動態多點虛擬專用網絡項目實踐
實驗拓撲
實驗步驟
1、根據拓撲配置 IP 地址;
2、R1/2/3 配置默認路由到 R4,配置環回接口地址模擬內網主機;
ip route 0.0.0.0 0.0.0.0 下一跳接口
3、R1/R2/R3_ 上建立多點 GER tunnel <通過MGRE實現>;
interface tunnel 0
ip address 172.16.1.1 255.255.255.0
ip mtu 1436
tunnel source 100.1.14.1
tunnel mode gre multipoint
tunnel key 12345
4、通過 GER tunnel 實現邏輯通信 <通過 NHRP 實現>;
R1:
interface tunnel 0
ip nhrp network-id 100
ip nhrp map multicast dynamic
R2/R3:
interface tunnel 0
ip nhrp network-id 100
ip nhrp nhs 172.16.1.1
ip nhrp map 172.16.1.1 100.1.14.1
ip nhrp map multicast 100.1.14.1
5、配置使分支與總部之間的 LAN 可以互相通信 <通過動態路由協議實現>;
router ospf 100
router-id 2.2.2.2
network 172.16.1.0 0.0.0.255 area 0
network 100.1.24.0 0.0.0.255 area 0
network 2.2.2.2 0.0.0.0 area 0
interface tunnel 0
ip ospf network broadcast
ip ospf priority 0
router ospf 100
router-id 3.3.3.3
network 172.16.1.0 0.0.0.255 area 0
network 100.1.34.0 0.0.0.255 area 0
network 3.3.3.3 0.0.0.0 area 0
interface tunnel 0
ip ospf network broadcast
ip ospf priority 0
router ospf 100
router-id 1.1.1.1
network 172.16.1.0 0.0.0.255 area 0
network 100.1.14.0 0.0.0.255 area 0
network 1.1.1.1 0.0.0.0 area 0
interface tunnel 0
ip ospf network broadcast
6、配置使分支與總部之間的通信數據加密 <通過IPSEC來實現>。
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0
crypto ipsec transform-set dmtrans esp-3des esp-sha-hmac
mode transport
crypto ipsec profile dmpro
set transform-set dmtrans
interface tunnel 0
tunnel protection ipsec profile dmpro