Cisco 点对多点×××实验

原创

Cisco527 2013-01-31 12:22:31 ©著作权

文章标签 Cisco 多 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者Cisco527的原创作品，请联系作者获取转载授权，否则将追究法律责任

基本配置：

Hub Router

hostname Hub
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco47 address 0.0.0.0 //0.0.0.0指定对端可为任意
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
!
crypto map vpnmap1 local-address Ethernet0
crypto map vpnmap1 10 ipsec-isakmp
set peer 172.16.1.1
set transform-set trans2
match address 101
crypto map vpnmap1 20 ipsec-isakmp
set peer 172.16.2.1
set transform-set trans2
match address 102
. . .
crypto map vpnmap1 <10*n> ipsec-isakmp
set peer 172.16.<n>.1
set transform-set trans2
match address <n+100>
!
interface Tunnel1
bandwidth 1000
ip address 10.0.0.1 255.255.255.252
ip mtu 1400
delay 1000
tunnel source Ethernet0
tunnel destination 172.16.1.1
!
interface Tunnel2
bandwidth 1000
ip address 10.0.0.5 255.255.255.252
ip mtu 1400
delay 1000
tunnel source Ethernet0
tunnel destination 172.16.2.1
!
. . .
!
interface Tunnel<n>
bandwidth 1000
ip address 10.0.0.<4n-3> 255.255.255.252
ip mtu 1400
delay 1000
tunnel source Ethernet0
tunnel destination 172.16.<n>.1
!
interface Ethernet0
ip address 172.17.0.1 255.255.255.0
crypto map vpnmap1
!
interface Ethernet1
ip address 192.168.0.1 255.255.255.0
!
router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.0.0 0.0.0.255
no auto-summary
!
access-list 101 permit gre host 172.17.0.1 host 172.16.1.1
access-list 102 permit gre host 172.17.0.1 host 172.16.2.1
...
access-list <n+100> permit gre host 172.17.0.1 host 172.16.<n>.1

Spoke1 Router

hostname Spoke1
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco47 address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
!
crypto map vpnmap1 local-address Ethernet0
crypto map vpnmap1 10 ipsec-isakmp
set peer 172.17.0.1
set transform-set trans2
match address 101
!
interface Tunnel0
bandwidth 1000
ip address 10.0.0.2 255.255.255.252
ip mtu 1400
delay 1000
tunnel source Ethernet0
tunnel destination 172.17.0.1
!
interface Ethernet0
ip address 172.16.1.1 255.255.255.252
crypto map vpnmap1
!
interface Ethernet1
ip address 192.168.1.1 255.255.255.0
!
router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.1.0 0.0.0.255
no auto-summary
!
access-list 101 permit gre host 172.16.1.1 host 172.17.0.1