULL/  -        00:00:39    10.0.0.1        Tunnel0

192.168.34.3      1   FULL/DR         00:00:34    192.168.34.3    Ethernet0/0

 

  ---------------------------------------------------------------------------------

 

R5#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       a - application route

       + - replicated route, % - next hop override

 

Gateway of last resort is not set

 

      192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.45.0/24 is directly connected, Ethernet0/1

L        192.168.45.5/32 is directly connected, Ethernet0/1