Cisco GRE OVER IPsec ××× 典型配置

tunnel + vpn

R1=================================================================

enable

conf t

noip domain-lookup

line 0

no exec-timeout

logging synchronous

exit

host R1

in f0/0

ip add 170.58.12.1 255.255.255.0

no sh

int lo0

ip add 1.1.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 170.58.12.2

inter tunnel 100

tunn so 170.58.12.1

tunn de 170.58.23.3

ip add 170.58.13.1 255.255.255.0

router ospf 100

router-id 1.1.1.1

net  170.58.13.0 0.0.0.255 a 0

net 1.1.1.0 0.0.0.255 a 0

crypto isakmp policy 10

authentication pre-share

crypto isakmp key 0 cisco address 170.58.23.3

crypto ipsec transform-set aaa esp-3des esp-md5-hmac

crypto map bbb 10 ipsec-isakmp

match address vpn

set peer 170.58.23.3

set transform-set aaa

ip access-list extended vpn

permit gre host 170.58.12.1 host 170.58.23.3

crypto map bbb

R2============================================================

no ip domain-lookup

host R2

ip add 170.58.12.2 255.255.255.0

in f0/01

ip add 170.58.23.2 255.255.255.0

R3============================================================

host R3

in f0/1

ip add 170.58.23.3 255.255.255.0

ip add 3.3.3.3 255.255.255.0

ip route 0.0.0.0 0.0.0.0 170.58.23.2

tunn so 170.58.23.3

tunn de 170.58.12.1

ip add 170.58.13.3 255.255.255.0

router-id 3.3.3.3

net 3.3.3.0 0.0.0.255 a 0

crypto isakmp key 0 cisco address 170.58.12.1

crypto ipsec transform-set ccc esp-3des esp-md5-hmac

crypto map ddd 10 ipsec-isakmp

set peer 170.58.12.1

set transform-set ccc

permit gre host 170.58.23.3 host 170.58.12.1

crypto map ddd