配置
R1#show run | s route
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.1 0.0.0.0 area 0
ip route 0.0.0.0 0.0.0.0 12.1.1.2
R1#show run inter tunnel
% Incomplete command.
R1#show run inter tunnel 0
Building configuration...
Current configuration : 324 bytes
!
interface Tunnel0
ip address 10.1.1.1 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip nhrp redirect
ip ospf network point-to-multipoint
tunnel source Serial1/0
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile k
end
R1#show run | s cry
no service password-encryption
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key 6 cisco address 0.0.0.0
crypto ipsec transform-set k esp-aes esp-sha-hmac
mode transport
crypto ipsec profile k
set transform-set k **
R1#
R3#show run | s route
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 10.1.1.3 0.0.0.0 area 0
ip route 0.0.0.0 0.0.0.0 23.1.1.2
R3#show run inter tu
R3#show run inter tunnel 0
Building configuration...
Current configuration : 378 bytes
!
interface Tunnel0
ip address 10.1.1.3 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp map 10.1.1.1 12.1.1.1
ip nhrp map multicast 12.1.1.1
ip nhrp network-id 100
ip nhrp nhs 10.1.1.1
ip nhrp shortcut
ip ospf network point-to-multipoint
tunnel source Serial1/0
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile k
end
R3#
R3#show run | s cry
no service password-encryption
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key 6 cisco address 0.0.0.0
crypto ipsec transform-set k esp-aes esp-sha-hmac
mode transport
crypto ipsec profile k
set transform-set k
R4#show run | s iproute
R4#show run | s route
router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 10.1.1.4 0.0.0.0 area 0
ip route 0.0.0.0 0.0.0.0 24.1.1.2
R4#show run inter tu
R4#show run inter tunnel
% Incomplete command.
R4#show run inter tunnel 0
Building configuration...
Current configuration : 378 bytes
!
interface Tunnel0
ip address 10.1.1.4 255.255.255.0
no ip redirects
ip nhrp authentication cisco123
ip nhrp map 10.1.1.1 12.1.1.1
ip nhrp map multicast 12.1.1.1
ip nhrp network-id 100
ip nhrp nhs 10.1.1.1
ip nhrp shortcut
ip ospf network point-to-multipoint
tunnel source Serial1/0
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile k
End
R4#show run | s cry
R4#show run | s cry
no service password-encryption
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key 6 cisco address 0.0.0.0
crypto ipsec transform-set k esp-aes esp-sha-hmac
mode transport
crypto ipsec profile k
set transform-set k
R3#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
-
- replicated route, % - next hop override
Gateway of last resort is 23.1.1.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 23.1.1.2
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/1001] via 10.1.1.1, 00:00:24, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2001] via 10.1.1.1, 00:00:14, Tunnel0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Tunnel0
O 10.1.1.1/32 [110/1000] via 10.1.1.1, 00:00:24, Tunnel0
L 10.1.1.3/32 is directly connected, Tunnel0
O 10.1.1.4/32 [110/2000] via 10.1.1.1, 00:00:14, Tunnel0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.1.1.0/24 is directly connected, Serial1/0
L 23.1.1.3/32 is directly connected, Serial1/0
R3#
R3#
R3#
R3#
R3#ping 4.4.4.4 so
R3#ping 4.4.4.4 source 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
结果
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/45/51 ms
R3#tr
R3#traceroute 4.4.4.4 so
R3#traceroute 4.4.4.4 source 3.3.3.3
Type escape sequence to abort.
Tracing the route to 4.4.4.4
VRF info: (vrf in name/id, vrf out name/id)
* 1 10.1.1.4 28 msec 27 msec*
R3#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
-
- replicated route, % - next hop override
Gateway of last resort is 23.1.1.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 23.1.1.2
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/1001] via 10.1.1.1, 00:01:39, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
O % 4.4.4.4 [110/2001] via 10.1.1.1, 00:01:29, Tunnel0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.1.0/24 is directly connected, Tunnel0
O 10.1.1.1/32 [110/1000] via 10.1.1.1, 00:01:39, Tunnel0
L 10.1.1.3/32 is directly connected, Tunnel0
O 10.1.1.4/32 [110/2000] via 10.1.1.1, 00:01:29, Tunnel0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.1.1.0/24 is directly connected, Serial1/0
L 23.1.1.3/32 is directly connected, Serial1/0
R3#show ip cef 4.4.4.4
4.4.4.4/32
nexthop 10.1.1.4 Tunnel0
R3#
R1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
5 IPsec AES+SHA 0 30 30 12.1.1.1
6 IPsec AES+SHA 35 0 0 12.1.1.1
7 IPsec AES+SHA 0 26 26 12.1.1.1
8 IPsec AES+SHA 27 0 0 12.1.1.1
1001 IKE MD5+DES 0 0 0 12.1.1.1
1002 IKE MD5+DES 0 0 0 12.1.1.1
R3#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
7 IPsec AES+SHA 0 40 40 23.1.1.3
8 IPsec AES+SHA 36 0 0 23.1.1.3
9 IPsec AES+SHA 0 3 3 23.1.1.3
10 IPsec AES+SHA 0 0 0 23.1.1.3
1001 IKE MD5+DES 0 0 0 23.1.1.3
1002 IKE MD5+DES 0 0 0 23.1.1.3
1003 IKE MD5+DES 0 0 0 23.1.1.3
R4#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
7 IPsec AES+SHA 0 35 35 24.1.1.4
8 IPsec AES+SHA 33 0 0 24.1.1.4
9 IPsec AES+SHA 0 0 0 24.1.1.4
10 IPsec AES+SHA 3 0 0 24.1.1.4
1001 IKE MD5+DES 0 0 0 24.1.1.4
1002 IKE MD5+DES 0 0 0 24.1.1.4
1003 IKE MD5+DES 0 0 0 24.1.1.4