以IPSec方式连接到MPLS VPN时IPSec VRFaware Feature实验配置Word文档格式.docx
《以IPSec方式连接到MPLS VPN时IPSec VRFaware Feature实验配置Word文档格式.docx》由会员分享,可在线阅读,更多相关《以IPSec方式连接到MPLS VPN时IPSec VRFaware Feature实验配置Word文档格式.docx(27页珍藏版)》请在冰点文库上搜索。
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
hostnameCE-A
boot-start-marker
boot-end-marker
noaaanew-model
memory-sizeiomem5
ipcef
noipdomainlookup
cryptoisakmppolicy10
hashmd5
authenticationpre-share
group2
cryptoisakmppeeraddress172.16.2.2#ISAKMPphase1使用的是aggressivemode
setaggressive-modepasswordxinjialove
setaggressive-modeclient-endpointfqdnxinjialove
cryptoipsectransform-setxinjialoveesp-desesp-md5-hmac
cryptomapxinjialove10ipsec-isakmp
setpeer172.16.2.2
settransform-setxinjialove
matchaddress100
interfaceLoopback0
ipaddress1.1.1.1255.255.255.255
interfaceFastEthernet0/0
noipaddress
shutdown
duplexauto
speedauto
interfaceFastEthernet0/1
interfaceSerial1/0
serialrestart-delay0
interfaceSerial1/1
ipaddress172.16.1.1255.255.255.0
cryptomapxinjialove
interfaceSerial1/2
interfaceSerial1/3
interfaceFastEthernet2/0
iproute0.0.0.00.0.0.0Serial1/1
iphttpserver
noiphttpsecure-server
access-list100permitip1.0.0.00.255.255.2556.0.0.00.255.255.255
control-plane
linecon0
loggingsynchronous
lineaux0
linevty04
login
End
Internetconfiguration
Internet#shrun
983bytes
hostnameInternet
ipaddress2.2.2.2255.255.255.255
ipaddress172.16.1.2255.255.255.0
ipaddress172.16.2.1255.255.255.0
end
PE-Aconfiguration
PE-A#shrun
2194bytes
hostnamePE-A
ipvrfxinjialove
rd100:
1
route-targetexport100:
route-targetimport100:
cryptokeyringxinjialove
pre-shared-keyhostnamexinjialovekeyxinjialove
cryptoisakmpprofilexinjialove
vrfxinjialove#指定与match语句匹配的IPSec连接所属VRF
keyringxinjialove#指定ISAKMP认证使用的秘钥链
matchidentityhostxinjialove#必须配置match语句
cryptoipsectransform-setxinjialoveesp-desesp-md
cryptodynamic-mapxinjialove10
setisakmp-profilexinjialove#调用above的isakmpprofile
reverse-route#反向路由注入
cryptomapxinjialove10ipsec-isakmpdynamicxinjia
ipaddress3.3.3.3255.255.255.255
ipaddress172.16.2.2255.255.255.0
ipaddress172.16.3.1255.255.255.0
mplslabelprotocolldp
mplsip
routerospf1
log-adjacency-changes
passive-interfaceSerial1/0
network0.0.0.0255.255.255.255area0
routerbgp100
nobgpdefaultipv4-unicast
bgplog-neighbor-changes
neighbor5.5.5.5remote-as100
neighbor5.5.5.5update-sourceLoopback0
!
address-familyvpnv4
neighbor5.5.5.5activate
neighbor5.5.5.5send-communityboth
exit-address-family
address-familyipv4vrfxinjialove
redistributestatic#将vrfxinjialove内的reverse-route重分发到BGP中,后作为VPNV4路由通告到对端C网络内
nosynchronization
iproute0.0.0.00.0.0.0Serial1/0
P-Routerconfiguration
P-router#shrun
1130bytes
hostnameP-router
ipaddress4.4.4.4255.255.255.255
ipaddress172.16.3.2255.255.255.0
ipaddress172.16.4.1255.255.255.0
PE-Bconfiguration
PE-B#shrun
1703bytes
hostnamePE-B
ipaddress5.5.5.5255.255.255.255
ipaddress172.16.4.2255.255.255.0
ipvrfforwardingxinjialove
ipaddress172.16.5.1255.255.255.0
routerospf2vrfxinjialove
redistributebgp100subnets
neighbor3.3.3.3remote-as100
neighbor3.3.3.3update-sourceLoopback0
neighbor3.3.3.3activate
neighbor3.3.3.3send-communityboth
redistributeospf2vrfxinjialove
CE-Bconfiguration
CE-B#shrun
1058bytes
hostnameCE-B
ipaddress6.6.6.6255.255.255.255
ipaddress172.16.5.2255.255.255.0
ipaddress172.16.6.1255.255.255.0
SHOW信息
CE-AisakmpSA信息
CE-AIPSecSA信息
PE-AISAKMPSA信息
PE-AIPSecSA信息
PE-Aiproutevrfxinjialov
升级会员 