动态多点虚拟专用网络项目实践

实验拓扑

实验步骤

1、根据拓扑配置 IP 地址；

2、R1/2/3 配置默认路由到 R4，配置环回接口地址模拟内网主机；
ip route 0.0.0.0 0.0.0.0 下一跳接口

3、R1/R2/R3_ 上建立多点 GER tunnel <通过MGRE实现>；
interface tunnel 0
ip address 172.16.1.1 255.255.255.0
ip mtu 1436
tunnel source 100.1.14.1
tunnel mode gre multipoint
tunnel key 12345

4、通过 GER tunnel 实现逻辑通信 <通过 NHRP 实现>；
R1：
interface tunnel 0
ip nhrp network-id 100
ip nhrp map multicast dynamic

R2/R3：
interface tunnel 0
ip nhrp network-id 100
ip nhrp nhs 172.16.1.1
ip nhrp map 172.16.1.1 100.1.14.1
ip nhrp map multicast 100.1.14.1

5、配置使分支与总部之间的 LAN 可以互相通信 <通过动态路由协议实现>；
router ospf 100
router-id 2.2.2.2
network 172.16.1.0 0.0.0.255 area 0
network 100.1.24.0 0.0.0.255 area 0
network 2.2.2.2 0.0.0.0 area 0
interface tunnel 0
ip ospf network broadcast
ip ospf priority 0

router ospf 100
router-id 3.3.3.3
network 172.16.1.0 0.0.0.255 area 0
network 100.1.34.0 0.0.0.255 area 0
network 3.3.3.3 0.0.0.0 area 0
interface tunnel 0
ip ospf network broadcast
ip ospf priority 0

router ospf 100
router-id 1.1.1.1
network 172.16.1.0 0.0.0.255 area 0
network 100.1.14.0 0.0.0.255 area 0
network 1.1.1.1 0.0.0.0 area 0
interface tunnel 0
ip ospf network broadcast

6、配置使分支与总部之间的通信数据加密 <通过IPSEC来实现>。
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0
crypto ipsec transform-set dmtrans esp-3des esp-sha-hmac
mode transport
crypto ipsec profile dmpro
set transform-set dmtrans
interface tunnel 0
tunnel protection ipsec profile dmpro