IPsec LAN-to-LAN ×××

原創 卍僞裝卍 2019-07-19 14:15

235109725.jpg


----------------------------------上海分公司----------------------------------


R6(config)#interface fastEthernet 0/0

R6(config-if)#ip address 172.17.10.20 255.255.255.0

R6(config-if)#no sh


R6(config)#ip route 10.1.1.0 255.255.255.0 172.17.10.10




R5(config)#interface fastEthernet 0/0

R5(config-if)#ip address 172.17.10.10 255.255.255.0

R5(config-if)#no sh


R5(config)#interface fastEthernet 0/1

R5(config-if)#ip address 10.1.1.5 255.255.255.0

R5(config-if)#no sh


R5(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1




R1(config)#interface fastEthernet 0/1

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#no sh


R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 12.1.1.1 255.255.255.0

R1(config-if)#no sh


R1(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0

R1(config)#ip route 172.17.10.0 255.255.255.0 10.1.1.5




R1#ping 172.17.10.20


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.17.10.20, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 284/326/380 ms




-----------------------------------Internet-----------------------------------


R2(config)#interface fastEthernet 0/0

R2(config-if)#ip address 12.1.1.2 255.255.255.0

R2(config-if)#no sh


R2(config)#interface fastEthernet 0/1

R2(config-if)#ip address 23.1.1.2 255.255.255.0

R2(config-if)#no sh




R3(config)#interface fastEthernet 0/1

R3(config-if)#ip address 23.1.1.3 255.255.255.0

R3(config-if)#no sh


R3(config)#interface fastEthernet 0/0

R3(config-if)#ip address 192.168.1.3 255.255.255.0

R3(config-if)#no sh


R3(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/1

R3(config)#ip route 192.168.20.0 255.255.255.0 192.168.1.4




R3#ping 12.1.1.1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 348/384/424 ms


R3#ping 10.1.1.5


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)




-----------------------------------北京總部-----------------------------------


R4(config)#interface fastEthernet 0/0

R4(config-if)#ip address 192.168.1.4 255.255.255.0

R4(config-if)#no sh


R4(config)#interface fastEthernet 0/1

R4(config-if)#ip address 192.168.20.10 255.255.255.0

R4(config-if)#no sh


R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.3




R7(config)#interface fastEthernet 0/1

R7(config-if)#ip address 192.168.20.20 255.255.255.0

R7(config-if)#no sh


R7(config)#ip route 192.168.1.0 255.255.255.0 192.168.20.10




R7#ping 192.168.1.3


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 328/383/412 ms


R7#ping 12.1.1.1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)




------------------------------Router to Router------------------------------


R1(config)#crypto isakmp policy 1

R1(config-isakmp)#authentication pre-share

R1(config-isakmp)#encryption 3des

R1(config-isakmp)#hash sha

R1(config-isakmp)#group 2


R1(config)#crypto isakmp key 0 cisco address 23.1.1.3

R1(config)#crypto ipsec transform-set SH esp-3des esp-sha-hmac

R1(cfg-crypto-trans)#mode tunnel


R1(config)#ip access-list extended SH-TO-BJ

R1(config-ext-nacl)#permit ip 172.17.10.0 0.0.0.255 192.168.20.0 0.0.0.255


R1(config)#crypto map SH_BJ 1 ipsec-isakmp

R1(config-crypto-map)#set peer 23.1.1.3

R1(config-crypto-map)#set transform-set SH

R1(config-crypto-map)#match address SH-TO-BJ


R1(config)#interface fastEthernet 0/0

R1(config-if)#crypto map SH_BJ




R6(config)#ip route 192.168.20.0 255.255.255.0 172.17.10.10




R3(config)#crypto isakmp policy 1

R3(config-isakmp)#authentication pre-share

R3(config-isakmp)#encryption 3des

R3(config-isakmp)#hash sha

R3(config-isakmp)#group 2


R3(config)#crypto isakmp key 0 cisco address 12.1.1.1

R3(config)#crypto ipsec transform-set BJ esp-3des esp-sha-hmac

R3(cfg-crypto-trans)#mode tunnel


R3(config)#ip access-list extended BJ-TO-SH

R3(config-ext-nacl)#permit ip 192.168.20.0 0.0.0.255 172.17.10.0 0.0.0.255


R3(config)#crypto map BJ_SH 1 ipsec-isakmp

R3(config-crypto-map)#set peer 12.1.1.1

R3(config-crypto-map)#set transform-set BJ

R3(config-crypto-map)#match address BJ-TO-SH


R3(config)#interface fastEthernet 0/1

R3(config-if)#crypto map BJ_SH




R7(config)#ip route 172.17.10.0 255.255.255.0 192.168.20.10




R7#ping 172.17.10.20


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.17.10.20, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 808/1164/1448 ms


R7#traceroute 172.17.10.20


Type escape sequence to abort.

Tracing the route to 172.17.10.20


1 192.168.20.10 272 msec 220 msec 276 msec

2 192.168.1.3 404 msec 292 msec 388 msec

3 * * *

4 172.17.10.20 1568 msec 1264 msec 1224 msec





發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

IPsec ××× 工作中感受

webmaster@wk 2020-06-02 17:07:52

ASA 5550 ××× 配置(二之一)

zhujian2233 2020-05-31 22:36:07

如何顯示不全手機號,以及郵箱的方法

簡單粗暴上代碼 data() { return { account: "13123456789", } }, mounted() { this.substr(this.account) }, substr(ac

remip 2020-06-07 23:09:25

解決Cisco ××× Client Reason 442: Failed to Enable Virtual Adapter

withacker 2020-06-01 03:47:28

安全“高手”幫你把***殺個片甲不留

蕭湘月 2020-06-01 03:27:46

某網貸平臺遭受***

huakai201 2020-06-01 02:01:24

5路由器組成的幀模式MPLS及MPLS ×××實驗(含3660支持MPLS的IOS)

非常菜 2020-06-01 01:58:11

迅博工控級3G ×××網關簡介

xunbonet 2020-06-01 01:11:19

QQ***之詳細講解QQ×××術

z956655636 2020-06-01 00:07:07

在WINDOWS 2003 下建立×××服務器

技術成就未來 2020-05-31 23:16:09

opensuse下pptpd ××× 一鍵安裝腳本

sucre800 2020-05-31 23:08:43

×××的配置

ji191359129 2020-05-31 22:21:19

×××的配置擴展

ji191359129 2020-05-31 22:21:19

IPsec 3 IP安全 P123

aiworenyanzhousuanfa 2020-07-08 06:53:07

IPsec ×××筆記

rsnote 2020-06-02 15:56:27