In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
1. Experimental Topology
2. Basic network configuration
R1 configuration:
Ip dhcp excluded-address 13.1.1.1 13.1.1.2
Ip dhcp pool net13
Network 13.1.1.0 255.255.255.0
Default-router 13.1.1.1
Interface FastEthernet0/0
Ip address 12.1.1.1 255.255.255.0
Interface FastEthernet1/0
Ip address 13.1.1.1 255.255.255.0
R2 configuration:
Interface FastEthernet0/0
Ip address 12.1.1.2 255.255.255.0
Interface FastEthernet1/0
Ip address 172.16.1.254 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 12.1.1.1
R3 configuration:
Interface Loopback0
Ip address 3.3.3.3 255.255.255.0
Interface FastEthernet0/0
Ip address dhcp
Interface FastEthernet1/0
Ip address 192.168.1.254 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 13.1.1.1
R4 configuration:
Interface FastEthernet0/0
Ip address 172.16.1.1 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 172.16.1.254
R5 configuration:
Interface FastEthernet0/0
Ip address 192.168.1.1 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 192.168.1.254
3. Configure Dynamic P2P GRE over IPsec
3.1.Configuring GRE
R2 configuration:
Interface Tunnel2
Ip address 1.1.1.1 255.255.255.0
Tunnel source 12.1.1.2
Tunnel destination 3.3.3.3
Ip route 3.3.3.3 255.255.255.255 12.1.1.1
This route must be configured, which is required by the configuration rule
R3 configuration:
Interface Tunnel3
Ip address 1.1.1.2 255.255.255.0
Tunnel source Loopback0
Tunnel destination 12.1.1.2
R2 is configured with Dynamic LAN-to-LAN × × (there is one more instruction than ordinary Dynamic LAN-to-LAN × × ×).
Crypto isakmp policy 1
Encr 3des
Authentication pre-share
Group 2
Crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
Crypto ipsec transform-set ccie esp-3des esp-sha-hmac
Crypto dynamic-map dymap 1
Set transform-set ccie
Crypto map mymap 1 ipsec-isakmp dynamic dymap (tested, this instruction may not be written)
Crypto map mymap local-address FastEthernet0/0
Interface FastEthernet0/0
Crypto map mymap
3. R3 is configured with LAN-to-LAN × × (unlike ordinary LAN-to-LAN × × ACL, there is one more instruction)
Crypto isakmp policy 1
Encr 3des
Authentication pre-share
Group 2
Crypto isakmp key cisco123 address 12.1.1.2
Crypto ipsec transform-set ccie esp-3des esp-sha-hmac
Access-list 100 permit gre 3.3.3.0 0.0.0.255 12.1.1.0 0.0.0.255
Crypto map mymap 1 ipsec-isakmp
Set peer 12.1.1.2
Set transform-set ccie
Match address 100
Crypto map mymap local-address FastEthernet0/0 (tested, this instruction may not be written)
Interface FastEthernet0/0
Crypto map mymap
3.4. Configure a dynamic routing protocol (at this time, all VPC traffic goes through tunnels. )
R2 configuration:
Router ospf 1
Network 1.1.1.0 0.0.0.255 area 0
Network 172.16.1.0 0.0.0.255 area 0
R3 configuration:
Router ospf 1
Network 1.1.1.0 0.0.0.255 area 0
Network 192.168.1.0 0.0.0.255 area 0
4. The effect of NAT on Dynamic P2P GRE over IPsec is the same as that of NAT on Static P2P GRE over IPsec.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
