扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
第一种,只是使用到了GRE,没有使用GRE封装,只是感兴趣刘通过GRE隧道,用IPSEC加密
R1
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 12.12.12.2
crypto ipsec transform-set myset esp-des esp-md5-hmac
mode transport
crypto map mymap 10 ipsec-isakmp
set peer 12.12.12.2
set transform-set myset
match address 101
interface Loopback0
ip address 10.1.1.1 255.255.255.0
interface Tunnel0
ip address 21.21.21.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 12.12.12.2
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
crypto map mymap
router ospf 1
log-adjacency-changes
network 10.1.1.1 0.0.0.0 area 0
network 21.21.21.1 0.0.0.0 area 0
access-list 101 permit ip host 12.12.12.1 host 12.12.12.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
第二种:真正的GRE over IPSEC先封装GRE再用IPSEC加密
R2
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 12.12.12.1
crypto ipsec transform-set myset esp-des esp-md5-hmac
mode transport
crypto ipsec profile mysecfile
set transform-set myset
interface Loopback0
ip address 20.1.1.1 255.255.255.0
interface Tunnel0
ip address 21.21.21.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 12.12.12.1
tunnel protection ipsec profile mysecfile
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
router ospf 1
log-adjacency-changes
network 20.1.1.1 0.0.0.0 area 0
network 21.21.21.2 0.0.0.0 area 0
验证:show crypto engine connections active
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
京公网安备 11010802021500号