« Back
in 安全 VPN 思科 read.

Redundancy VPN

Redundancy vpn

 

R1配置:

crypto isakmp policy 10
  hash md5
  authentication pre-share
  group 2

crypto isakmp key cisco address 10.1.1.254

crypto isakmp keepalive 10 periodic

crypto ipsec transform-set trans esp-des esp-md5-hmac

crypto map cisco 10 ipsec-isakmp
  set peer 10.1.1.254
  set transform-set trans
  match address vpn

interface Loopback0
  ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0
  ip address 10.1.1.1 255.255.255.0
  speed 100
  full-duplex
  crypto map cisco

ip route 0.0.0.0 0.0.0.0 10.1.1.254

ip access-list extended vpn
  permit ip host 1.1.1.1 host 4.4.4.4

 

R2配置:

crypto isakmp policy 10
  hash md5
  authentication pre-share
  group 2

crypto isakmp key cisco address 10.1.1.1

crypto isakmp keepalive 10 periodic

crypto ipsec transform-set trans esp-des esp-md5-hmac

crypto map cisco 10 ipsec-isakmp
  set peer 10.1.1.1
  set transform-set trans
  set reverse-route tag 20
  match address vpn
  reverse-route

interface FastEthernet0/0
  no ip address
  duplex full

interface FastEthernet0/0.10
  encapsulation dot1Q 10
  ip address 10.1.1.2 255.255.255.0
  standby 1 ip 10.1.1.254
  standby 1 priority 105
  standby 1 preempt
  standby 1 authentication cisco123
  standby 1 name RE
  crypto map cisco redundancy RE
!

interface FastEthernet0/0.20
  encapsulation dot1Q 20
  ip address 20.1.1.2 255.255.255.0

router eigrp 100
  redistribute static route-map match-tag
  network 20.1.1.2 0.0.0.0
  no auto-summary

ip route 0.0.0.0 0.0.0.0 10.1.1.1

ip access-list extended vpn
  permit ip host 4.4.4.4 host 1.1.1.1

route-map match-tag permit 10
  match tag 20

 

R3配置:

crypto isakmp policy 10
  hash md5
  authentication pre-share
  group 2

crypto isakmp key cisco address 10.1.1.1

crypto isakmp keepalive 10 periodic

crypto ipsec transform-set trans esp-des esp-md5-hmac

crypto map cisco 10 ipsec-isakmp
  set peer 10.1.1.1
  set transform-set trans
  set reverse-route tag 20
  match address vpn
  reverse-route

interface FastEthernet0/0
  no ip address
  duplex full

interface FastEthernet0/0.10
  encapsulation dot1Q 10
  ip address 10.1.1.3 255.255.255.0
  standby 1 ip 10.1.1.254
  standby 1 priority 105
  standby 1 preempt
  standby 1 authentication cisco123
  standby 1 name RE
  crypto map cisco redundancy RE
!

interface FastEthernet0/0.20
  encapsulation dot1Q 20
  ip address 20.1.1.3 255.255.255.0

router eigrp 100
  redistribute static route-map match-tag
  network 20.1.1.3 0.0.0.0
  no auto-summary

ip route 0.0.0.0 0.0.0.0 10.1.1.1

ip access-list extended vpn
  permit ip host 4.4.4.4 host 1.1.1.1

route-map match-tag permit 10
  match tag 20