综合实验DM***+EZ***+Eigrp&OSPF+路由重发布-白红宇

综合实验DM***+EZ***+Eigrp&OSPF+路由重发布

阅读量：6860 次

发布时间：2019-06-26

本文共 6867 字，大约阅读时间需要 22 分钟。

互联基本配置

!Internet:

conf t

int f0/0

ip add 100.1.1.1 255.255.255.0

no shut

exit

int f1/0

ip add 210.1.1.1 255.255.255.0

no shut

exit

int f1/1

ip add 200.1.1.1 255.255.255.0

no shut

exit

!Beijing-Center:

Route#

conf t

int f0/0

ip add 100.1.1.2 255.255.255.0

ip nat outside

no shut

exit

int f1/0

ip add 10.0.2.5 255.255.255.0

ip nat inside

no shut

exit

int f1/1

ip add 10.1.1.49 255.255.255.252

no shut

exit

ip route 0.0.0.0 0.0.0.0 100.1.1.1

ip route 172.16.0.0 255.255.0.0 10.0.2.6

ip access-list extended internet

10 per ip 172.16.0.0 0.0.255.255 any

exit

Naton-Core#

conf t

int f0/0

ip add 10.0.2.6 255.255.255.0

no shut

exit

ip routing

ip route 0.0.0.0 0.0.0.0 10.0.2.5

exit

vlan data

vlan 10

vlan 20

exit

PC2:

ip 172.16.2.230/24 172.18.2.1

!Shanghai分部：

conf t

int f0/0

ip add 210.1.1.2 255.255.255.0

ip nat outside

no shut

exit

int f1/0

ip add 10.1.2.5 255.255.255.0

ip nat inside

no shut

exit

int f1/1

ip add 10.1.1.50 255.255.255.252

no shut

exit

ip route 0.0.0.0 0.0.0.0 210.1.1.1

ip route 172.18.0.0 255.255.0.0 10.1.2.6

ip nat inside source list internet int f0/0 overload

ip access-list extended internet

10 per ip 172.18.0.0 0.0.255.255 any

exit

Core#

conf t

int f0/0

ip add 10.1.2.6 255.255.255.0

no shut

exit

ip routing

ip route 0.0.0.0 0.0.0.0 10.1.2.5

exit

vlan data

vlan 10

vlan 20

exit

conf t

int vlan 20

ip add 172.18.2.1 255.255.255.0

no shut

exit

int vlan 1

ip add 10.1.2.193 255.255.255.0

exit

int f1/15

switchport mode access

switchport access vlan 20

exit

PC2:

ip 172.18.2.230/24 172.18.2.1

!======BeiJing-center=============EZ×××部分===================================

username cisco password 0 cisco

aaa new-model

!--- Xauth is configured for local authentication.

aaa authentication login userauthen local

aaa authorization network naton local

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for Easy ××× Clients.

crypto isakmp policy 20

hash md5

authentication pre-share

group 2

exit

!--- ××× Client configuration for group "naton"

!--- (this name is configured in the ××× Client).

crypto isakmp client configuration group naton

key naton

dns 1.1.11.10 1.1.11.11

wins 1.1.11.12 1.1.11.13

domain cisco.com

pool natonpool

exit

!--- Profile for ××× Client connections, matches the

!--- "hw-client-group" group and defines the XAuth properties.

crypto isakmp profile ×××client

match identity group naton

client authentication list userauthen

isakmp authorization list naton

client configuration address respond

exit

!--- Create the Phase 2 policy for actual data encryption.

crypto ipsec transform-set strong esp-3des esp-md5-hmac

mode transport

exit

!--- This dynamic crypto map references the ISAKMP

!--- Profile ××× Client above.

!--- Reverse route injection is used to provide the

!--- DM××× networks access to any Easy ××× Client networks.

crypto dynamic-map dynmap 10

set transform-set strong

set isakmp-profile ×××client

reverse-route

exit

!--- Crypto map only references the dynamic crypto map above.

crypto map dynmap 1 ipsec-isakmp dynamic dynmap

interface FastEthernet0/0

crypto map dynmap

exit

ip local pool natonpool 1.1.11.60 1.1.11.80

!=====BeiJing-center============DM×××部分=============================

!--- Keyring that defines the wildcard pre-shared key.

crypto keyring dm***spokes

pre-shared-key address 0.0.0.0 0.0.0.0 key naton123

exit

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DM××× spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

!--- Profile for LAN-to-LAN connection, references

!--- the wildcard pre-shared key and a wildcard

!--- identity (this is what is broken in

!--- Cisco bug ID CSCea77140)

!--- and no XAuth.

crypto isakmp profile DM×××

keyring dm***spokes

match identity address 0.0.0.0

exit

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

set isakmp-profile DM×××

exit

!--- Create a GRE tunnel template which is applied to

!--- all the dynamically created GRE tunnels.

router eigrp 10

network 10.0.0.0 0.0.0.255

network 10.0.2.0 0.0.0.7

network 10.0.2.192 0.0.0.63

no auto-summary

redistribute ospf 1 metric 1000 100 255 1 1500

interface Tunnel0

ip address 10.0.0.1 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip nhrp holdtime 300

no ip split-horizon eigrp 10

no ip next-hop-self eigrp 10

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

exit

=====ShangHai============DM×××部分=============================

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DM××× spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

crypto isakmp key naton123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

exit

router eigrp 10

network 10.0.0.0 0.0.0.255

network 10.1.2.0 0.0.0.7

network 10.1.2.192 0.0.0.63

no auto-summary

interface Tunnel0

ip address 10.0.0.2 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map 10.0.0.1 100.1.1.2

ip nhrp map multicast 100.1.1.2

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

=====ShenZhen============DM×××部分=============================

!--- Create an ISAKMP policy for Phase 1 negotiations.

!--- This policy is for DM××× spokes.

crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

exit

crypto isakmp key naton123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set naton-dm esp-3des esp-sha-hmac

mode transport

exit

!--- Create an IPsec profile to be applied dynamically to the

!--- generic routing encapsulation (GRE) over IPsec tunnels.

crypto ipsec profile naton-dm-ips

set security-association lifetime seconds 120

set transform-set naton-dm

exit

router eigrp 10

network 3.3.3.0 0.0.0.255

network 10.0.0.0 0.0.0.255

no auto-summary

interface Tunnel0

ip address 10.0.0.3 255.255.255.0

no ip redirects

ip mtu 1440

ip nhrp authentication naton123

ip nhrp map 10.0.0.1 100.1.1.2

ip nhrp map multicast 100.1.1.2

ip nhrp network-id 1

ip nhrp holdtime 300

ip nhrp nhs 10.0.0.1

tunnel source FastEthernet0/0

tunnel mode gre multipoint

tunnel key 0

tunnel protection ipsec profile naton-dm-ips

转载于:https://blog.51cto.com/aluna/1715822

你可能感兴趣的文章

HPE升级Integrity服务器采用最新安腾引擎

Oracle RAC Database 11.1.0.6监听故障案例

查看>>

强密码策略的最佳实践

查看>>

Gartner报告：大数据将在中国大行其道

《Clojure数据分析秘笈》——3.5节将agent和STM结合使用

查看>>

《DBA修炼之道：数据库管理员的第一本书》——1.15节回顾

《深入理解Spark:核心思想与源码分析》——3.13节创建DAGSchedulerSource和BlockManagerSource...

查看>>

《Adobe Photoshop CS5中文版经典教程（全彩版）》—第1课1.7节检查更新

查看>>

《微课实战：Camtasia Studio入门精要》——2.3　录制屏幕

查看>>

码云周一见 | 老司机教你如何麻溜地搭建网站