GRE Over EzVPN技术能够实现双动态地址,并且可以支持动态路由选择协议
实验拓扑:
实验步骤: 1. 首先配置EzVPN: EzVPN Server: R4(config)#crypto isakmp policy 10 R4(config-isakmp)#authentication pre-share R4(config-isakmp)#encryption 3des R4(config-isakmp)#group 2 R4(config-isakmp)#hash md5 R4(config-isakmp)#ex R4(config)# R4(config)#crypto isakmp client configuration group ipsecgroup R4(config-isakmp-group)#key cisco R4(config-isakmp-group)#ex R4(config)# R4(config)#aaa new-model R4(config)#aaa authentication login noacs none R4(config)#line con 0 R4(config-line)#login authentication noacs R4(config-line)#exit R4(config)#line aux 0 R4(config-line)#login authentication noacs R4(config-line)#exit R4(config)# R4(config)#aaa authentication login remote local R4(config)#username ipsecuser password cisco R4(config)#aaa authorization network remote local R4(config)#ip local pool pool 192.168.45.100 192.168.45.200 R4(config)#ip access-list extended acl R4(config-ext-nacl)#permit ip host 4.4.4.4 any R4(config-ext-nacl)#ex R4(config)#crypto isakmp client configuration group ipsecgroup R4(config-isakmp-group)#pool pool R4(config-isakmp-group)#save-password R4(config-isakmp-group)#acl acl R4(config-isakmp-group)#ex R4(config)#crypto isakmp profile pro % A profile is deemed incomplete until it has match identity statements R4(conf-isa-prof)#match identity group ipsecgroup R4(conf-isa-prof)#client config address respond R4(conf-isa-prof)#client authentication list remote R4(conf-isa-prof)#isakmp authorization list remote R4(conf-isa-prof)#ex R4(config)# R4(config)#crypto ipsec transform-set cisco esp-des esp-md5-hmac R4(cfg-crypto-trans)#ex R4(config)#crypto dynamic dy-cisco 10 R4(config-crypto-map)#set transform-set cisco R4(config-crypto-map)#set isakmp-profile pro R4(config-crypto-map)#reverse-route R4(config-crypto-map)#ex R4(config)#crypto map cisco 10 ipsec-isakmp dynamic dy-cisco R4(config)# R4(config)#interface serial 1/0 R4(config-if)#crypto map cisco R4(config-if)#ex *Mar 1 00:10:43.719: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R4(config-if)#ex R4(config)# EzVPN Client: R2(config)#crypto ipsec client ezvpn ezvpn R2(config-crypto-ezvpn)#peer 34.1.1.4 //EzVPN的最大特点就是不仅可以配置IP地址,还可以配置域名,中心可以使用动态域名技术,客户端动态获取IP地址,并且通过Peer指定中心的动态域名实现中心和分支节点地址的双动态; R2(config-crypto-ezvpn)#connect auto //EzVPN的自动连接也是一个重要的特点,不需要感兴趣流的触发,只需要设备开机或者有互联网连接即可发起VPN连接; R2(config-crypto-ezvpn)#group ipsecgroup key cisco R2(config-crypto-ezvpn)#username ipsecuser password cisco R2(config-crypto-ezvpn)#mode network-extension R2(config-crypto-ezvpn)#ex R2(config)# R2(config)#int loopback 0 R2(config-if)#crypto ipsec client ezvpn ezvpn inside R2(config-if)#ex R2(config)#int s 1/1 R2(config-if)#crypto ipsec client ezvpn ezvpn outside R2(config-if)#ex 2. 配置GRE 隧道 EzVPN Server: R4(config)#interface tunnel 0 R4(config-if)#ip add 24.1.1.4 255.255.255.0 R4(config-if)#tunnel source 4.4.4.4 R4(config-if)#tunnel destination 2.2.2.2 R4(config-if)#ex R4(config)# EzVPN Client: R2(config)#interface tunnel 0 R2(config-if)#ip address 24.1.1.2 255.255.255.0 R2(config-if)#tunnel source 2.2.2.2 R2(config-if)#tunnel destination 4.4.4.4 R2(config-if)#exit 3. 配置动态路由协议: R1: R1(config)#router ospf 1 R1(config-router)#router-id 1.1.1.1 R1(config-router)#network 192.168.12.1 0.0.0.0 area 0 R1(config-router)#ex R1(config)# R2: R2(config)#router ospf 1 R2(config-router)#router-id 2.2.2.2 R2(config-router)#network 192.168.12.2 0.0.0.0 area 0 R2(config-router)#network 24.1.1.2 0.0.0.0 area 0 R2(config-router)#ex R2(config)# R4: R4(config)#router ospf 1 R4(config-router)#router-id 4.4.4.4 R4(config-router)#network 192.168.45.4 0.0.0.0 area 0 R4(config-router)#network 24.1.1.4 0.0.0.0 area 0 R4(config-router)#exit R5: R5(config)#router ospf 1 R5(config-router)#router-id 5.5.5.5 R5(config-router)#network 192.168.45.5 0.0.0.0 area 0 R5(config-router)#ex 4. 测试 R5(config)#do ping 192.168.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/76/120 ms
 该贴已经同步到 songjiaqi的微博 | 
|熊猫同学技术论坛|小黑屋|
网络工程师论坛
( 沪ICP备09076391 )
发表于 2013-5-19 20:07:19
提升卡
置顶卡
变色卡
显身卡
感谢LZ分享~!