目標:172.16.1.0/24和192.168.1.0網段可以互相訪問
R1:
interface FastEthernet0/0
ip address 202.100.1.10 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 202.100.2.10 255.255.255.0
duplex auto
speed auto
R2:
crypto isakmp policy 10 定義ipsec 策略
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 202.100.2.1 共享密鑰
crypto ipsec transform-set tif ah-md5-hmac esp-3des
mode transport
crypto ipsec profile tif***
set transform-set tif
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Tunnel100
ip address 123.1.1.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 202.100.2.1
tunnel protection ipsec profile fit***
!
interface FastEthernet0/0
ip address 202.100.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
duplex auto
speed auto
!
router ospf 110
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.0 0.0.0.255 area 0
network 123.1.1.0 0.0.0.255 area 0
network 192.168.1.254 0.0.0.0 area 0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 202.100.1.10
R3:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 202.100.1.1
crypto ipsec transform-set tif ah-md5-hmac esp-3des
mode transport
crypto ipsec profile tif***
set transform-set tif
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface Tunnel100
ip address 123.1.1.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 202.100.1.1
tunnel protection ipsec profile tif***
interface FastEthernet0/0
ip address 202.100.2.1 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 172.16.1.254 255.255.255.0
duplex auto
speed auto
router ospf 110
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.0 0.0.0.255 area 0
network 123.1.1.0 0.0.0.255 area 0
network 172.16.1.254 0.0.0.0 area 0
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 202.100.2.10