R1和R2之間運行OSPF
R4和R5之間運行OSPF
R2,R3和R4之間運行EIGRP
初始配置(略)
R2:
int tunnel 0
ip add 24.24.24.2 255.255.255.0
tunnel source e0/1
tunnel destination 34.34.34.4
tunnel mode gre ip
router ospf 12
net 24.24.24.2 0.0.0.0 a 0
int tunnel 0
ip add 24.24.24.4 255.255.255.0
tunnel source e0/0
tunnel destination 23.23.23.2
tunnel mode gre ip
router ospf 45
net 24.24.24.4 0.0.0.0 a 0
校驗:
*Mar 1 01:15:41.935: %OSPF-5-ADJCHG: Process 12, Nbr 4.4.4.4 on Tunnel0 from LOADING to FULL, Loading Done
*Mar 1 01:15:42.143: %OSPF-5-ADJCHG: Process 45, Nbr 2.2.2.2 on Tunnel0 from LOADING to FULL, Loading Done
R2
感興趣數據流:
access-list 100 per ip host 23.23.23.2 host 34.34.34.4
配置ISAKMP
cry isa policy 10
encry 3
authentic pre-share
group 2
hash sha
cry isa key 0 cisco address 34.34.34.4
cry ips transform-set GRE esp-3des esp-sha-hmac
crypto map ××× 10 ipsec-isakmp
set peer 34.34.34.4
set transform-set GRE
match address 100
int e0/1
cry map ×××
感興趣數據流:
access-list 100 per ip host 34.34.34.4 host 23.23.23.2
配置ISAKMP
cry isa policy 10
encry 3
authentic pre-share
group 2
hash sha
cry isa key 0 cisco address 23.23.23.2
cry ips transform-set GRE esp-3des esp-sha-hmac
crypto map ××× 10 ipsec-isakmp
set peer 23.23.23.2
set transform-set GRE
match address 100
int e0/0
cry map ×××
r2#sh cry isa sa
dst src state conn-id slot status
34.34.34.4 23.23.23.2 QM_IDLE 1 0 ACTIVE
r2#sh ip access-list 100
Extended IP access list 100
10 permit ip host 23.23.23.2 host 34.34.34.4 (759 matches)
dst src state conn-id slot status
34.34.34.4 23.23.23.2 QM_IDLE 1 0 ACTIVE
r4#sh ip access-list 100
Extended IP access list 100
10 permit ip host 34.34.34.4 host 23.23.23.2 (764 matches)
R2
感興趣數據流:
access-list 100 per ip host 1.1.1.1 host 5.5.5.5
配置ISAKMP
cry isa policy 10
encry 3
authentic pre-share
group 2
hash sha
cry isa key 0 cisco address 34.34.34.4
cry ips transform-set GRE esp-3des esp-sha-hmac
crypto map ××× 10 ipsec-isakmp
set peer 34.34.34.4
set transform-set GRE
match address 100
int tunnel 0
cry map ×××
感興趣數據流:
access-list 100 per ip host 5.5.5.5 host 1.1.1.1
配置ISAKMP
cry isa policy 10
encry 3
authentic pre-share
group 2
hash sha
cry isa key 0 cisco address 23.23.23.2
cry ips transform-set GRE esp-3des esp-sha-hmac
crypto map ××× 10 ipsec-isakmp
set peer 23.23.23.2
set transform-set GRE
match address 100
int tunnel 0
cry map ×××