CCIE学习笔记 ----GRE over IPsec

GRE over IPsec

这种东西主要可以传nat和各种加密包头的东西

R1:

!

interface Ethernet0/0

ip address 192.168.12.1 255.255.255.0

ip ospf 1 area 0

---------------------------------------------------------------------------------

R2:

crypto isakmp policy 10

authentication pre-share

crypto isakmp key cisco address 192.168.34.4

!

!

crypto ipsec transform-set ccna esp-des esp-md5-hmac

mode transport

!

!

!

crypto map jiance 1 ipsec-isakmp

set peer 192.168.34.4

set transform-set ccna

match address 100

!

!

!

!

!

interface Tunnel0

ip address 10.0.0.1 255.255.255.0

tunnel source Ethernet0/1

tunnel destination 192.168.34.4

tunnel key 100

!

interface Ethernet0/0

ip address 192.168.12.2 255.255.255.0

!

interface Ethernet0/1

ip address 192.168.23.2 255.255.255.0

crypto map jiance

!

router ospf 1

network 192.168.23.2 0.0.0.0 area 0

!

router ospf 2

network 10.0.0.1 0.0.0.0 area 0

network 192.168.12.2 0.0.0.0 area 0

!

ip forward-protocol nd

!

!

ip route 192.168.34.0 255.255.255.0 192.168.23.3

!

!

!

access-list 100 permit ip host 192.168.23.2 host 192.168.34.4

!

---------------------------------------------------------------------------------

R3:

!

interface Ethernet0/0

ip address 192.168.34.3 255.255.255.0

!

interface Ethernet0/1

ip address 192.168.23.3 255.255.255.0

!

!

router ospf 1

network 0.0.0.0 255.255.255.255 area 0

!

---------------------------------------------------------------------------------

R4:

crypto isakmp policy 10

authentication pre-share

crypto isakmp key cisco address 192.168.23.2

!

!

crypto ipsec transform-set ccna esp-des esp-md5-hmac

mode transport

!

!

!

crypto map jiance 1 ipsec-isakmp

set peer 192.168.23.2

set transform-set ccna

match address 100

!

!

!

!

!

interface Tunnel0

ip address 10.0.0.2 255.255.255.0

tunnel source Ethernet0/0

tunnel destination 192.168.23.2

tunnel key 100

!

interface Ethernet0/0

ip address 192.168.34.4 255.255.255.0

crypto map jiance

!

interface Ethernet0/1

ip address 192.168.45.4 255.255.255.0

!

router ospf 1

network 192.168.34.4 0.0.0.0 area 0

!

router ospf 2

network 10.0.0.2 0.0.0.0 area 0

!

!

!

access-list 100 permit ip host 192.168.34.4 host 192.168.23.2

!

---------------------------------------------------------------------------------

R5

!

interface Ethernet0/1

ip address 192.168.45.5 255.255.255.0

ip ospf 1 area 0

!

---------------------------------------------------------------------------------

实验效果:

R1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.12.2      1   FULL/BDR        00:00:38    192.168.12.2    Ethernet0/0

R1#

---------------------------------------------------------------------------------

R2#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.0.0.0/24 is directly connected, Tunnel0

L        10.0.0.1/32 is directly connected, Tunnel0

192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.12.0/24 is directly connected, Ethernet0/0

L        192.168.12.2/32 is directly connected, Ethernet0/0

192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.23.0/24 is directly connected, Ethernet0/1

L        192.168.23.2/32 is directly connected, Ethernet0/1

S     192.168.34.0/24 [1/0] via 192.168.23.3

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

R2#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.12.1      1   FULL/DR         00:00:39    192.168.12.1    Ethernet0/0

192.168.34.4      0   FULL/  -        00:00:31    10.0.0.2        Tunnel0

192.168.34.3      1   FULL/DR         00:00:31    192.168.23.3    Ethernet0/1

---------------------------------------------------------------------------------

R4#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.12.2      0   FULL/  -        00:00:39    10.0.0.1        Tunnel0

192.168.34.3      1   FULL/DR         00:00:34    192.168.34.3    Ethernet0/0

---------------------------------------------------------------------------------

R5#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.45.0/24 is directly connected, Ethernet0/1

L        192.168.45.5/32 is directly connected, Ethernet0/1

时间: 2024-12-29 11:07:46

CCIE学习笔记 ----GRE over IPsec的相关文章

CCIE学习笔记之端到端QOS

Class-map默认行为match-all Match protocol http mime "*/audio/*" Match protocol http mime "*/video/*"  //分类器寻找特殊类型的音频和视频mime流量 Match protocol http "*.jpg|*.jpeg"     //匹配图片流量 注:MIME类型就是设定某种扩展名的文件用一种应用程序来打开的方式类型,当该扩展名文件被访问的时候,浏览器会自

CCIE学习笔记之BGP

Aggregate-address address mask as-set 聚合路由时不然as-path信息丢失 R1(config-router)#aggregate-address 1.0.0.0255.0.0.0 as-set Aggregate-address address mask as-set advertise-maproute-map-name 用advertise-map决定聚合总保留那个AS路径信息 在R2上: aggregate-address 10.1.1.0 255.

CCIE学习笔记之EEM

当内存使用到一定程度生成日志并发邮件: 注册applet并进入applet配置模式: Router(config)# event manager appletmemory-fail 定义触发事件: event snmp oid oid-value get-type{exact|next} entry-op operator entry-val entry-value[exit-comb| and}] [exit-opoperator] [exit-val exit-value] [exit-ti

CCIE学习笔记之EIGRP

CCIE学习笔记 向eigrp域宣告一条默认路由: 1.      用ipdefault-network: R2关键配置: Ip route 2.0.0.0255.0.0.0 null 0  //在路由表中制造一条主类网络 Router eigrp 1 Network2.0.0.0            //宣告主类网络 Ipdefault-network 2.0.0.0    //相当于告诉EIGRP域内的路由器默认网关在2.0.0.0,所以发布这个网关的路由器的路由表要可达这个地址 Ip r

CCIE学习笔记之MPLS与MPLS VPN

配置: 接口下启用:mpls ip mpls label protocol ldp | tdp | both 配置LDP RID(全局):mpls ldp route-id interface [force] 如mpls ldp route-idloopback0 force 注:force强制命令立即生效,注意对方的LDP RID可达才能和对方建立LDP邻居关系 修改MPLS MTU(接口):mpls mtu [override] 1516       //因为加上4字节的标签,这条命令可以用

CCIE学习笔记之OSPF

Area area-id default-cost cost 在ABR或ASBR上设置广播到stub,total stub,NSSA的默认路由的开销,默认为1. Router ospf 1 Area 1 default-cost 10 Area area-id nssa no-redistribution 在NSSA区域连接area 0的ABR上,不让此ABR把重发布进此ABR的路由发布进NSSA,而只发布进area 0. Router ospf 1 Area 1 nssa no-redistr

CCIE学习笔记之RSVP

Router(config-if)# ip rsvp bandwidth  [ interface-kbps] [ single-flow-kbps ] ! EnablesRSVP for IP on an interface Router(config)# ip rsvp sendersession-ip-address sender-ip-address [tcp  | udp  |  ip-protocol ] session-dport sender-sport previous-hop

CCIE学习笔记之特性集

etherchannel loadbalance  dst –mac 以太网隧道负载方式基于目标MAC MST (config)# spanning -tree mode mst (config)# spanning -tree mst configuration (config-mst )#  name CCIE (config-mst )#  instance 1 vlan 20,40,60 spanning -tree mst 3 root primary spanning -tree m

CCIE学习笔记之组播

查看组播路由表: show ip mroute 查看igmp组成员: show ip igmp group 通用规则: 1.      无论何时,只要创建一个(S,G)项而其相应的父(*,G)不存在,就首先自动创建新的(*,G)项. 2.      RPF接口是作为对源IP地址(或稀疏模式(*,G)项,RP)的最小开销路径接口来估算的.如果多个接口开销相同,选择最高IP地址的接口作为"切入点".(比较顺序:1.管理距离2.最长匹配3.开销,这和单播不同,单播先比较最长匹配). 3.