本实验借助于Cisco 2600 路由器,通过vpn技术实现蓝色学苑,一分部和二分部之间的网络互联,为了贴近实用性,中间仍然通过Cisco 3640 模拟ISP 。
通过在网络基础部分的介绍,各位应该对×××技术有了一定的认识,在×××的实现中主要有两个方面:建立××× Tunnel和ipsec的加密
通过在网络基础部分的介绍,各位应该对×××技术有了一定的认识,在×××的实现中主要有两个方面:建立××× Tunnel和ipsec的加密
Cisco 2600 with GRE Tunnel
hostname bluestudy1
enable passsword cisco
memory-size iomem 25
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
ip mtu 1467
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
interface serial0/0
encapsulation frame-relay
frame-relay lmi-type ansi
interface serial0/0.1 point-to-point
ip address 199.1.1.2 255.255.255.248
ip nat outside
no arp frame-relay
frame-relay interface-dlci 111
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
router eigrp 100
network 172.16.0.0
router rip
version 2
network 172.16.0.0
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route0.0.0 .0 0.0.0.0 srial0/0.1
ip http server
access-list 2 permit 172.16.1.0 0.0.0.255
snmp-server community public RO
line con 0
password cisco
login
line vty 0 4
password cisco
login
Cisco 2600 Configuration with IPSec
hostname bluestudy1
enable passsword cisco
crypto isakmp key policy 1
authentication pre-share
crypto isakmp key slurpee-machine address 172.16.101.2
crypto ipsec transform-set test ah-sha-hmac esp-des esp-sha-hmac
set transform-set test
crypto map bluestudy 10 ipsec-isakmp
set peer 172.16.101.2
set transform-set test
match address 101
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
frame-relay lmi-type ansi
interface serial0/0.1 point-to-point
ip address 199.1.1.2 255.255.255.248
ip nat outside
no arp frame-relay
frame-relay interface-dlci 111
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
router eigrp 100
network 172.16.0.0
router rip
version 2
network 172.16.0.0
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route
ip http server
access-list 2 permit 172.16.1.0 0.0.0.255
snmp-server community public RO
line con 0
password cisco
login
line vty 0 4
password cisco
login
Cisco 2600 Configuration with IPSec
hostname bluestudy1
enable passsword cisco
crypto isakmp key policy 1
authentication pre-share
crypto isakmp key slurpee-machine address 172.16.101.2
crypto ipsec transform-set test ah-sha-hmac esp-des esp-sha-hmac
set transform-set test
crypto map bluestudy 10 ipsec-isakmp
set peer 172.16.101.2
set transform-set test
match address 101
interface Tunnel0
ip address 172.16.101.1 255.255.255.0
ip mtu 1467
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
crypto map bluestudy
interface serial0/0
encapsulation frame-relay
frame-relay lmi-type ansi
interface serial0/0.1 point-to-point
ip address 199.1.1.2 255.255.255.248
ip nat outside
frame-relay interface-dlci 111
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
tunnel sourece 199.1.1.2
tunnel destination 199.1.2.2
crypto map bluestudy
interface serial0/0
encapsulation frame-relay
frame-relay lmi-type ansi
interface serial0/0.1 point-to-point
ip address 199.1.1.2 255.255.255.248
ip nat outside
frame-relay interface-dlci 111
interface ethernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
router eigrp 100
network 172.16.0.0
network 172.16.0.0
router rip
version 2
network 172.16.0.0
no auto-summary
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route0.0.0 .0 0.0.0.0 srial0/0.1
ip http server
access-list 2 permit 172.16.1.0 0.0.0.255
access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255(对方网络,只有到这个网络的信息包才加密)
line con 0
exec-timeout 0 0
password cisco
login
transport input none
version 2
network 172.16.0.0
no auto-summary
ip nat pool bluestudy 199.1.1.3 199.1.1.10 netmask 255.255.255.248
ip nat inside sourece list 2 pool bluestudy overload
ip nat inside sourece static 172.16.1.3 199.1.1.5
ip classless
ip route
ip http server
access-list 2 permit 172.16.1.0 0.0.0.255
access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255(对方网络,只有到这个网络的信息包才加密)
line con 0
exec-timeout 0 0
password cisco
login
transport input none
line vty 0 4
password cisco
login
password cisco
login
