扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
第一种,只是使用到了GRE,没有使用GRE封装,只是感兴趣刘通过GRE隧道,用IPSEC加密
R1
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 12.12.12.2
crypto ipsec transform-set myset esp-des esp-md5-hmac
mode transport
crypto map mymap 10 ipsec-isakmp
set peer 12.12.12.2
set transform-set myset
match address 101
interface Loopback0
ip address 10.1.1.1 255.255.255.0
interface Tunnel0
ip address 21.21.21.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 12.12.12.2
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
crypto map mymap
router ospf 1
log-adjacency-changes
network 10.1.1.1 0.0.0.0 area 0
network 21.21.21.1 0.0.0.0 area 0
access-list 101 permit ip host 12.12.12.1 host 12.12.12.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
第二种:真正的GRE over IPSEC先封装GRE再用IPSEC加密
R2
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 12.12.12.1
crypto ipsec transform-set myset esp-des esp-md5-hmac
mode transport
crypto ipsec profile mysecfile
set transform-set myset
interface Loopback0
ip address 20.1.1.1 255.255.255.0
interface Tunnel0
ip address 21.21.21.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 12.12.12.1
tunnel protection ipsec profile mysecfile
interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0
router ospf 1
log-adjacency-changes
network 20.1.1.1 0.0.0.0 area 0
network 21.21.21.2 0.0.0.0 area 0
验证:show crypto engine connections active
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
现场直击|2021世界人工智能大会
直击5G创新地带,就在2021MWC上海
5G已至 转型当时——服务提供商如何把握转型的绝佳时机
寻找自己的Flag
华为开发者大会2020(Cloud)- 科技行者