IP地址:
R1 |
F0/0 |
|
F0/1 |
192.168.1.1/24 |
|
R2 |
F0/0 |
|
F0/1 |
|
|
R3 |
F0/0 |
|
F0/1 |
|
|
R4 |
F0/0 |
|
F0/1 |
192.168.2.1/24 |
|
Server0 |
|
192.168.1.3/24 |
Server1 |
|
192.168.2.3/24 |
PC0 |
|
192.168.1.2/24 |
PC1 |
|
192.168.2.2/24 |
1、 在R2、R3上边运行ospf协议
2、 在R1、R4配置静态默认路由,pc1与R2,R3,R4,都无法ping通,pc2与R1,R2,R3,都无法ping通,pc1 与pc2不通
3、 在R1与R4上边配置IPsec×××(配置成功后pc1 ,pc2,server0,server1可以互通)
R1上的配置如下:
R1#show run
Building configuration...
Current configuration : 1091 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
crypto isakmp policy 1
encr 3des
authentication pre-share
lifetime 14400
!
crypto isakmp key 123 address
!
!
crypto ipsec transform-set cmap1 esp-3des esp-sha-hmac
!
crypto map cmap1 1 ipsec-isakmp
set peer
set security-association lifetime seconds 1800
set transform-set cmap1
match address 111
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address
duplex auto
speed auto
crypto map cmap1
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
ip classless
ip route
!
!
access-list 111 permit ip any any
line con 0
line vty 0 4
login
end
R2路由器上配置:
R2#show run
Building configuration...
Current configuration : 601 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R2
!
!
interface FastEthernet0/0
ip address
duplex auto
speed auto
!
interface FastEthernet0/1
ip address
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute static subnets
network
network
!
ip classless
!
line con 0
line vty 0 4
login
!
!
!
End
R3路由器上配置:
R3#show run
Building configuration...
Current configuration : 601 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R3
!
!
!
!
interface FastEthernet0/0
ip address
duplex auto
speed auto
!
interface FastEthernet0/1
ip address
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute static subnets
network
network
!
ip classless
!
!
line con 0
line vty 0 4
login
!
!
!
End
R4路由器上配置:
R4#show run
Building configuration...
Current configuration : 881 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R4
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
lifetime 14400
!
crypto isakmp key 123 address
!
!
crypto ipsec transform-set cmap1 esp-3des esp-sha-hmac
!
crypto map cmap1 1 ipsec-isakmp
set peer
set security-association lifetime seconds 1800
set transform-set cmap1
match address 111
!
interface FastEthernet0/0
ip address
duplex auto
speed auto
crypto map cmap1
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route
!
!
access-list 111 permit ip any any
!
!
!
!
!
line con 0
line vty 0 4
login
!
!
!
End
测试结果:
PC0可以ping通对端主机,也可以登录到web服务器,但与