0216网络应用

原创

810105851 2013-02-17 00:36:31 博主文章分类：路由交换 ©著作权

文章标签 综合实验 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者810105851的原创作品，请联系作者获取转载授权，否则将追究法律责任

拓扑图：

配置效果：

r1#sh ip rou R1-R2,R3_ipsec vpn效果，重发布RIP效果

10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks

O IA 10.0.8.0/24 [110/65] via 10.0.0.18, 00:17:50, Serial0/0

O E1 10.0.9.0/24 [110/264] via 10.0.0.19, 00:17:40, Serial0/0

O E1 10.0.0.12/30 [110/264] via 10.0.0.19, 00:17:40, Serial0/0

O 10.0.2.0/24 [110/2] via 10.0.0.6, 00:17:50, FastEthernet1/0

O 10.0.3.0/24 [110/2] via 10.0.0.6, 00:17:50, FastEthernet1/0

O 10.0.0.0/30 [110/3] via 10.0.0.6, 00:17:50, FastEthernet1/0

O 10.0.1.0/24 [110/2] via 10.0.0.6, 00:17:50, FastEthernet1/0

O IA 10.0.7.0/24 [110/65] via 10.0.0.18, 00:17:50, Serial0/0

O 10.0.4.0/24 [110/2] via 10.0.0.6, 00:17:50, FastEthernet1/0

C 10.0.0.4/30 is directly connected, FastEthernet1/0

O 10.0.5.0/24 [110/3] via 10.0.0.6, 00:17:50, FastEthernet1/0

O 10.0.0.18/32 [110/64] via 10.0.0.18, 00:18:00, Serial0/0

O 10.0.0.19/32 [110/64] via 10.0.0.19, 00:18:01, Serial0/0

C 10.0.0.16/29 is directly connected, Serial0/0

O*E2 0.0.0.0/0 [110/1] via 10.0.0.6, 00:17:41, FastEthernet1/0

r1#sh cry is sa

dst src state conn-id slot

10.0.0.17 10.0.0.19 QM_IDLE 1 0

10.0.0.17 10.0.0.18 QM_IDLE 2 0

r1#sh ip os ne

Neighbor ID Pri State Dead Time Address Interface

5.5.5.5 0 FULL/ - - 10.0.0.18 OSPF_VL1---->一定要配置虚链路！如果没有配置R3还是可以学到area0的路由的，但R1学习不到R3的area20的路由！

2.2.2.2 1 FULL/DR 00:00:34 10.0.0.6 FastEthernet1/0

5.5.5.5 0 FULL/ - 00:01:49 10.0.0.18 Serial0/0

4.4.4.4 0 FULL/ - 00:01:33 10.0.0.19 Serial0/0

r1#

r2#sh ip rou R1-R2_ipsec vpn 效果

10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks

O IA 10.0.8.0/24 [110/129] via 10.0.0.17, 00:18:22, Serial0/0

R 10.0.9.0/24 [120/1] via 10.0.0.14, 00:00:26, FastEthernet2/0

C 10.0.0.12/30 is directly connected, FastEthernet2/0

O IA 10.0.2.0/24 [110/66] via 10.0.0.17, 00:18:22, Serial0/0

O IA 10.0.3.0/24 [110/66] via 10.0.0.17, 00:18:22, Serial0/0

O IA 10.0.0.0/30 [110/67] via 10.0.0.17, 00:18:22, Serial0/0

O IA 10.0.1.0/24 [110/66] via 10.0.0.17, 00:18:22, Serial0/0

O IA 10.0.7.0/24 [110/129] via 10.0.0.17, 00:18:22, Serial0/0

O IA 10.0.4.0/24 [110/66] via 10.0.0.17, 00:18:22, Serial0/0

O IA 10.0.0.4/30 [110/65] via 10.0.0.17, 00:18:22, Serial0/0

O IA 10.0.5.0/24 [110/67] via 10.0.0.17, 00:18:22, Serial0/0

O 10.0.0.18/32 [110/128] via 10.0.0.17, 00:18:22, Serial0/0

C 10.0.0.16/29 is directly connected, Serial0/0

O 10.0.0.17/32 [110/64] via 10.0.0.17, 00:18:22, Serial0/0

C 192.168.1.0/24 is directly connected, FastEthernet1/0

O*E2 0.0.0.0/0 [110/1] via 10.0.0.17, 00:18:12, Serial0/0

r2#sh cry is sa

dst src state conn-id slot

10.0.0.17 10.0.0.19 QM_IDLE 1 0

r2#sh ip os ne

Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 0 FULL/ - 00:01:32 10.0.0.17 Serial0/0

r2#

r3#sh ip rou R1-R3_ipsec vpn效果， OSPF虚链路效果---->一定要配置！

10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks

C 10.0.8.0/24 is directly connected, FastEthernet1/0.80

O E1 10.0.9.0/24 [110/328] via 10.0.0.17, 00:18:38, Serial0/0

O E1 10.0.0.12/30 [110/328] via 10.0.0.17, 00:18:38, Serial0/0

O 10.0.2.0/24 [110/66] via 10.0.0.17, 00:18:38, Serial0/0

O 10.0.3.0/24 [110/66] via 10.0.0.17, 00:18:38, Serial0/0

O 10.0.0.0/30 [110/67] via 10.0.0.17, 00:18:38, Serial0/0

O 10.0.1.0/24 [110/66] via 10.0.0.17, 00:18:38, Serial0/0

C 10.0.7.0/24 is directly connected, FastEthernet1/0.70

O 10.0.4.0/24 [110/66] via 10.0.0.17, 00:18:38, Serial0/0

O 10.0.0.4/30 [110/65] via 10.0.0.17, 00:18:38, Serial0/0

O 10.0.5.0/24 [110/67] via 10.0.0.17, 00:18:38, Serial0/0

O 10.0.0.19/32 [110/128] via 10.0.0.17, 00:18:48, Serial0/0

C 10.0.0.16/29 is directly connected, Serial0/0

O 10.0.0.17/32 [110/64] via 10.0.0.17, 00:18:48, Serial0/0

O*E2 0.0.0.0/0 [110/1] via 10.0.0.17, 00:18:38, Serial0/0

r3#sh cry is sa

dst src state conn-id slot

10.0.0.17 10.0.0.18 QM_IDLE 1 0

r3#sh ip os ne

Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 0 FULL/ - - 10.0.0.17 OSPF_VL1---->虚链路一定要配置！！！

3.3.3.3 0 FULL/ - 00:01:53 10.0.0.17 Serial0/0

r3#

r9#sh ip rou 重发布OSPF效果：

10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks

R 10.0.8.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

C 10.0.9.0/24 is directly connected, Vlan90

C 10.0.0.12/30 is directly connected, FastEthernet0/0

R 10.0.2.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.3.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.0.0/30 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.1.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.7.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.4.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.0.4/30 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.5.0/24 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.0.18/32 [120/2] via 10.0.0.13, 00:00:06, FastEthernet0/0

R 10.0.0.16/29 [120/1] via 10.0.0.13, 00:00:07, FastEthernet0/0

R 10.0.0.17/32 [120/2] via 10.0.0.13, 00:00:07, FastEthernet0/0

R* 0.0.0.0/0 [120/2] via 10.0.0.13, 00:00:07, FastEthernet0/0

r9#

VPC测试：

上图是R1到R2,R3的ipsec vpn连通效果。

上图是广州分部到外网的NAT效果。

上图是总部到外网的NAT效果。

下面是分部时间ACL的测试：

测试后，上面的顺序反了，是这样：

ti work

per weekda 9:00 to 18:00

r2(config)#acc 130 per udp an an //RIP所有的消息都是被封装在UDP数据报里面的，源和目的端口都设置为520

r2(config)#acc 130 per ip an 10.0.0.0 0.255.255.255

r2(config)#acc 130 per ip 10.0.9.0 0.0.0.255 an ti work

int f2/0

ip acce 130 in

下面是总部的时间ACL测试：

配置参数：

ti work

r5(config)#acc 130 per os an an //使R5可以学习到OSPF的路由

r5(config)#acc 130 per ip 10.0.1.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.2.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.3.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.4.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.7.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.8.0 0.0.0.255 an ti work

r5(config)#acc 130 per ip 10.0.5.0 0.0.0.255 an //允许服务器网络，用于发布到公网

int f1/0

ip acce 130 in

下面是总部的PPTP测试：

上一篇：0216_帧中继_ipsec

下一篇：卡通

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯