實驗拓撲圖:
![]
實驗目的:
武漢分公司和哈爾濱總部通過ipsec v p n 建立連接,實現兩邊內網互相訪問。
主要記錄ipsec的配置。
預先配置好模擬環境,武漢和哈爾濱的pc可以正常去訪問公網,也就是這個區域的網絡
武漢出口路由配置:
<wuhan-r>dis ip rout | in Sta
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 222.73.1.1 GigabitEthernet0/0/0
192.168.0.0/16 Static 60 0 RD 1.1.1.2 GigabitEthernet0/0/1
<wuhan-r>
哈爾濱出口路由配置:
<wuhan-r>dis ip rout | in Sta
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 222.73.1.1 GigabitEthernet0/0/0
192.168.0.0/16 Static 60 0 RD 1.1.1.2 GigabitEthernet0/0/1
<wuhan-r>
武漢nat配置:
<wuhan-r>dis acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 10 permit source 192.168.0.0 0.0.255.255
<wuhan-r>dis nat ou
<wuhan-r>dis nat outbound
NAT Outbound Information:
-------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
-------------------------------------------------------------------------
GigabitEthernet0/0/0 2000 222.73.1.2 easyip
-------------------------------------------------------------------------
Total : 1
<wuhan-r>
哈爾濱nat配置:
<haerb-r>dis acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 10 permit source 172.16.0.0 0.0.255.255
<haerb-r>dis nat out
<haerb-r>dis nat outbound
NAT Outbound Information:
--------------------------------------------------------------------------
Interface Acl Address-group/IP/Interface Type
--------------------------------------------------------------------------
GigabitEthernet0/0/0 2000 180.73.2.2 easyip
--------------------------------------------------------------------------
Total : 1
<haerb-r>
二層配置不做介紹。
現在武漢和哈爾濱內部pc可以正常上網。但是武漢和哈爾濱pc不能相互訪問,這個時候配置ipsec v pn實現武漢和哈爾濱能內網能相互訪問。
配置 待更新