case学习:使用VTI解决分支机构动态IP与总部互联问题-创新互联
需求:分支机构(R1)只有ADSL线路,需要与总部(R3)实现LAN能互访。
===========R3-HQ===============
crypto keyring PSK
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco
crypto ipsec transform-set TS esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TS
crypto isakmp profile DVTI
keyring PSK
match identity address 0.0.0.0
virtual-template 1
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VTI
interface Loopback0
ip address 192.168.1.3 255.255.255.0
!
!
interface Loopback100
ip address 10.23.0.3 255.255.255.0
!
interface GigabitEthernet0/0
ip address 100.23.0.3 255.255.255.0
!
!
router ospf 1
network 10.23.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
ip route 0.0.0.0 0.0.0.0 100.23.0.2
==========R1-Branch============
crypto keyring PSK
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco
!
!
crypto ipsec transform-set TS esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
set transform-set TS
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
!
interface Loopback100
ip address 10.12.0.1 255.255.255.0
!
!
interface Tunnel1
ip unnumbered Loopback0
tunnel source GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel destination 100.23.0.3
tunnel protection ipsec profile VTI
!
interface GigabitEthernet0/0
ip address 100.12.0.1 255.255.255.0
!
router ospf 1
network 10.12.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 100.12.0.2
另外有需要云服务器可以了解下创新互联cdcxhl.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。
分享标题:case学习:使用VTI解决分支机构动态IP与总部互联问题-创新互联
转载来源:http://ybzwz.com/article/dijjce.html