【每日分享技术】华为HCIA/HCIP/HCIE Site to Site VPN (多站点)
今天给大家分享一个Site to Site VPN (多站点)希望对大家有所帮助!拓补图:
配置 Internet 路由器 interface Serial1/0 ip address 202.100.1.10 255.255.255.0 no shutdown interface Serial1/1 ip address 202.100.2.10 255.255.255.0 no shutdown interface Serial1/2 ip address 202.100.3.10 255.255.255.0 no shutdown
第一步:配置路由 配置 R1: ip route 172.16.2.0 255.255.255.0 202.100.1.10 ip
route 172.16.3.0 255.255.255.0 202.100.1.10 ip
route 202.100.2.0 255.255.255.0 202.100.1.10 ip
route 202.100.3.0 255.255.255.0 202.100.1.10 配置 R2: ip route 172.16.1.0 255.255.255.0 202.100.2.10 ip
route 172.16.3.0 255.255.255.0 202.100.2.10 ip
route 202.100.1.0 255.255.255.0 202.100.2.10 ip
route 202.100.3.0 255.255.255.0 202.100.2.10 配置 R3: ip route 172.16.1.0 255.255.255.0 202.100.3.10 ip
route 172.16.2.0 255.255.255.0 202.100.3.10 ip
route 202.100.1.0 255.255.255.0 202.100.3.10 ip
route 202.100.2.0 255.255.255.0 202.100.3.10
注:在实际应用中,企业都是通过配置默认路由到达 Internet,
以上拓扑中可以在 R1,R2,R3 配置一条默认路由也可以解决
路由问题,而且企业路由器也算是 Internet 边缘路由器,
0.0.0.0 0.0.0 的路由到达internet 必不可少:分别在 R1,R2,
R3 配置默认路由 R1: ip route 0.0.0.0 0.0.0.0 202.100.1.10 R2: ip route 0.0.0.0 0.0.0.0 202.100.2.10 R3: ip route 0.0.0.0 0.0.0.0 202.100.3.10
第二步:ISAKMP 策略
配置 R1:crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 202.100.2.2
crypto isakmp key cisco address 202.100.3.3
配置 R2: crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key 0 cisco address 202.100.1.1
crypto isakmp key 0 cisco address 202.100.3.3
配置 R3: crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 202.100.1.1
crypto isakmp key cisco address 202.100.2.2
详细内容请下载文档查看!
华为HCIA/HCIP/HCIE Site to Site VPN 好东西谢谢楼主分享
页:
[1]