实验要求:
1、 使用GRE vpn 实现R1 R2 R3 之间互访!
2、 R1 R2 R3 的逻辑接口地址分别为 192.168.1.1 192.168.2.2 192.168.3.3
3、 使用EASY vpn 使虚拟PC能够访问R1 R2 R3 中任意一台!(我访问R1)
r1#show run
!
hostname r1
!
aaa new-model
aaa authentication login mylogin local
aaa authorization network mynet local
no ip domain lookup
username 123 password 0 123
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 193.1.1.1
crypto isakmp key cisco address 194.1.1.1
!
crypto isakmp client configuration group mygroup
key cisco
dns 192.168.1.2
domain cisco
pool mypool
acl list
!
!
crypto ipsec transform-set set esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map dymap 1
set transform-set set
reverse-route
!
!
crypto map map client authentication list mylogin
crypto map map isakmp authorization list mynet
crypto map map client configuration address respond
crypto map map 10 ipsec-isakmp
set peer 193.1.1.1
set transform-set set
match address list2
crypto map map 20 ipsec-isakmp
set peer 194.1.1.1
set transform-set set
match address list3
crypto map map 30 ipsec-isakmp dynamic dymap
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
ip address 10.10.12.1 255.255.255.0
tunnel source Serial1/2
tunnel destination 193.1.1.1
!
interface Tunnel1
ip address 10.10.13.1 255.255.255.0
tunnel source Serial1/2
tunnel destination 194.1.1.1
!
interface Serial1/2
ip address 192.1.1.1 255.255.255.0
serial restart-delay 0
crypto map map
!
router eigrp 10
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
ip local pool mypool 172.16.1.1 172.16.1.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial1/2
!
!
ip http server
no ip http secure-server
!
ip access-list extended list
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended list2
permit ip host 192.1.1.1 host 193.1.1.1
ip access-list extended list3
permit ip host 192.1.1.1 host 194.1.1.1
R1路由表:
r1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
172.16.0.0/32 is subnetted, 1 subnets
S 172.16.1.1 [1/0] via 195.1.1.2
10.0.0.0/24 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, Tunnel0
C 10.10.13.0 is directly connected, Tunnel1
C 192.1.1.0/24 is directly connected, Serial1/2
C 192.168.1.0/24 is directly connected, Loopback0
D 192.168.2.0/24 [90/297372416] via 10.10.12.2, 00:29:27, Tunnel0
D 192.168.3.0/24 [90/297372416] via 10.10.13.3, 00:17:23, Tunnel1
S* 0.0.0.0/0 is directly connected, Serial1/2
R2测试结果:
r2#ping
Protocol [ip]:
Target IP address: 192.168.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.2.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/45/72 ms
r2#ping 192.168.3.3 sour 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/60 ms
r2配置文件:
r2#show run
hostname r2
!
no ip domain lookup
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 192.1.1.1
!
!
crypto ipsec transform-set set esp-3des esp-sha-hmac
mode transport
!
crypto map map 10 ipsec-isakmp
set peer 192.1.1.1
set transform-set set
match address list2
interface Loopback0
ip address 192.168.2.2 255.255.255.0
!
interface Tunnel0
ip address 10.10.12.2 255.255.255.0
tunnel source Serial1/2
tunnel destination 192.1.1.1
!
interface Serial1/2
ip address 193.1.1.1 255.255.255.0
serial restart-delay 0
crypto map map
!
router eigrp 10
network 10.0.0.0
network 192.168.2.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial1/2
ip access-list extended list2
permit ip host 193.1.1.1 host 192.1.1.1
!
R2路由表:
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/24 is subnetted, 2 subnets
C 10.10.12.0 is directly connected, Tunnel0
D 10.10.13.0 [90/310044416] via 10.10.12.1, 00:30:34, Tunnel0
C 193.1.1.0/24 is directly connected, Serial1/2
D 192.168.1.0/24 [90/297372416] via 10.10.12.1, 00:30:34, Tunnel0
C 192.168.2.0/24 is directly connected, Loopback0
D 192.168.3.0/24 [90/310172416] via 10.10.12.1, 00:18:25, Tunnel0
S* 0.0.0.0/0 is directly connected, Serial1/2
R3配置文件:
r3# ping 192.168.1.1 sour 192.168.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/24 ms
r3# ping 192.168.2.2 sour 192.168.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/34/92 ms
r3#show run
Building configuration...
Current configuration : 1824 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 192.1.1.1
!
!
crypto ipsec transform-set set esp-3des esp-sha-hmac
mode transport
!
crypto map map 20 ipsec-isakmp
set peer 192.1.1.1
set transform-set set
match address list3
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.3.3 255.255.255.0
!
interface Tunnel0
ip address 10.10.13.3 255.255.255.0
tunnel source Serial1/2
tunnel destination 192.1.1.1
!
interface Serial1/2
ip address 194.1.1.1 255.255.255.0
serial restart-delay 0
crypto map map
!
router eigrp 10
network 10.0.0.0
network 192.168.3.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial1/2
!
!
ip http server
no ip http secure-server
!
ip access-list extended list3
permit ip host 194.1.1.1 host 192.1.1.1
r3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/24 is subnetted, 2 subnets
D 10.10.12.0 [90/310044416] via 10.10.13.1, 00:18:53, Tunnel0
C 10.10.13.0 is directly connected, Tunnel0
D 192.168.1.0/24 [90/297372416] via 10.10.13.1, 00:18:53, Tunnel0
D 192.168.2.0/24 [90/310172416] via 10.10.13.1, 00:18:53, Tunnel0
C 194.1.1.0/24 is directly connected, Serial1/2
C 192.168.3.0/24 is directly connected, Loopback0
S* 0.0.0.0/0 is directly connected, Serial1/2
R5配置文件:
r5#show run
hostname r5
no ip domain-lookup
interface FastEthernet0/0
ip address 195.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 192.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 193.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
ip address 194.1.1.2 255.255.255.0
serial restart-delay 0
!
虚拟机桥接PC测试结果:
