试验包含四个技术:
1.Dead peer Detection
2.Reverse Router Injection
3.Default peer configutation
4.Idle Time
R1#sh running-config
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 25.25.25.2
crypto isakmp key cisco address 35.35.35.3
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
!
crypto map *** 10 ipsec-isakmp
set peer 25.25.25.2 default
set peer 35.35.35.3
set security-association idle-time 60
set transform-set wk
match address 101
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Serial1/2
ip address 15.15.15.1 255.255.255.0
serial restart-delay 0
crypto map ***
!
ip classless
ip route 0.0.0.0 0.0.0.0 15.15.15.5
!
access-list 101 permit ip 1.1.1.0 0.0.0.255 4.4.4.0 0.0.0.255
!
R5#sh running-config
!
interface Serial1/1
ip address 15.15.15.5 255.255.255.0
serial restart-delay 0
!
interface Serial1/2
ip address 25.25.25.5 255.255.255.0
serial restart-delay 0
!
interface Serial1/3
ip address 35.35.35.5 255.255.255.0
serial restart-delay 0
!
R2#sh running-config
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 15.15.15.1
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
!
crypto map *** 10 ipsec-isakmp
set peer 15.15.15.1
set transform-set wk
match address 101
reverse-route tag 10
!
!
interface Serial1/2
ip address 25.25.25.2 255.255.255.0
shutdown
serial restart-delay 0
crypto map ***
!
router ospf 110
log-adjacency-changes
redistribute static subnets route-map static-to-ospf
network 10.10.10.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 25.25.25.5
!
access-list 101 permit ip 4.4.4.0 0.0.0.255 1.1.1.0 0.0.0.255
!
route-map static-to-ospf permit 10
match tag 10
R3#sh running-config
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 15.15.15.1
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
!
crypto map *** 10 ipsec-isakmp
set peer 15.15.15.1
set transform-set wk
match address 101
reverse-route tag 10
!
interface FastEthernet0/0
ip address 10.10.10.3 255.255.255.0
duplex auto
speed auto
!
interface Serial1/2
ip address 35.35.35.3 255.255.255.0
serial restart-delay 0
crypto map ***
!
router ospf 110
log-adjacency-changes
redistribute static subnets route-map static-to-ospf
network 10.10.10.0 0.0.0.255 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 35.35.35.5
!
access-list 101 permit ip 4.4.4.0 0.0.0.255 1.1.1.0 0.0.0.255
!
route-map static-to-ospf permit 10
match tag 10
!
R4#sh running-config
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface FastEthernet0/0
ip address 10.10.10.4 255.255.255.0
duplex auto
speed auto
!
router ospf 110
log-adjacency-changes
network 4.4.4.0 0.0.0.255 area 0
network 10.10.10.0 0.0.0.255 area 0
!
转载于:https://blog.51cto.com/2974159/806198
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
