In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
1. Experimental Topology
2. Basic network configuration
R1 configuration:
Interface FastEthernet0/0
Ip address 12.1.1.1 255.255.255.0
Interface FastEthernet1/0
Ip address 13.1.1.1 255.255.255.0
R2 configuration:
Interface FastEthernet0/0
Ip address 12.1.1.2 255.255.255.0
Interface FastEthernet1/0
Ip address 172.16.1.254 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 12.1.1.1
R3 configuration:
Interface FastEthernet0/0
Ip address 13.1.1.3 255.255.255.0
Interface FastEthernet1/0
Ip address 192.168.1.254 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 13.1.1.1
R4 configuration:
Interface FastEthernet0/0
Ip address 172.16.1.1 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 172.16.1.254
R5 configuration:
Interface FastEthernet0/0
Ip address 192.168.1.1 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 192.168.1.254
3. Configure Static P2P GRE over IPsec
3.1.Configuring GRE
R2 configuration:
Interface Tunnel2
Ip address 1.1.1.1 255.255.255.0
Tunnel source 12.1.1.2
Tunnel destination 13.1.1.3
R3 configuration:
Interface Tunnel3
Ip address 1.1.1.2 255.255.255.0
Tunnel source 13.1.1.3
Tunnel destination 12.1.1.2
3.2. configure LAN-TO-LAN × × (at this time, the ACL is different from the ordinary LAN-TO-LAN × ×)
R2 configuration:
Crypto isakmp policy 1
Encr 3des
Authentication pre-share
Group 2
Crypto isakmp key cisco123 address 13.1.1.3
Crypto ipsec transform-set ccie esp-3des esp-sha-hmac
Access-list 100 permit gre host 12.1.1.2 host 13.1.1.3
Crypto map mymap 1 ipsec-isakmp
Set peer 13.1.1.3
Set transform-set ccie
Match address 100
Interface FastEthernet0/0
Crypto map mymap
R3 configuration:
Crypto isakmp policy 1
Encr 3des
Authentication pre-share
Group 2
Crypto isakmp key cisco123 address 12.1.1.2
Crypto ipsec transform-set ccie esp-3des esp-sha-hmac
Access-list 100 permit gre host 13.1.1.3 host 12.1.1.2
Crypto map mymap 1 ipsec-isakmp
Set peer 12.1.1.2
Set transform-set ccie
Match address 100
Interface FastEthernet0/0
Crypto map mymap
3.3. Configure a dynamic routing protocol (in this case, all VPC traffic goes through tunnels. )
R2 configuration:
Router ospf 1
Network 1.1.1.0 0.0.0.255 area 0
Network 172.16.1.0 0.0.0.255 area 0
R3 configuration:
Router ospf 1
Network 1.1.1.0 0.0.0.255 area 0
Network 192.168.1.0 0.0.0.255 area 0
4. The influence of NAT on Static P2P GRE over IPsec
From the above, we can see that the intranet traffic goes through the GRE tunnel, so when NAT is applied in the physical port, it has no effect on Static P2P GRE over IPsec. However, when NAT is applied in Tunel port, the intranet segment must be excluded.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
