扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
在本页阅读全文(共2页)
Extranet外联网配置:
Figure 3-9: Extranet VPN Scenario Physical Elements
Headquarters Router配置:
hq-sanjose# show running-config
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname hq-sanjose
!
boot system flash bootflash:
boot bootldr bootflash:c7100-boot-mz.120-1.1.T
boot config slot0:hq-sanjose-cfg-small
no logging buffered
!
crypto isakmp policy 1
authentication pre-share
lifetime 84600
crypto isakmp key test12345 address 172.24.2.5
crypto isakmp key test67890 address 172.23.2.7
!
crypto ipsec transform-set proposal1 ah-sha-hmac esp-des esp-sha-hmac
ode transport
!
crypto ipsec transform-set proposal4 ah-sha-hmac esp-des esp-sha-hmac
!
!
crypto map s1first local-address Serial1/0
crypto map s1first 1 ipsec-isakmp
set peer 172.24.2.5
set transform-set proposal1
match address 101
!
crypto map s4second local-address Serial2/0
crypto map s4second 2 ipsec-isakmp
set peer 172.23.2.7
set transform-set proposal4
match address 111
!
interface Tunnel0
bandwidth 180
ip address 172.17.3.3 255.255.255.0
no ip directed-broadcast
tunnel source 172.17.2.4
tunnel destination 172.24.2.5
crypto map s1first
!
interface FastEthernet0/0
ip address 10.1.3.3 255.255.255.0
no ip directed-broadcast
no keepalive
full-duplex
no cdp enable
!
interface FastEthernet0/1
ip address 10.1.6.4 255.255.255.0
no ip directed-broadcast
ip nat inside
no keepalive
full-duplex
no cdp enable
!
interface Serial1/0
ip address 172.17.2.4 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
fair-queue 64 256 0
framing c-bit
cablelength 10
dsu bandwidth 44210
clock source internal
no cdp enable
crypto map s1first
!
interface Serial2/0
ip address 172.16.2.2 255.255.255.0
no ip directed-broadcast
ip nat outside
no ip mroute-cache
no keepalive
fair-queue 64 256 0
framing c-bit
cablelength 10
dsu bandwidth 44210
clock source internal
no cdp enable
crypto map s4second
!
router bgp 10
network 10.2.2.2 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.0
!
ip route 10.1.4.0 255.255.255.0 Tunnel0
!
ip nat inside source static 10.1.6.5 10.2.2.2
!
access-list 101 permit gre host 172.17.2.4 host 172.24.2.5
access-list 111 permit ip host 10.2.2.2 host 10.1.5.3
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
end
Business Partner Router 配置:
bus-ptnr# show running-config
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname bus-ptnr
!
boot system flash bootflash:
boot bootldr bootflash:c7100-boot-mz.120-1.1.T
boot config slot0:bus-ptnr-cfg-small
no logging buffered
!
crypto isakmp policy 1
authentication pre-share
lifetime 84600
crypto isakmp key test67890 address 172.16.2.2
!
crypto ipsec transform-set proposal4 ah-sha-hmac esp-des esp-sha-hmac
!
!
crypto map s4second local-address Serial1/0
crypto map s4second 2 ipsec-isakmp
set peer 172.16.2.2
set transform-set proposal4
match address 111
!
interface FastEthernet0/0
ip address 10.1.5.2 255.255.255.0
no ip directed-broadcast
no keepalive
full-duplex
no cdp enable
!
interface Serial1/0
ip address 172.23.2.7 255.255.255.0
no ip directed-broadcast
no ip mroute-cache
no keepalive
fair-queue 64 256 0
framing c-bit
cablelength 10
dsu bandwidth 44210
clock source internal
no cdp enable
crypto map s4second
!
router bgp 10
network 10.1.5.0 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.0
!
access-list 111 permit ip host 10.1.5.3 host 10.2.2.2
!
line con 0
transport input none
line aux 0
line vty 0 4
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
现场直击|2021世界人工智能大会
直击5G创新地带,就在2021MWC上海
5G已至 转型当时——服务提供商如何把握转型的绝佳时机
寻找自己的Flag
华为开发者大会2020(Cloud)- 科技行者
京公网安备 11010802021500号