- 浏览: 181200 次
- 性别:
- 来自: 沈阳
-
文章分类
最新评论
-
Cash:
今日测试微信服务器,搭建tomcat8.0.9时,发布的ser ...
Tomcat 主机部署 -
Cash:
追加网通ip段:在网上没有公布出来222.128.0.0 25 ...
双ISP出口用到的ip地址表
使用gre封装路由更新信息,然后被ipsec封装后发送,使路由更新信息安全穿越广域网络!
注:GRE通道ip地址不在ipsec配置中被使用!
以下为配置文件:
-------
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key abc address 7.7.7.2
!
!
crypto ipsec transform-set set1 esp-des
!
crypto map map1 10 ipsec-isakmp
set peer 7.7.7.2
set transform-set set1
match address 100
!
!
!
!
!
interface Tunnel0
ip address 172.16.1.1 255.255.255.252
tunnel source Serial1/0
tunnel destination 7.7.7.2
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 1.1.1.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
crypto map map1
!
interface Serial1/1
ip address 2.2.2.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 100
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router rip
network 1.0.0.0
network 2.0.0.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 100 permit ip host 1.1.1.1 host 7.7.7.2
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
------
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 1.1.1.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip address 3.3.3.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router rip
network 1.0.0.0
network 3.0.0.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
-------
!
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 2.2.2.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip address 4.4.4.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
-------
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.4.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 3.3.3.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip address 4.4.4.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
ip address 5.5.5.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
ip address 6.6.6.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
router rip
network 3.0.0.0
network 4.0.0.0
network 5.0.0.0
network 6.0.0.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
-------
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.5.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 5.5.5.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip address 7.7.7.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router rip
network 5.0.0.0
network 7.0.0.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
-------
!
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.6.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 6.6.6.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip address 8.8.8.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
-------
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key abc address 1.1.1.1
!
!
crypto ipsec transform-set set1 esp-des
!
crypto map map1 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set set1
match address 100
!
!
!
!
!
interface Tunnel0
ip address 172.16.1.2 255.255.255.252
tunnel source Serial1/0
tunnel destination 1.1.1.1
!
interface Loopback0
ip address 192.168.7.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 7.7.7.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
crypto map map1
!
interface Serial1/1
ip address 8.8.8.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router ospf 100
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.7.0 0.0.0.255 area 0
!
router rip
network 7.0.0.0
network 8.0.0.0
no auto-summary
!
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip host 7.7.7.2 host 1.1.1.1
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
end
------
- 大小: 17.4 KB
发表评论
-
CentOS Stream9 搭建DNS服务器
2022-11-23 17:56 874好久没有写关于centos系统的服务搭建,本次采用s ... -
wmic 获取硬件及360安装情况的脚本
2020-04-09 15:52 532近期在搞电脑配置盘点,为方便员工自查信息,编写已下代码提升采集 ... -
MYSQL外联结查询解决注册数据统计
2016-10-10 10:32 378需要从房间配置表、房 ... -
windows7 dvd usb 写入u盘报错解决方法
2014-04-14 22:20 664插上要U启的U盘后, 运行 diskpart list ... -
excel 2010 显示成2个表格
2014-04-02 14:12 737可以通过更改注册表来避免 Excel2010窗口大小同步化的问 ... -
ASA5520+windows 2008R2 NPS系统集成实现ipsec vpn用户分权认证
2013-08-28 17:38 3047ASA5520+windows 2008R2 NPS系统集成要 ... -
联想笔记本,win7 32bit Fn+F5 无法弹出软件界面,并且Fn亮度调节没进度条显示
2011-12-23 13:23 1990解决方法: 在系统盘program Files/Lenov ... -
hp probook 4431s, windows7旗舰中文版蓝屏,提示ndis.sys
2011-12-06 12:23 1486无线网卡驱动未安装正确导致: 删除以下文件: ... -
使vmware虚拟机在windows2008R2操作系统中开机自动运行
2011-11-24 15:53 2531在windows2008R2操作系统中使vmware虚拟机自动 ... -
SQL Server2005 "可疑数据库" 修复
2011-08-30 11:55 976NetPerfMon 为修复的数据名 ... -
ftp 访问模式及端口
2011-07-13 11:35 1181近期看看一下关于ftp相关主动访问,被动访问的文章,字数较多下 ... -
windows7 创建扩展分区
2011-04-30 18:41 1040windows7安装过程中无法创建扩展分区,需要先创建一个主分 ... -
计算ACL的通配符
2010-10-25 23:24 2786在网上找了半天也没有一个能把acl的通配符计算方法说的很明确的 ... -
华硕 A8F安装 windows7
2010-08-24 20:08 1686目前在用2个笔记本,老的笔记本A8F安装的windowsXP. ... -
制作U盘版windowsPE3.0(windows7)
2010-04-27 00:31 4640制作U盘版windowsPE3.0(windows7) (看附 ...
相关推荐
GRE Over IPSec配置及抓包分析.doc
虚拟隧道接口建立GRE over IPSec配置
ensp配置虚拟隧道接口建立GRE over IPSec隧道示例
天融信防火墙配置GRE Over IPSEC GRE over IPSec,是将整个已经封装过的GRE数据包进行加密。由于IPSec不支持对多播和广播数据包的加密,这样的话,使用IPSec的隧道中,动态路由协议等依靠多播和广播的协议就不能进行...
GRE over IPsec GRE over IPsec GRE over IPsec GRE over IPsec GRE over IPsec GRE over IPsec GRE over IPsec
思科路由器对接山石网科防火墙——GRE Over IPSec.doc
GRE over IPSec GRE over IPSec 是一种将 Generic Routing Encapsulation(通用路由封装)与 Internet Protocol ...GRE over IPSec 的配置需要注意 IPSec Peer 的配置、GRE Tunnel 的建立、OSPF 的配置等技术点。
对于同一厂家的设备之间,比如思科路由器和思科防火墙、神码路由器和神码防火墙、华为路由器和华为防火墙做对接一般都比较容易,甚至同一厂家的同种设备之间做对接那就更轻松了。但是实际环境中我们总会遇到两个不同...
H3C cisco ipsec gre。不同设备GRE over ipsec。不同设备上。
在完成了所有的配置之后,我们需要进行入侵测试,以确保 GRE over IPSec 的安全性。我们可以通过连通测试、账号登录测试等方式来验证 GRE over IPSec 的安全性。 实验心得: * GRE 提供两种基本安全机制:校验和...
GRE over IPSec技术原理
#资源达人分享计划#
配置GRE over IPSec涉及以下几个步骤: 1. **配置GRE Tunnel**: 设置GRE Tunnel的源地址和目的地址。 2. **配置IPSec**: 配置IPSec的安全策略和服务集,包括加密算法、身份验证算法等。 3. **整合GRE Tunnel 和 ...
GRE over ipsec 野蛮模式:H3C原TE考试内容,一端非固定IP地址导致GRE无法完成目的IP定义的问题
两台出口路由器之间GREOVERIPSEC+NAT+OSPF.pdf
ROS 路由建立GRE TUN 使用ipsec 加密,并自带ospf
内含:实验拓扑和配置及抓包
目录: 网盘文件,永久连接 01 第1天_1 HCIP安全课程介绍 02 第1天_2 网络安全设备与组网 03 第1天_3 网络安全运维 04 第1天_4 服务器负载均衡 ...25 第3天_10 GRE over IPSec配置 26 第3天_11 ASA to USG IPSec
H3C路由器两种ipsec-gre配置总结.pdf
思科 路由器,三层交换机,二层交换机的easy配置