Shulou(Shulou.com)06/01 Report--

* is the acronym of virtual private network, commonly known as virtual private network, which uses * * technology to open a virtual private link in the public ip network (which can also be understood as internet network) to achieve direct access to the internal network of different branches, which is also called tunneling technology.

The realization of tunnel technology requires two conditions: device protocol. Here is a brief list:

Device: firewall (best choice), router or OS (operating system)

Must be three-tier equipment

Protocol: it can be divided into layer 2 protocol and layer 3 protocol, depending on whether the transmission equipment of the public ip network is layer 3 or layer 2.

Layer 2 protocols: 12tp (non-encryption protocol), pptp (encryption protocol) and 12f (encryption protocol)

Three-layer protocols: gre (non-encrypted protocol) and ipsec (encrypted protocol)

* can be divided into two categories: vpdn (dialing *) and Direct Connect * *.

1.Vpdn mobile users enter the pstn network by dialing and then enter the internet network

It presents the communication of "mobile user-network", so it is also called user *.

The protocol used is usually pptp or 12tp.

two。 Direct Connect * * is one private network connected to another private network through the internet network (usually the connection of corporate branches in different regions), showing the communication of "network (intranet)-network (intranet)", so it is also called enterprise network * *.

The protocol used is usually gre or ipsec.

Let's first do the experiment of gre protocol. The topology diagram is as follows:

/ / configuration on internet network (switch)

[Quidway] vlan 10

[Quidway-vlan10] vlan 20

[Quidway-vlan20] port Ethernet 0/20

[Quidway-vlan20] vlan 10

[Quidway-vlan10] port eth0/10

[Quidway] sysname sw

[sw] interface Vlan-interface 10

[sw-Vlan-interface10] ip add 60.130.130.2 255.255.255.252

[sw-Vlan-interface10] qu

[sw] interface Vlan-interface 20

[sw-Vlan-interface20] ip add 60.130.132.2 255.255.255.252

/ / configuration on firewall R1

Int eth0/0

Ip add 192.168.1.254 24

Int eth0/4

Ip add 60.130.130.1 30

/ / configuration on firewall R2

Int eth0/0

Ip add 192.168.2.254 24

Int eth0/4

Ip add 60.130.132.1 30

/ / gre configuration on R1

Int tunnel 10

Tunnel-protocol gre

Ip add 192.168.4.1 24

Source 60.130.130.1

Dest 60.130.132.1

Qu

Configure static routes:

Ip rout-static 192.168.1.0 24 tunnel 10

/ / gre configuration on R2

Int tunnel 10

Tunnel-protocol gre

Ip add 192.168.4.2 24

Source 60.130.132.1

Dest 60.130.130.1

Qu

Configure static routes:

Ip rout-static 192.168.2.0 24 tunnel 10

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.