GRE实验:
路由器CQ与路由器SH之间通过ISP相连。运行IP协议的私有网络的两个子网CQ和SH,通过在两台路由器之间使用GRE over ipsec VPN建立隧道实现私网互联。
拓扑图如图所示:
路由器AR3的配置命令:
system-view
sysname ISP
interface g0/0/0
ip address 6.6.6.2 29
interface g0/0/1
ip address 16.16.16.2 29
interface loopback 100
ip address 99.99.99.99 32
路由器CQ配置命令:
system-view
sysname CQ
interface g0/0/0
ip address 6.6.6.1 29
interface g0/0/2
ip address 192.168.6.1 24
ip route-static 0.0.0.0 0.0.0.0 6.6.6.2
interface tunnel0/0/1
ip address 10.10.10.1 30
tunnel-protocol gre
source 6.6.6.1
destination 16.16.16.1
ip route-static 192.168.16.0 255.255.255.0 tunnel0/0/1
acl 2000
rule 5 permit source any
interface g0/0/0
nat outbound 2000
rip
version 2
network 10.0.0.0
network 192.168.6.0
ospf
area 0
network 10.10.10.0 0.0.0.3
network 192.168.6.0 0.0.0.255
ipsec proposal lance-proposal
esp authentication-algorithm sha1
ike peer lance-peer v2
pre-shared-key cipher lucy
ipsec profile lance
ike-peer lance-peer
proposal lance-proposal
interface g0/0/2
ip address 192.168.6.1 255.255.255.0
interface g0/0/0
ip address 6.6.6.1 255.255.255.0
路由器SH的配置命令:
system-view
sysname SH
interface g0/0/1
ip address 16.16.16.1 29
interface g0/0/2
ip address 192.168.16.1 24
ip route-static 0.0.0.0 0.0.0.0 16.16.16.2
interface tunnel0/0/1
ip address 10.10.10.1 30
tunnel-protocol gre
source 16.16.16.1
destination 6.6.6.1
ip route-static 192.168.6.0 255.255.255.0 tunnel0/0/1
acl 2000
rule 5 permit source any
interface g0/0/1
nat outbound 2000
rip
version 2
network 10.0.0.0
network 192.168.16.0
ospf
area 0
network 10.10.10.0 0.0.0.3
network 192.168.16.0 0.0.0.255
ipsec proposal lance-proposal
esp authentication-algorithm sha1
ike peer lance-peer v2
pre-shared-key cipher lucy
ipsec profile lance
ike-peer lance-peer
proposal lance-proposal
interface g0/0/2
ip address 192.168.16.1 255.255.255.0
interface g0/0/0
ip address 16.16.16.1 255.255.255.0
菜菜的代码,希望能够帮助到你哟!