R6路由器GRE部分配置
en
config t
no ip domain-lookup
ip classless
ip subnet-zero
host R6
interface loopback 0
ip address 10.1.1.1 255.255.255.0
interface serial 1/2
ip address 173.16.1.1 255.255.255.252
no shutdown
int fa 2/0
ip addr 11.0.0.1 255.0.0.0
no shutdown
interface tunnel 0
ip unnumbered serial 1/2
tunnel source serial 1/2
tunnel destination 173.16.1.2
no shut
exit
ip route 0.0.0.0 0.0.0.0 173.16.1.2
ip route 10.2.2.0 255.255.255.0 tunnel0
end
show ip route
R7
en
config t
no ip domain-lookup
ip classless
ip subnet-zero
host r7
interface loopback0
ip addr 10.2.2.1 255.255.255.0
interface serial 1/5
ip addr 173.16.1.2 255.255.255.252
no shutdown
int fa 2/0
ip addr 12.0.0.1 255.0.0.0
no shut
interface tunnel0
ip unnumbered serial 1/5
tunnel source serial 1/5
tunnel destination 173.16.1.1
no shut
exit
ip route 0.0.0.0 0.0.0.0 173.16.1.1
ip route 10.1.1.0 255.255.255.0 tunnel0
ip route 0.0.0.0 0.0.0.0 tunnel0
end
show ip route
config t
router rip
ver 2
net 12.0.0.0
net 10.2.2.0
net 173.16.1.0
R6 路由器ipsec部分配置
conf t
crypto isakmp enable
crypto isakmp policy 10
hash md5
authentication pre-share
encryption 3des
group 2
exit
crypto isakmp key cisco1234 addrss 173.16.1.2
crypto ipsec transform-set ccsp esp-des esp-md5-hmac
mode transport
exit
access-list 101 permit gre host 173.16.1.1 host 173.16.1.2
access-list 101 permit gre 11.0.0.0 0.255.255.255 12.0.0.0 0.255.255.255
cyypto map cisco 10 ipsec-iskmp
set peer 173.16.1.2
set transform-set ccsp
match address 101
exit
interface serial 1/2
crypto map cisco
no shut
end
show ip int brief
show ip route
R7 路由器ipsec部分配置
config t
crypto isakmp enable
crypto isakmp policy 10
hash md5
authentication pre-share
encryption 3des
group2
exit
crypto isakmp key cisco1234 address 173.16.1.1
cypto ipsec transform-set ccsp esp-des esp-md5-hmac
mode transport
exit
access-list 101 permit gre host 173.16.1.2 host 173.16.1.1
access-list 101 permit gre 12.0.0.0 0.255.255.255 11.0.0.0 0.255.255.255
crypto map cisco 10 ipsec-isakmp
set peer 173.16.1.1
set transform-set ccsp
match address 101
exit
interface s1/5
crypto map cisco
no shut
end
show ip int brief
show ip route
本文出自 “网络工程师” 博客,请务必保留此出处http://zhengfei.blog.51cto.com/1617522/1883530
7200的GRE(隧道)+ipsec(传输模式+pre-share)配置
原文地址:http://zhengfei.blog.51cto.com/1617522/1883530