In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
VTI = Virtual Tunnel Interface
Advantages:
Support IP Multicast and dynamic routing protocols.
VTI saves 4 bytes of GRE header than GRE OVER IPSEC and can carry more data.
Restrictions:
Only IP unicast and multicast are supported. GRE supports more protocols.
IPsec Stateful failover is not supported. Redundancy can be achieved through dynamic routing protocols.
VTI is an IPSEC tunneling technology, so its transform set needs to be adjusted to tunnel. (in the test, it was found that although transport was still used, it could be automatically adjusted to tunnel.)
Two types of VTI:
Static = SVTI characteristics:
Point to point
Similar to GRE but removes the head of GRE.
Static route-map
Dynamic = DVTI characteristics:
Using static virtual-template,
Dynamic crypto-map .
The virtual access interface configuration is automatically created based on the preconfiguration of the template.
Simple configuration:
There is no need to use ACL to capture interested traffic, to call crypto map on the interface, or to set peers.
Directly make a profile, and then set protection in tunnel, the other fully automatic.
Show crypto isakmp default policy view default isakmp policy
Show crypto ipsec transform-set View default transform-set
= R1 =
Crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
Crypto ipsec transform-set T1 esp-des esp-md5-hmac
!
Crypto ipsec profile PRO
Set transform-set T1
Interface Loopback0
Ip address 192.168.1.1 255.255.255.0
!
!
Interface Loopback100
Ip address 10.12.0.1 255.255.255.0
!
!
Interface Tunnel1
Ip unnumbered Loopback0
Tunnel source GigabitEthernet0/0
Tunnel mode ipsec ipv4
Tunnel destination 100.23.0.3
Tunnel protection ipsec profile PRO
!
!
Interface GigabitEthernet0/0
Ip address 100.12.0.1 255.255.255.0
!
Router ospf 1
Network 10.12.0.0 0.0.0.255 area 0
Network 192.168.1.0 0.0.0.255 area 0
= R3 =
Crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
Crypto ipsec transform-set T1 esp-des esp-md5-hmac
!
Crypto ipsec profile PRO
Set transform-set T1
!
!
Interface Loopback0
Ip address 192.168.1.3 255.255.255.0
!
!
Interface Loopback100
Ip address 10.23.0.3 255.255.255.0
!
!
Interface Tunnel1
Ip unnumbered Loopback0
Tunnel source GigabitEthernet0/0
Tunnel mode ipsec ipv4
Tunnel destination 100.12.0.1
Tunnel protection ipsec profile PRO
!
Interface GigabitEthernet0/0
Ip address 100.23.0.3 255.255.255.0
!
!
!
Router ospf 1
Network 10.23.0.0 0.0.0.255 area 0
Network 192.168.1.0 0.0.0.255 area 0
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
The use of lcx and htran attachment: http://down.51cto.com/data/2363780
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
