标签:ipsec_rri
IPSec_RRI
Site1:
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 202.100.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 202.100.1.10
access-list 100 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 61.128.1.1
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map ccie 10 ipsec-isakmp
set peer 61.128.1.1
set transform-set myset
match address 100
!
interface FastEthernet0/0
crypto map ccie
!
Internet :
interface FastEthernet0/0
ip address 202.100.1.10 255.255.255.0
!
interface FastEthernet0/1
ip address 61.128.1.10 255.255.255.0
!
Site2:
interface FastEthernet0/0
ip address 61.128.1.1 255.255.255.0
!
interface FastEthernet0/1
ip address 2.2.2.1 255.255.255.0
!
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
!
crypto isakmp key cisco address 202.100.1.1
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map ccie 10 ipsec-isakmp
set peer 202.100.1.1
set transform-set myset
set reverse-route tag 100 (为RRI动态产生的路由打上Tag 100)
match address 100
reverse-route
!
ip route 202.100.1.0 255.255.255.0 61.128.1.10
access-list 100 permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
!
route-map ospf permit 10
match tag 100 (配置上Tag100 的路由,也就是RRI产生的)
!
router ospf 100
redistribute static subnets route-map ospf
network 2.2.2.0 0.0.0.255 area 0
!
Inside:
interface FastEthernet0/0
ip address 2.2.2.2 255.255.255.0
!
router ospf 100
network 2.2.2.0 0.0.0.255 area 0
!
测试:
Site2#show ip route
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/1
S 202.100.1.0/24 [1/0] via 61.128.1.10
61.0.0.0/24 is subnetted, 1 subnets
C 61.128.1.0 is directly connected, FastEthernet0/0
当Site1 发起L2L连接时,
Site1#ping 2.2.2.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.!!!!
Site2#show ip route
1.0.0.0/24 is subnetted, 1 subnets
S 1.1.1.0 [1/0] via 202.100.1.1
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/1
S 202.100.1.0/24 [1/0] via 61.128.1.10
61.0.0.0/24 is subnetted, 1 subnets
C 61.128.1.0 is directly connected, FastEthernet0/0
Site2#show ip route 1.1.1.0
Routing entry for 1.1.1.0/24
Known via "static", distance 1, metric 0
Tag 100
Redistributing via ospf 100
Advertised by ospf 100 subnets route-map ospf
Routing Descriptor Blocks:
* 202.100.1.1
Route metric is 0, traffic share count is 1
Route tag 100
Inside#show ip route
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 2.2.2.1, 00:11:34, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/0
本文出自 “优乐美” 博客,请务必保留此出处http://youlemei.blog.51cto.com/2294538/1654984
标签:ipsec_rri
原文地址:http://youlemei.blog.51cto.com/2294538/1654984
