拓扑图如下:
图中R2和R4充当内网下的客户机,指定默认网关,首先完成R1、R2、R3和R4的基础配置。
在R1和R3之间通过Tunnel来建立VPN,在R1、ISP和R3上启用OSPF路由协议。
发下是VPN部分的配置:
R1:
conf t int tunnel 0 ip add 1.1.1.1 255.255.255.252 tunnel source 100.1.1.1 tunnel destination 200.1.1.1 no shut exit crypto isakmp enable crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit crypto isakmp key 6 IPSEC-TUNNEL address 200.1.1.1 access-list 100 permit gre host 1.1.1.1 host 1.1.1.2 access-list 100 permit ip 10.1.1.0 0.0.0.3 192.168.1.0 0.0.0.255 crypto ipsec transform-set myset ah-md5-hmac esp-sha-hmac esp-aes mode tunnel exit crypto map mymap 1 ipsec-isakmp match address 100 set transform-set myset set peer 200.1.1.1 exit int tunnel 0 crypto map mymap int e0/1 crypto map mymap end
R3:
conf t int tunnel 0 ip add 1.1.1.2 255.255.255.252 tunnel source 200.1.1.1 tunnel destination 100.1.1.1 no shut exit crypto isakmp enable crypto isakmp policy 1 encryption aes hash sha group 2 authentication pre-share exit crypto isakmp key 6 IPSEC-TUNNEL address 100.1.1.1 access-list 100 permit gre host 1.1.1.2 host 1.1.1.1 access-list 100 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.3 crypto ipsec transform-set myset ah-md5-hmac esp-sha-hmac esp-aes mode tunnel exit crypto map mymap 1 ipsec-isakmp match address 100 set transform-set myset set peer 100.1.1.1 exit int tunnel 0 crypto map mymap int e0/0 crypto map mymap end
时间: 2024-12-23 05:31:17