Netscreen与Cisco跑OSPF
拓扑:
成都创新互联公司专注于广阳企业网站建设,响应式网站,商城网站制作。广阳网站建设公司,为广阳等地区提供建站服务。全流程按需定制制作,专业设计,全程项目跟踪,成都创新互联公司专业和态度为您提供的服务
ISP Configuration:
int e0/0
ip add 200.1.1.1 255.255.255.0
no sh
int e0/1
ip add 200.1.2.1 255.255.255.0
no sh
Netscreen Cconfiguration:
set zone name y1
set interface "loopback.1" zone "Home"
set interface "loopback.2" zone "Home"
set interface "loopback.3" zone "Home"
set interface ethernet3 ip 200.1.1.2/24
set interface loopback.1 ip 192.168.1.1/24
set interface loopback.2 ip 192.168.2.1/24
set interface loopback.3 ip 192.168.3.1/24
set int tun.1 zone y1
set interface tunnel.1 ip 192.168.100.1/24
set interface ethernet3 ip manageable
set interface loopback.1 ip manageable
set interface loopback.2 ip manageable
set interface loopback.3 ip manageable
set address "Home" "192.168.1.0" 192.168.1.0 255.255.255.0
set address "Home" "192.168.2.0" 192.168.2.0 255.255.255.0
set address "Home" "192.168.3.0" 192.168.3.0 255.255.255.0
set address "y1" "192.168.4.0" 192.168.4.0 255.255.255.0
set address "y1" "192.168.5.0" 192.168.5.0 255.255.255.0
set address "y1" "192.168.6.0" 192.168.6.0 255.255.255.0
set group address "Home" "zongbu"
set group address "Home" "zongbu" add "192.168.1.0"
set group address "Home" "zongbu" add "192.168.2.0"
set group address "Home" "zongbu" add "192.168.3.0"
set group address "y1" "y1-add"
set group address "y1" "y1-add" add "192.168.4.0"
set group address "y1" "y1-add" add "192.168.5.0"
set group address "y1" "y1-add" add "192.168.6.0"
set ike gateway "to-y1" address 200.1.2.2 Main outgoing-interface "ethernet3" preshare "y4KsQRlYNP35xEsFuFCZCauPCCn/qc9NEA==" proposal "pre-g2-3des-md5"
set *** "y1" gateway "to-y1" no-replay tunnel idletime 0 proposal "g2-esp-3des-md5"
set *** "y1" id 0x2 bind interface tunnel.1
set policy id 6 from "Home" to "y1" "zongbu" "y1-add" "ANY" permit
set policy id 5 from "y1" to "Home" "y1-add" "zongbu" "ANY" permit
set router-id 1.1.1.1
set route 0.0.0.0/0 gateway 200.1.1.1
set interface loopback.1 protocol ospf area 0.0.0.0
set interface loopback.1 protocol ospf enable
set interface loopback.2 protocol ospf area 0.0.0.0
set interface loopback.2 protocol ospf enable
set interface loopback.3 protocol ospf area 0.0.0.0
set interface loopback.3 protocol ospf enable
set interface tunnel.1 protocol ospf area 0.0.0.0
set interface tunnel.1 protocol ospf enable
CISCO configuration:
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 200.1.1.2
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
!
crypto ipsec profile ipsecprof
set transform-set cisco
!
interface Loopback0
ip address 192.168.4.1 255.255.255.0
ip ospf 110 area 0
!
interface Loopback1
ip address 192.168.5.1 255.255.255.0
ip ospf 110 area 0
!
interface Loopback2
ip address 192.168.6.1 255.255.255.0
ip ospf 110 area 0
!
interface Tunnel0
ip address 192.168.100.2 255.255.255.0
ip ospf 110 area 0
tunnel source 200.1.2.2
tunnel destination 200.1.1.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile ipsecprof
!
interface Ethernet0/0
ip address 200.1.2.2 255.255.255.0
router ospf 110
log-adjacency-changes
ip route 0.0.0.0 0.0.0.0 200.1.2.1
当前名称:Netscreen与Cisco跑OSPF
URL分享:http://scyanting.com/article/jcdsio.html