天天看點
傳回

IPsec LAN-to-LAN ×××

----------------------------------上海分公司----------------------------------

R6(config)#interface fastEthernet 0/0

R6(config-if)#ip address 172.17.10.20 255.255.255.0

R6(config-if)#no sh

R6(config)#ip route 10.1.1.0 255.255.255.0 172.17.10.10

R5(config)#interface fastEthernet 0/0

R5(config-if)#ip address 172.17.10.10 255.255.255.0

R5(config-if)#no sh

R5(config)#interface fastEthernet 0/1

R5(config-if)#ip address 10.1.1.5 255.255.255.0

R5(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

R1(config)#interface fastEthernet 0/1

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#no sh

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 12.1.1.1 255.255.255.0

R1(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0

R1(config)#ip route 172.17.10.0 255.255.255.0 10.1.1.5

R1#ping 172.17.10.20

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.17.10.20, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 284/326/380 ms

-----------------------------------Internet-----------------------------------

R2(config)#interface fastEthernet 0/0

R2(config-if)#ip address 12.1.1.2 255.255.255.0

R2(config-if)#no sh

R2(config)#interface fastEthernet 0/1

R2(config-if)#ip address 23.1.1.2 255.255.255.0

R3(config)#interface fastEthernet 0/1

R3(config-if)#ip address 23.1.1.3 255.255.255.0

R3(config-if)#no sh

R3(config)#interface fastEthernet 0/0

R3(config-if)#ip address 192.168.1.3 255.255.255.0

R3(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/1

R3(config)#ip route 192.168.20.0 255.255.255.0 192.168.1.4

R3#ping 12.1.1.1

Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:

Success rate is 100 percent (5/5), round-trip min/avg/max = 348/384/424 ms

R3#ping 10.1.1.5

Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

-----------------------------------北京總部-----------------------------------

R4(config)#interface fastEthernet 0/0

R4(config-if)#ip address 192.168.1.4 255.255.255.0

R4(config-if)#no sh

R4(config)#interface fastEthernet 0/1

R4(config-if)#ip address 192.168.20.10 255.255.255.0

R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.3

R7(config)#interface fastEthernet 0/1

R7(config-if)#ip address 192.168.20.20 255.255.255.0

R7(config-if)#no sh

R7(config)#ip route 192.168.1.0 255.255.255.0 192.168.20.10

R7#ping 192.168.1.3

Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:

Success rate is 100 percent (5/5), round-trip min/avg/max = 328/383/412 ms

R7#ping 12.1.1.1

------------------------------Router to Router------------------------------

R1(config)#crypto isakmp policy 1

R1(config-isakmp)#authentication pre-share

R1(config-isakmp)#encryption 3des

R1(config-isakmp)#hash sha

R1(config-isakmp)#group 2

R1(config)#crypto isakmp key 0 cisco address 23.1.1.3

R1(config)#crypto ipsec transform-set SH esp-3des esp-sha-hmac

R1(cfg-crypto-trans)#mode tunnel

R1(config)#ip access-list extended SH-TO-BJ

R1(config-ext-nacl)#permit ip 172.17.10.0 0.0.0.255 192.168.20.0 0.0.0.255

R1(config)#crypto map SH_BJ 1 ipsec-isakmp

R1(config-crypto-map)#set peer 23.1.1.3

R1(config-crypto-map)#set transform-set SH

R1(config-crypto-map)#match address SH-TO-BJ

R1(config-if)#crypto map SH_BJ

R6(config)#ip route 192.168.20.0 255.255.255.0 172.17.10.10

R3(config)#crypto isakmp policy 1

R3(config-isakmp)#authentication pre-share

R3(config-isakmp)#encryption 3des

R3(config-isakmp)#hash sha

R3(config-isakmp)#group 2

R3(config)#crypto isakmp key 0 cisco address 12.1.1.1

R3(config)#crypto ipsec transform-set BJ esp-3des esp-sha-hmac

R3(cfg-crypto-trans)#mode tunnel

R3(config)#ip access-list extended BJ-TO-SH

R3(config-ext-nacl)#permit ip 192.168.20.0 0.0.0.255 172.17.10.0 0.0.0.255

R3(config)#crypto map BJ_SH 1 ipsec-isakmp

R3(config-crypto-map)#set peer 12.1.1.1

R3(config-crypto-map)#set transform-set BJ

R3(config-crypto-map)#match address BJ-TO-SH

R3(config-if)#crypto map BJ_SH

R7(config)#ip route 172.17.10.0 255.255.255.0 192.168.20.10

R7#ping 172.17.10.20

Success rate is 100 percent (5/5), round-trip min/avg/max = 808/1164/1448 ms

R7#traceroute 172.17.10.20

Tracing the route to 172.17.10.20

1 192.168.20.10 272 msec 220 msec 276 msec

2 192.168.1.3 404 msec 292 msec 388 msec

3 * * *

4 172.17.10.20 1568 msec 1264 msec 1224 msec

vpn IPsec
上一篇: ECS使用感受
下一篇: 影響搜尋排名的使用者行為

繼續閱讀