In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)05/31 Report--
It is believed that many inexperienced people are at a loss about the comprehensive experimental analysis of IPSEC and GRE. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.
Experiment name: IPSEC and GRE comprehensive experiment
Purpose of the experiment: to realize the encrypted interconnection between headquarters and branch offices
Experimental topology diagram:
Main configuration steps:
(1) Router 0 headquarters
Router > en
Router#config t
Router (config) # int fa0/0
Router (config-if) # ip add 192.168.3.254 255.255.255.0
Router (config-if) # no shut
Router (config-if) # exit
Router (config) # hostname zongbu
Zongbu (config) # crypto isakmp policy 10 (ipsec Phase I)
Zongbu (config-isakmp) # encr 3des
Zongbu (config-isakmp) # hash md5
Zongbu (config-isakmp) # authentication pre-share
Zongbu (config-isakmp) # group 2
Zongbu (config-isakmp) # crypto isakmp key cisco1 address 10.1.1.2
Zongbu (config-isakmp) # crypto isakmp key cisco2 address 20.1.1.2
Zongbu (config) # access-list 101 permit ip host 30.1.1.2 host 10.1.1.2 (create data stream of interest)
Zongbu (config) # access-list 102 permit ip host 30.1.1.2 host 20.1.1.2
Zongbu (config) # crypto ipsec transform-set tim esp-3des esp-md5-hmac (create swap set)
Zongbu (config) # crypto map tom 10 ipsec-isakmp (ipsec Phase II)
Zongbu (config-crypto-map) # set peer 10.1.1.2
Zongbu (config-crypto-map) # set transform-set tim
Zongbu (config-crypto-map) # match address 101
Zongbu (config-crypto-map) # crypto map tom 20 ipsec-isakmp
Zongbu (config-crypto-map) # set peer 20.1.1.2
Zongbu (config-crypto-map) # set transform-set tim
Zongbu (config-crypto-map) # match address
Zongbu (config-crypto-map) # exit
Zongbu (config) # int tunnel 0 (GRE tunnel configuration)
Zongbu (config-if) # ip add 1.1.1.1 255.255.255.0
Zongbu (config-if) # no shut
Zongbu (config-if) # tunnel source fa0/1
Zongbu (config-if) # tunnel destination 10.1.1.2
Zongbu (config-if) # int tunnel 1 (GRE tunnel configuration)
Zongbu (config-if) # ip add 2.1.1.1 255.255.255.0
Zongbu (config-if) # no shut
Zongbu (config-if) # tunnel source fa0/1
Zongbu (config-if) # tunnel destination 20.1.1.2
Zongbu (config-if) # int fa0/1
Zongbu (config-if) # ip add 30.1.1.2 255.255.255.0
Zongbu (config-if) # no shut
Zongbu (config-if) # crypto map tom (apply encryption graph on interface)
Zongbu (config-if) # exit
Zongbu (config) # ip route 0.0.0.0 0.0.0.0 30.1.1.1
Zongbu (config) # ip route 192.168.1.0 255.255.255.0 1.1.1.2
Zongbu (config) # ip route 192.168.2.0 255.255.255.0 2.1.1.2
(2) Router 1 (router on internet)
Router > en
Router#config t
Router (config) # int fa0/0
Router (config-if) # ip add 30.1.1.1 255.255.255.0
Router (config-if) # no shut
Router (config-if) # int fa0/1
Router (config-if) # ip add 10.1.1.1 255.255.255.0
Router (config-if) # no shut
Router (config-if) # int fa1/0
Router (config-if) # ip add 20.1.1.1 255.255.255.0
Router (config-if) # no shut
Router (config-if) # exit
Router (config) # ip route 192.168.1.0 255.255.255.0 10.1.1.2
Router (config) # ip route 192.168.2.0 255.255.255.0 20.1.1.2
Router (config) # ip route 192.168.3.0 255.255.255.0 30.1.1.2
(3) Router Division 1
Router > en
Router#config t
Router (config) # hostname fenbu1
Fenbu1 (config) # crypto isakmp policy 10
Fenbu1 (config-isakmp) # encr 3des
Fenbu1 (config-isakmp) # hash md5
Fenbu1 (config-isakmp) # authentication pre-share
Fenbu1 (config-isakmp) # group 2
Fenbu1 (config-isakmp) # crypto isakmp key cisco1 address 30.1.1.2
Fenbu1 (config) # access-list 101 permit ip host 10.1.1.2 host 30.1.1.2
Fenbu1 (config) # crypto ipsec transform-set tim esp-3des esp-md5-hmac
Fenbu1 (config) # crypto map tom 10 ipsec-isakmp
Fenbu1 (config-crypto-map) # set peer 30.1.1.2
Fenbu1 (config-crypto-map) # set transform-set tim
Fenbu1 (config-crypto-map) # match address 101
Fenbu1 (config-crypto-map) # exit
Fenbu1 (config) # int tunnel0
Fenbu1 (config-if) # ip add 1.1.1.2 255.255.255.0
Fenbu1 (config-if) # no shut
Fenbu1 (config-if) # tunnel source fa0/0
Fenbu1 (config-if) # tunnel destination 30.1.1.2
Fenbu1 (config-if) # int fa0/0
Fenbu1 (config-if) # ip add 10.1.1.2 255.255.255.0
Fenbu1 (config-if) # no shut
Fenbu1 (config-if) # crypto map tom
Fenbu1 (config-if) # int fa0/1
Fenbu1 (config-if) # ip add 192.168.1.254 255.255.255.0
Fenbu1 (config-if) # no shut
Fenbu1 (config-if) # exit
Fenbu1 (config) # ip route 0.0.0.0 0.0.0.0 10.1.1.1
Fenbu1 (config) # ip route 192.168.3.0 255.255.255.0 1.1.1.1
Fenbu1 (config) # ip route 192.168.2.0 255.255.255.0 1.1.1.1
(4) Router Division 2
Router > en
Router#config t
Router (config) # int fa0/1
Router (config-if) # ip add 192.168.2.254 255.255.255.0
Router (config-if) # no shut
Router (config-if) # exit
Router (config) # hostname fenbu2
Fenbu2 (config) # crypto isakmp policy 10
Fenbu2 (config-isakmp) # encr 3des
Fenbu2 (config-isakmp) # hash md5
Fenbu2 (config-isakmp) # authentication pre-share
Fenbu2 (config-isakmp) # group 2
Fenbu2 (config-isakmp) # crypto isakmp key cisco2 address 30.1.1.2
Fenbu2 (config) # access-list 102 permit ip host 20.1.1.2 host 30.1.1.2
Fenbu2 (config) # crypto ipsec transform-set tim esp-3des esp-md5-hmac
Fenbu2 (config-crypto-map) # crypto map tom 20 ipsec-isakmp
Fenbu2 (config-crypto-map) # set peer 30.1.1.2
Fenbu2 (config-crypto-map) # set transform-set tim
Fenbu2 (config-crypto-map) # match address
Fenbu2 (config-crypto-map) # exit
Fenbu2 (config) # int tunnel1
Fenbu2 (config-if) # ip add 2.1.1.2 255.255.255.0
Fenbu2 (config-if) # no shut
Fenbu2 (config-if) # tunnel source fa0/0
Fenbu2 (config-if) # tunnel destination 30.1.1.2
Fenbu2 (config-if) # int fa0/0
Fenbu2 (config-if) # ip add 20.1.1.2 255.255.255.0
Fenbu2 (config-if) # no shut
Fenbu2 (config-if) # crypto map tom
Fenbu2 (config-if) # exit
Fenbu2 (config) # ip route 0.0.0.0 0.0.0.0 20.1.1.1
Fenbu2 (config) # ip route 192.168.3.0 255.255.255.0 2.1.1.1
Fenbu2 (config) # ip route 192.168.1.0 255.255.255.0 2.1.1.1
Verification: ping the 192.168.3.1 of headquarters from the host 192.168.1.1 of Division 1, and then observe the encryption and decryption data status of * * on Division Router 1.
After reading the above, have you mastered the method of comprehensive experimental analysis of IPSEC and GRE? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
