一、GRE实验
system-view
sysname R1
interface GigabitEthernet 0/0/1
ip address 192.168.10.1 24
interface g 0/0/0
ip address 100.100.100.1 24
ip route-static 192.168.80.0 24 100.100.100.2
GRE
int tunnel 0/0/0
ip add 10.1.1.1 24
tunnel-protocol gre
source 100.100.100.1
destin 100.100.100.2
dis ip int brsystem-view
sysname R2
interface GigabitEthernet0/0/1
ip address 192.168.80.1 24
interface g 0/0/0
ip address 100.100.100.2 24
ip route-static 192.168.10.0 24 100.100.100.1
GRE
int tunnel 0/0/0
ip add 10.1.1.2 24
tunnel-protocol gre
source 100.100.100.2
destin 100.100.100.1
dis ip int brR2抓包测试
ping 10.1.1.1二、GRE over IPsec实验
system-view
sysname R1
interface GigabitEthernet 0/0/1
ip address 192.168.10.1 24
interface g 0/0/0
ip address 100.100.100.1 24
ip route-static 192.168.80.0 24 100.100.100.2IPsec-VPN
1. ACL
acl 3000
rule permit ip source 192.168.10.0 0.0.0.255 destination 192.168.80.0 0.0.0.255
q
2. IKE
ike proposal 10
authentication-algorithm sha1
encryption-algorithm des
q
ike peer r12 v1
ike-proposal 10
remote-address 100.100.100.2
pre-shared-key simple abcde
q
3. IPsec
ipsec proposal tran1
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm des
q
4. MAP
ipsec policy map1 10 isakmp
security acl 3000
proposal tran1
ike-peer r12
q
interface g 0/0/0
ipsec policy map1
q
display ike sa
display ipsec saGRE Over IPsec
1.
interface tunnel 0/0/1
tunnel-protocol gre
ip address 40.1.1.1 24
source 100.100.100.1
destination 100.100.100.2
q
2.
undo ip route-static 192.168.80.0 24 100.100.100.2
rip
version 2
network 40.0.0.0
network 192.168.10.0
q
3.
acl 3001
rule permit gre source 100.100.100.1 0 destination 100.100.100.2 0
quit
ipsec policy map1 20 isakmp
security acl 3001
proposal tran1
ike-peer r12
qsystem-view
sysname R2
interface GigabitEthernet0/0/1
ip address 192.168.80.1 24
interface g 0/0/0
ip address 100.100.100.2 24
ip route-static 192.168.10.0 24 100.100.100.1IPsec-VPN
1. ACL
acl 3000
rule permit ip source 192.168.80.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
q
2. IKE
ike proposal 10
authentication-algorithm sha1
encryption-algorithm des
q
ike peer r21 v1
ike-proposal 10
remote-address 100.100.100.1
pre-shared-key simple abcde
q
3. IPsec
ipsec proposal tran1
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm des
q
4. MAP
ipsec policy map1 10 isakmp
security acl 3000
proposal tran1
ike-peer r21
q
interface g 0/0/0
ipsec policy map1
q
display ike sa
display ipsec saGRE Over IPsec
1.
interface tunnel 0/0/1
tunnel-protocol gre
ip address 40.1.1.2 24
source 100.100.100.2
destination 100.100.100.1
q
2.
undo ip route-static 192.168.10.0 24 100.100.100.1
rip
version 2
network 40.0.0.0
network 192.168.80.0
q
3.
acl 3001
rule permit gre source 100.100.100.2 0 destination 100.100.100.1 0
quit
ipsec policy map1 20 isakmp
security acl 3001
proposal tran1
ike-peer r21
q