//基本网络接口配置▼
R1#conf t
R1(config)#inter f0/1
R1(config-if)#ip add 192.34.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#inter f0/0
R1(config-if)#ip add 1.1.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.2
//配置GRE隧道▼
R1(config)#inter tunnel 0
R1(config-if)#ip add 10.34.1.1 255.255.255.0
R1(config-if)#tunnel source f0/0
R1(config-if)#tunnel destination 2.2.2.2
R1(config-if)#tunnel key 123456
R1(config-if)#exit
//配置RIP路由协议▼
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 10.34.1.0
R1(config-router)#network 192.34.1.0
R1(config-router)#no auto-summary
R1(config-router)#exit
//配置IKE安全策略▼
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#hash sha
R1(config-isakmp)#group 2
R1(config-isakmp)#exit
//配置IKE预共享密钥▼
R1(config)#crypto isakmp key 0 abc123 address 2.2.2.2
//配置IPSec转换集,使用ESP协议,3DES算法和SHA-1散列算法,工作模式为传输模式▼
R1(config)#crypto ipsec transform-set 3des_sha esp-3des esp-sha-hmac
R1(cfg-crypto-trans)#mode transport
R1(cfg-crypto-trans)#exit
//配置加密访问控制列表▼
R1(config)#access-list 100 permit 47 host 1.1.1.1 host 2.2.2.2
//配置IPSec访问映射条目▼
R1(config)#crypto map to_r3 1 ipsec-isakmp
R1(config-crypto-map)#match address 100
R1(config-crypto-map)#set transform-set 3des_sha
R1(config-crypto-map)#set peer 2.2.2.2
R1(config-crypto-map)#exit
//将访问映射条目应用于f0/0接口上▼
R1(config)#inter f0/0
R1(config-if)#crypto map to_r3
R1(config-if)#exit
R2#conf t
R2(config)#inter f0/0
R2(config-if)#ip add 1.1.1.2 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#inter f0/1
R2(config-if)#ip add 2.2.2.1 255.255.255.0
R2(config-if)#no shut
R2(config-if)#exit
//基本网络接口配置▼
R3#conf t
R3(config)#inter f0/1
R3(config-if)#ip add 2.2.2.2 255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#inter f0/0
R3(config-if)#ip add 192.34.2.1 255.255.255.0
R3(config-if)#no shut
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 2.2.2.1
//配置GRE隧道▼
R3(config)#inter tunnel 0
R3(config-if)#ip add 10.34.1.2 255.255.255.0
R3(config-if)#tunnel source f0/1
R3(config-if)#tunnel destination 1.1.1.1
R3(config-if)#tunnel key 123456
R3(config-if)#exit
//配置RIP路由协议▼
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 10.34.1.0
R3(config-router)#network 192.34.2.0
R3(config-router)#no auto-summary
R3(config-router)#exit
//配置IKE安全策略▼
R3(config)#crypto isakmp policy 1
R3(config-isakmp)#encryption 3des
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#hash sha
R3(config-isakmp)#group 2
R3(config-isakmp)#exit
//配置IKE预共享密钥▼
R3(config)#crypto isakmp key 0 abc123 address 1.1.1.1
//配置IPSec转换集,使用ESP协议,3DES算法和SHA-1散列算法,工作模式为传输模式▼
R3(config)#crypto ipsec transform-set 3des_sha esp-3des esp-sha-hmac
R3(cfg-crypto-trans)#mode transport
R3(cfg-crypto-trans)#exit
//配置加密访问控制列表▼
R3(config)#access-list 100 permit 47 host 2.2.2.2 host 1.1.1.1
//配置IPSec访问映射条目▼
R3(config)#crypto map to_r1 1 ipsec-isakmp
R3(config-crypto-map)#match address 100
R3(config-crypto-map)#set transform-set 3des_sha
R3(config-crypto-map)#set peer 1.1.1.1
R3(config-crypto-map)#exit
//将访问映射条目应用于f0/1接口上▼
R3(config)#inter f0/1
R3(config-if)#crypto map to_r1
R3(config-if)#exit
查看R1的路由表。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, FastEthernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.34.1.0 is directly connected, Tunnel0
C 192.34.1.0/24 is directly connected, FastEthernet0/1
R 192.34.2.0/24 [120/1] via 10.34.1.2, 00:00:14, Tunnel0
S* 0.0.0.0/0 [1/0] via 1.1.1.2
R1#
查看R2的路由表。
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/1
R2#
查看R3的路由表。
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 2.2.2.1 to network 0.0.0.0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.34.1.0 is directly connected, Tunnel0
R 192.34.1.0/24 [120/1] via 10.34.1.1, 00:00:05, Tunnel0
C 192.34.2.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 2.2.2.1
R3#
PC1添加IP192.34.1.2,子网掩码255.255.255.0,默认网关192.34.1.1
PC2添加IP192.34.2.2,子网掩码255.255.255.0,默认网关192.34.2.1
PC1 ping PC2的结果:
PC1> ping 192.34.2.2
84 bytes from 192.34.2.2 icmp_seq=1 ttl=62 time=60.000 ms
84 bytes from 192.34.2.2 icmp_seq=2 ttl=62 time=60.000 ms
84 bytes from 192.34.2.2 icmp_seq=3 ttl=62 time=47.500 ms
84 bytes from 192.34.2.2 icmp_seq=4 ttl=62 time=55.000 ms
84 bytes from 192.34.2.2 icmp_seq=5 ttl=62 time=55.000 ms
PC1>
通信成功,GRE over IPSec VPN隧道建立成功。
