赞
踩
首先要打通GRE通道:
具体见本人文章:[eNSP]建立GRE通道
然后:
2、创建IKE提议
[AR 1]ike proposal 1 # 创建IKE提议
[AR 1-ike-proposal-1]encryption-algorithm 3des-cbc # 指定加密算法
[AR 1-ike-proposal-1]authentication-algorithm md5 # 认证算法
[AR 3]ike proposal 1 # 创建IKE提议
[AR 3-ike-proposal-1]encryption-algorithm 3des-cbc # 指定加密算法
[AR 3-ike-proposal-1]authentication-algorithm md5 # 认证算法
3、配置IKE对等体
[AR 1]ike peer number v2 # 创建number的对等体
[AR 1-ike-peer-numberone]pre-shared-key simple 5201314 # 共享密钥
[AR 1-ike-peer-numberone]ike-proposal 1
[AR 3]ike peer number v2 # 创建number的对等体
[AR 3-ike-peer-numberone]pre-shared-key simple 5201314 # 共享密钥
[AR 3-ike-peer-numberone]ike-proposal 1
4、配置IPSec提议
[AR 1]ipsec proposal 1
[AR 1-ipsec-proposal-1]esp encryption-algorithm 3des # esp的加密算法
[AR 3]ipsec proposal 1
[AR 3-ipsec-proposal-1]esp encryption-algorithm 3des # esp的加密算法
5、配置IPSec文件
[AR 1]ipsec profile gre
[AR 1-ipsec-profile-gre]ike-peer number
[AR 1-ipsec-profile-gre]proposal 1
[AR 3]ipsec profile gre
[AR 3-ipsec-profile-gre]ike-peer number
[AR 3-ipsec-profile-gre]proposal 1
6、对GRE隧道进行保护
[AR 1]interface Tunnel 0/0/0
[AR 1-Tunnel0/0/0]description XXXXX # XXXXX可以自定义
[AR 1-Tunnel0/0/0]tunnel-protocol gre
[AR 1-Tunnel0/0/0]source 200.1.1.1
[AR 1-Tunnel0/0/0]destination 200.2.2.2
[AR 1-Tunnel0/0/0]ipsec profile gre # 对GRE隧道进行保护
[AR 3]interface Tunnel 0/0/0
[AR 3-Tunnel0/0/0]description XXXXX
[AR 3-Tunnel0/0/0]tunnel-protocol gre
[AR 3-Tunnel0/0/0]source 200.2.2.2
[AR 3-Tunnel0/0/0]destination 200.1.1.1
[AR 3-Tunnel0/0/0]ipsec profile gre # 对GRE隧道进行保护
最后用PC1去pingPC2的抓包效果图:
PC1的命令行显示时这样的:
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。