Cisco GRE Tunnel

R1

int f0/0
no shut
ip add 202.80.1.1 255.255.255.0

int f0/1
no shut
ip add 192.168.0.254 255.255.255.0

int t0
ip add 10.0.0.1 255.255.255.252
tunnel source 202.80.1.1
tunnel destination 202.80.1.2
ip route 192.168.2.0 255.255.255.0 t0

R2

int f0/0
no shut
ip add 202.80.1.2 255.255.255.0

int f0/1
no shut
ip add 192.168.2.254 255.255.255.0

int t0
ip add 10.0.0.2 255.255.255.252
tunnel source 202.80.1.2
tunnel destination 202.80.1.1
ip route 192.168.0.0 255.255.255.0 t0

PC1

no ip routing

ip default-gateway 192.168.0.254

int f0/0
no shut
ip add 192.168.0.11 255.255.255.0

PC2

no ip routing

ip default-gateway 192.168.2.254

int f0/0
no shut
ip add 192.168.2.11 255.255.255.0

GRE over IPSec 加密

R1

crypto isakmp policy 10
encryption 3des
hash md5
group 5
authentication pre-share
crypto isakmp key YourKey123 address 202.80.1.2

crypto ipsec transform-set YourTunnel esp-aes 256 esp-sha256-hmac
mode transport

crypto ipsec profile YourTunnel
set transform-set YourTunnel

int t0
tunnel mode ipsec ipv4
tunnel protection ipsec profile YourTunnel

R2

crypto isakmp policy 10
encryption 3des
hash md5
group 5
authentication pre-share
crypto isakmp key YourKey123 address 202.80.1.1

crypto ipsec transform-set YourTunnel esp-aes 256 esp-sha256-hmac
mode transport

crypto ipsec profile YourTunnel
set transform-set YourTunnel

int t0
tunnel mode ipsec ipv4
tunnel protection ipsec profile YourTunnel

發佈留言

*