GNS3 配置Dynamic Multipoint VPN

1、实验拓扑

2、基础网络配置

R1配置:

ip dhcp excluded-address 16.1.1.1 16.1.1.5

ip dhcp excluded-address 13.1.1.1 13.1.1.2

ip dhcp pool net16

network 16.1.1.0 255.255.255.0

default-router 16.1.1.1

ip dhcp pool net13

network 13.1.1.0 255.255.255.0

default-router 13.1.1.1

interface FastEthernet0/0

ip address 12.1.1.1 255.255.255.0

interface FastEthernet1/0

ip address 13.1.1.1 255.255.255.0

interface FastEthernet2/0

ip address 16.1.1.1 255.255.255.0

R2配置:

interface FastEthernet0/0

ip address 12.1.1.2 255.255.255.0

interface FastEthernet1/0

ip address 172.16.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 12.1.1.1

R3配置:

interface FastEthernet0/0

ip address dhcp

interface FastEthernet1/0

ip address 192.168.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 13.1.1.1

R4配置:

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.16.1.254

R5配置:

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.1.254

R6配置:

interface FastEthernet0/0

ip address dhcp

interface FastEthernet1/0

ip address 10.1.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 16.1.1.1

R7配置:

interface FastEthernet0/0

ip address 10.1.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.1.1.254

3、配置Dynamic Multipoint VPN

R2配置:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set ccie esp-3des esp-sha-hmac

crypto ipsec profile cisco

set transform-set ccie

interface Tunnel2

bandwidth 1000

ip address 100.1.1.2 255.255.255.0

ip mtu 1400

ip nhrp authentication ccie123

ip nhrp map multicast dynamic

ip nhrp network-id 1

no ip split-horizon eigrp 1

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 10000

tunnel protection ipsec profile cisco

R3配置:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set ccie esp-3des esp-sha-hmac

crypto ipsec profile cisco

set transform-set ccie

interface Tunnel3

bandwidth 1000

ip address 100.1.1.3 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication ccie123

ip nhrp map 100.1.1.2 12.1.1.2

ip nhrp map multicast 12.1.1.2

ip nhrp network-id 1

ip nhrp nhs 100.1.1.2

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 10000

tunnel protection ipsec profile cisco

R6配置:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set ccie esp-3des esp-sha-hmac

crypto ipsec profile cisco

set transform-set ccie

interface Tunnel6

bandwidth 1000

ip address 100.1.1.6 255.255.255.0

no ip redirects

ip mtu 1400

ip nhrp authentication ccie123

ip nhrp map 100.1.1.2 12.1.1.2

ip nhrp map multicast 12.1.1.2

ip nhrp network-id 1

ip nhrp nhs 100.1.1.2

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 10000

tunnel protection ipsec profile cisco

4、配置动态路由协议

R2配置:

router eigrp 1

network 100.1.1.0 0.0.0.255

network 172.16.1.0 0.0.0.255

no auto-summary

R3配置:

router eigrp 1

network 100.1.1.0 0.0.0.255

network 192.168.1.0

no auto-summary

R6配置:

router eigrp 1

network 10.1.1.0 0.0.0.255

network 100.1.1.0 0.0.0.255

no auto-summary

5、spoke-to-spoke tunnel优化路由

R2配置

interface Tunnel2

no ip next-hop-self eigrp 1

6、OSPF路由协议测试

R2配置:

R2(config)#no router eigrp 1

R2(config)#router ospf 1

R2(config-router)#network 100.1.1.0 0.0.0.255 area 0

R2(config-router)#network 172.16.1.0 0.0.0.255 area 0

R3配置:

R3(config)#no router eigrp 1

R3(config)#router ospf 1

R3(config-router)#network 192.168.1.0 0.0.0.255 area 0

R3(config-router)#network 100.1.1.0 0.0.0.255 area 0

R6配置:

R6(config)#no router eigrp 1

R6(config)#router ospf 1

R6(config-router)#network 10.1.1.0 0.0.0.255 area 0

R6(config-router)#network 100.1.1.0 0.0.0.255 area 0

此时出现如下情况

*Mar  1 01:03:13.531: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from LOADING to FULL, Loading Done

R2#

*Mar  1 01:03:23.143: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar  1 01:03:23.155: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.254 on Tunnel2 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset

*Mar  1 01:03:23.263: %OSPF-4-NONEIGHBOR: Received database description from unknown neighbor 192.168.1.254

R2#

*Mar  1 01:03:23.427: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from LOADING to FULL, Loading Done

修改隧道的借口类型

R2配置:

R2(config)#int tunnel 2

R2(config-if)#ip ospf network point-to-multipoint

R3配置:

R3(config)#int tunnel 3

R3(config-if)#ip ospf network point-to-multipoint

R6配置:

R6(config)#int tunnel 6

R6(config-if)#ip ospf network point-to-multipoint

注:OSPF下无法实现spoke-and-spoke tunnel的通信

时间: 2024-10-09 21:36:19

GNS3 配置Dynamic Multipoint VPN的相关文章

GNS3 配置Dynamic p2p GRE over IPsec

1.实验拓扑 2.基础网络配置 R1配置: ip dhcp excluded-address 13.1.1.1 13.1.1.2 ip dhcp pool net13 network 13.1.1.0 255.255.255.0 default-router 13.1.1.1 interface FastEthernet0/0 ip address 12.1.1.1 255.255.255.0 interface FastEthernet1/0 ip address 13.1.1.1 255.2

Dynamic Multipoint VPN(DMVPN)

(1)配置R1: R1(config)#int f0/0 R1(config-if)#ip add 10.1.1.1 255.255.255.0 R1(config-if)#no shut R1(config-if)#exit R1(config)#int s1/0 R1(config-if)#encapsulation frame-relay R1(config-if)#no frame-relay inverse-arp R1(config-if)#no arp frame-relay R1

Dynamic LAN-to-LAN VPN

(1)在R1上配置IKE(ISAKMP)策略: R1(config)#crypto isakmp policy 1 R1(config-isakmp)#encryption 3des R1(config-isakmp)#hash sha R1(config-isakmp)#authentication pre-share R1(config-isakmp)#group 2 R1(config-isakmp)#exit 说明:定义了ISAKMP policy 1,加密方式为3des,hash算法为

debian下配置dynamic printk以及重新编译内核

在以前的一篇博文<编译debian内核>已经提过了重新编译内核的方法,但是整个过程花费时间较长,并且生成deb包. 这里我采用稍微简单一些的方法,因为我并没有对内核或者驱动代码做任何修改,仅仅是在内核中选中一些未被选中的调试选项(以便于查看log信息) 先获取内核源码: sudo apt-get source linux-source-3.2 会在当前文件夹下得到几个文件: $ ls linux-3.2.57 linux_3.2.57-3+deb7u2.debian.tar.xz linux_

GNS3 配置IPSec Dynamic LAN-TO-LAN VPN

1.实验拓扑 2.基础网络配置 R1配置: service dhcp ip dhcp excluded-address 16.1.1.1 ip dhcp pool net16 network 16.1.1.0 255.255.255.0 default-router 16.1.1.1 nterface FastEthernet0/0 ip address 12.1.1.1 255.255.255.0 interface FastEthernet1/0 ip address 13.1.1.1 25

GNS3 配置LAN-TO-LAN VPN

1.实验拓扑 2.基础网络配置. R1配置: interface FastEthernet0/0 ip address 12.1.1.1 255.255.255.0 interface FastEthernet1/0 ip address 13.1.1.1 255.255.255.0 R2配置: interface FastEthernet0/0 ip address 12.1.1.2 255.255.255.0 interface FastEthernet1/0 ip address 172.

思科 GNS3 配置 NAT 端口映射

NAT 端口映射 1. 实验拓扑 使用GNS3模拟器版本 0.8.5 2.实验需求 1实现R2路由器上的C2 能够通过NAT端口映射上公网 2实现R1路由器上的C1能够通过NAT端口映射上公网 3.实验配置: IP规划 C1 C2 R1(config)#int f0/0 R1(config-if)#ip add 12.0.0.1 255.255.255.0 R1(config-if)#no sh R1(config-if)#int f R1(config-if)#int f0/1 R1(conf

思科 GNS3 配置 静态 NAT

静态NAT 1. 实验拓扑 使用GNS3模拟器版本 0.8.5 2.实验需求 1C1通过静态nat上公网 3. 实验拓扑 IP规划 R1(config)#int f0/0 R1(config-if)#ip add 12.0.0.1 255.255.255.0 R1(config-if)#no sh R1(config-if)#int f0/1 R1(config-if)#ip add 192.168.10.1 255.255.255.0 R1(config-if)#no sh R1(config

思科 GNS3 配置 HSRP 热备份选择协议

HSRP 热备份选择协议 1. 实验拓扑: 使用GNS3模拟器(版本 0.8.5) C1连接VM1网卡   因为模拟器pc  不支持  trasert 所以绑定真实网卡 2.实验需求 1R3的路由器挂了 线路192.168.10.20可以自动切换到R2工作 2R2的路由器挂了 线路192.168.10.10可以自动切换到R3工作 3.实验配置 IP规划 sw1#conf t sw1(config)#no ip routing R2#conf t R2(config)#int f0/1 R2(co