[eNSP]GRE over IPSec（对GRE通道进行加密）_ensp gre over ipsec

首先要打通GRE通道：
具体见本人文章：[eNSP]建立GRE通道
然后：

2、创建IKE提议
[AR 1]ike proposal 1     # 创建IKE提议
[AR 1-ike-proposal-1]encryption-algorithm 3des-cbc     # 指定加密算法
[AR 1-ike-proposal-1]authentication-algorithm md5     # 认证算法
[AR 3]ike proposal 1     # 创建IKE提议
[AR 3-ike-proposal-1]encryption-algorithm 3des-cbc     # 指定加密算法
[AR 3-ike-proposal-1]authentication-algorithm md5     # 认证算法

3、配置IKE对等体
[AR 1]ike peer number v2     # 创建number的对等体
[AR 1-ike-peer-numberone]pre-shared-key simple 5201314     # 共享密钥
[AR 1-ike-peer-numberone]ike-proposal 1
[AR 3]ike peer number v2     # 创建number的对等体
[AR 3-ike-peer-numberone]pre-shared-key simple 5201314     # 共享密钥
[AR 3-ike-peer-numberone]ike-proposal 1

4、配置IPSec提议
[AR 1]ipsec proposal 1
[AR 1-ipsec-proposal-1]esp encryption-algorithm 3des     # esp的加密算法
[AR 3]ipsec proposal 1
[AR 3-ipsec-proposal-1]esp encryption-algorithm 3des     # esp的加密算法

5、配置IPSec文件
[AR 1]ipsec profile gre
[AR 1-ipsec-profile-gre]ike-peer number
[AR 1-ipsec-profile-gre]proposal 1
[AR 3]ipsec profile gre
[AR 3-ipsec-profile-gre]ike-peer number
[AR 3-ipsec-profile-gre]proposal 1

6、对GRE隧道进行保护
[AR 1]interface Tunnel 0/0/0
[AR 1-Tunnel0/0/0]description XXXXX     # XXXXX可以自定义
[AR 1-Tunnel0/0/0]tunnel-protocol gre
[AR 1-Tunnel0/0/0]source 200.1.1.1
[AR 1-Tunnel0/0/0]destination 200.2.2.2
[AR 1-Tunnel0/0/0]ipsec profile gre     # 对GRE隧道进行保护
[AR 3]interface Tunnel 0/0/0
[AR 3-Tunnel0/0/0]description XXXXX
[AR 3-Tunnel0/0/0]tunnel-protocol gre
[AR 3-Tunnel0/0/0]source 200.2.2.2
[AR 3-Tunnel0/0/0]destination 200.1.1.1
[AR 3-Tunnel0/0/0]ipsec profile gre     # 对GRE隧道进行保护
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

最后用PC1去pingPC2的抓包效果图：

PC1的命令行显示时这样的：