Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

P2P GRE over IPsec

2025-01-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

R1 (config) # interface tunnel 1

R1 (config-if) # ip address 1.1.1.1 255.255.255.0

R1 (config-if) # tunnel source 12.1.1.1

R1 (config-if) # tunnel destination 23.1.1.3

R1 (config-if) # exit

R3 (config) # int tunnel 3

R3 (config-if) # ip address 1.1.1.3 255.255.255.0

R3 (config-if) # tunnel source 23.1.1.3

R3 (config-if) # tunnel destination 12.1.1.1

R3 (config-if) # exit

R1 (config) # crypto isakmp policy 1

R1 (config-isakmp) # encryption 3des

R1 (config-isakmp) # hash sha

R1 (config-isakmp) # authentication pre-share

R1 (config-isakmp) # group 2

R1 (config-isakmp) # exit

R1 (config) # crypto isakmp key 0 cisco123 address 23.1.1.3

R1 (config) # crypto ipsec transform-set ccie esp-3des esp-sha-hmac

R1 (cfg-crypto-trans) # exit

R1 (config) # access-list 100 permit gre host 12.1.1.1 host 23.1.1.3 R1 (config) # crypto map L21 1 ipsec-isakmp

R1 (config-crypto-map) # set peer 23.1.1.3

R1 (config-crypto-map) # set transform-set ccie

R1 (config-crypto-map) # match address 100R1 (config-crypto-map) # exit

R1 (config) # int f0bin0R1 (config-if) # crypto map L2l

R1 (config-if) # exit

R1 (config) #

* Mar 1 0021 Mar 45.171:% CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R1 (config) #

R3 (config) # crypto isakmp policy 1

R3 (config-isakmp) # encryption 3des

R3 (config-isakmp) # hash sha

R3 (config-isakmp) # authentication pre-share

R3 (config-isakmp) # group 2

R3 (config-isakmp) # exit

R3 (config) # crypto isakmp key 0 cisco123 address 12.1.1.1

R3 (config) # crypto ipsec transform-set ccie esp-3des esp-sha-hmac

R3 (cfg-crypto-trans) # exit

R3 (config) # access-list 100 permit gre host 23.1.1.3 host 12.1.1.1 R3 (config) #

R3 (config) # crypto map L2l 1 ipsec-isakmp

R3 (config-crypto-map) # set peer 12.1.1.1

R3 (config-crypto-map) # set transform-set ccie

R3 (config-crypto-map) # match address 100

R3 (config-crypto-map) # exit

R3 (config) #

R3 (config) # int f0swap 1

R3 (config-if) # crypto map L2l

R3 (config-if) #

* Mar 1 00 ISAKMP is ON 32 ISAKMP is ON 58. 907:% CRYPTO-6-ISAKMP_ON_OFF:

R3 (config-if) #

R1 (config) # router eigrp 1

R1 (config-router) # no auto-summary

R1 (config-router) # network 1.1.1.1 0.0.0.0

R1 (config-router) # network 10.1.1.1 0.0.0.0

R1 (config-router) # exit

R3 (config) # router eigrp 1

R3 (config-router) # no auto-summary

R3 (config-router) # network 1.1.1.3 0.0.0.0

R3 (config-router) # network 192.168.1.3 0.0.0.0

R3 (config-router) #

Description: the default mode of IPsec is Tunnel mode, which should not be in doubt.

(1) change the IPsec Mode of R3 to transport mode:

R3 (config) # crypto ipsec transform-set ccie esp-3des esp-sha-hmac

R3 (cfg-crypto-trans) # mode transport

Clear SA of both parties:

R3#clear crypto sa

R3#

Note: after changing the mode, clear the SA of both sides to reconnect

Although the IPsec Mode of R3 has been changed to transport mode, but still working in Tunnel mode, because the other side has not changed, only when both sides change, the final working mode will be changed.

Note: after changing the IPsec Mode of both sides to transport mode, the two sides finally work in transport mode, which also needs to be strongly explained and reminded here. Only in the case of P2P GRE over IPsec, the working mode of IPsec Mode can be transport mode, otherwise, even if the mode of both sides is forcibly changed to transport mode, eventually both parties will still work in Tunnel mode.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Both sides work only each other situation pattern question or mandatory test vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple vpn Redmi Microsoft OPPO Reno Huawei Xiaomi macOS MySQL NVidia Shulou Tech Info Linux MariaDB Docker Shulou Technology Apple Shulou Information vpn Redmi Microsoft OPPO Reno Huawei Xiaomi macOS MySQL NVidia Shulou Tech Info Linux MariaDB Docker Shulou Technology Apple Shulou Information

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report