|
Redundancy VPN
R2,R3对外的地址是123.0.0.23,做一个HSRP,R4的LP0口是模拟身后的局域网络。
R2做VPN的终结点(当R2处于active状态时),加解密点是R2外口,通信点是R4内口
R1需要的路由条目:去往R2的公网路由,192.168.4.0的路由
R2需要的路由条目:去往R1的公网路由,192.168.4.0的路由,192.168.1.0的路由
R4需要的路由条目:192.168.1.0的路由。
R2:
int e 0/0.123
standby 1 ip 123.0.0.23
standby 1 preempt
standby 1 priority 105
standby 1 name HSRP
standby 1 track e 0/0.234
R3:
int e 0/0.123
standby 1 ip 123.0.0.23
standby 1 preempt
standby 1 name HSRP
standby 1 track e 0/0.234
在R1上起静态:在R1上也可以用反向路由注入
R1:
ip route 192.168.4.0 255.255.255.0 123.0.0.23
起OSPF:
R2/R3:
router ospf 110
net 192.168.234.0 0.0.0.255 a 0
R4:
router ospf 110
net 192.168.234.0 0.0.0.255 a 0
net 192.168.4.0 0.0.0.255 a 0
配VPN:
R2/R3:
crypto keyring KEYRING
pre-shared-key address 123.0.0.1 key cisco
crypto isakmp profile HSRP
keyring KEYRING
match identity address 123.0.0.1 255.255.255.255
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto ipsec transform-set MYSET esp-3des esp-md5-hmac
ip access-list extended VPN
permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
crypto map MYMAP 10 ipsec-isakmp
set peer 123.0.0.1
set transform-set MYSET
set pfs group1
set isakmp-profile HSRP
match address VPN
reverse-route
| 
IP卡
狗仔卡
发表于 2008-6-26 05:21:49
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主