标签:mamicode cas back entity hmac tun 需要 abi kmp
需求:分支机构(R1)只有ADSL线路,需要与总部(R3)实现LAN能互访。
===========R3-HQ===============
crypto keyring PSK
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco
crypto ipsec transform-set TS esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TS
crypto isakmp profile DVTI
keyring PSK
match identity address 0.0.0.0
virtual-template 1
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
interface Loopback0
ip address 192.168.1.3 255.255.255.0
!
!
interface Loopback100
ip address 10.23.0.3 255.255.255.0
!
interface GigabitEthernet0/0
ip address 100.23.0.3 255.255.255.0
!
!
router ospf 1
network 10.23.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
ip route 0.0.0.0 0.0.0.0 100.23.0.2
==========R1-Branch============
crypto keyring PSK
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco
!
!
crypto ipsec transform-set TS esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TS
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
!
interface Loopback100
ip address 10.12.0.1 255.255.255.0
!
!
interface Tunnel1
ip unnumbered Loopback0
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination 100.23.0.3
tunnel protection ipsec profile VTI
!
interface GigabitEthernet0/0
ip address 100.12.0.1 255.255.255.0
!
router ospf 1
network 10.12.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 100.12.0.2
标签:mamicode cas back entity hmac tun 需要 abi kmp
原文地址:https://blog.51cto.com/linjet/2417167