模拟两地公司通过×××专用网路远程搭建AD DC额外域的实验  


      这个是2014年写的老物了,好像是考完软考后下班无聊做的。都是在51cto上学来的东西,算是让后来的人做参考。小弟模式环境不是生产环境,有不对的请指教。



     实验大致思路:

     1.先搭建网络环境让×××先互通。

     2.模拟AD DC环境,搭建AD DC额外域的实验。

     3.用server2003模拟环境占用资源少点。


    模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第1张图片        


 



 
 R1:
!



version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

username qiang privilege 15 password 0 1234560

aaa new-model

!

!

aaa authentication login default local

aaa session-id common

ip subnet-zero

!

!

ip domain name company.com

!

!

ip cef

ip ips po max-events 100

vpdn enable

!

vpdn-group pptp

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key ciscokey address 211.102.22.2

!

!

crypto ipsec transform-set mytrans esp-des

!

crypto map ***tor3 10 ipsec-isakmp

! Incomplete

set peer 211.102.22.2

set transform-set mytrans

match address 100

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Serial1/0

ip address 202.16.28.4 255.255.255.0

serial restart-delay 0

clockrate 64000

crypto map ***tor3

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/4

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/5

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/6

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/7

no ip address

shutdown

serial restart-delay 0

!

interface FastEthernet2/0

ip address 192.168.12.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet2/1

no ip address

shutdown

duplex auto

speed auto

!

interface Virtual-Template1

ip unnumbered FastEthernet2/0

peer default ip address pool pptp

ppp authentication ms-chap ms-chap-v2 pap

!

ip local pool pptp 172.16.202.1 172.16.202.254

ip classless

ip route 0.0.0.0 0.0.0.0 202.16.28.5

ip http server

ip http secure-server

!

!

!

access-list 100 permit ip 172.16.202.0 0.0.0.255 172.16.203.0 0.0.0.255


snmp-server community pubilc RO

snmp-server community private RW

snmp-server trap-source FastEthernet2/0

snmp-server enable traps tty

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

!

!

end


Internet :

!



!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Internet

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

ip subnet-zero

!

!

ip domain name company.com

!

!

ip cef

ip ips po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Serial1/0

ip address 202.16.28.5 255.255.255.0

serial restart-delay 0

clockrate 64000

!

interface Serial1/1

ip address 211.102.22.1 255.255.255.0

serial restart-delay 0

clockrate 64000

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/4

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/5

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/6

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/7

no ip address

shutdown

serial restart-delay 0

!

ip classless

ip http server

ip http secure-server

!

!

!

!

snmp-server community pubilc RO

snmp-server community private  RW

snmp-server enable traps tty

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

!

end


R3:

!




!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

!

username tom privilege 15 password 0 1234560

aaa new-model

!

!

aaa authentication login default local

aaa session-id common

ip subnet-zero

!

!

ip domain name company.com

!

!

ip cef

ip ips po max-events 100

vpdn enable

!

vpdn-group pptp

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

crypto isakmp policy 1

hash md5

!

crypto isakmp policy 2

hash md5

authentication pre-share

crypto isakmp key ciscokey address 202.16.28.4

!

!

crypto ipsec transform-set mytrans esp-des

!

crypto map ***tor1 10 ipsec-isakmp

set peer 202.16.28.4

set transform-set mytrans

match address 100

!

!

!

!


!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Serial1/0

ip address 211.102.22.2 255.255.255.0

serial restart-delay 0

clockrate 64000

crypto map ***tor1

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/4

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/5

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/6

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/7

no ip address

shutdown

serial restart-delay 0

!

interface FastEthernet2/0

ip address 192.168.5.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet2/1

no ip address

shutdown

duplex auto

speed auto

!

interface Virtual-Template1

ip unnumbered FastEthernet2/0

peer default ip address pool pptp

ppp authentication ms-chap ms-chap-v2 pap

!

ip local pool pptp 172.16.203.1 172.16.203.254

ip classless

ip route 0.0.0.0 0.0.0.0 211.102.22.1

ip http server

ip http secure-server

!

!

!


!

access-list 100 permit ip 172.16.203.0 0.0.0.255 172.16.202.0 0.0.0.255


snmp-server community public RO

snmp-server community private WR

snmp-server trap-source FastEthernet2/0

snmp-server enable traps tty

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

logging synchronous

stopbits 1

line aux 0

stopbits 1

line vty 0 4

transport input all

!

!

end
 

实验的两台AD DC,先装系统


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第2张图片


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第3张图片


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第4张图片

建立好×××拨号上网,真实是要给ISP付费的

模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第5张图片



 
主控ADDC做好后进行备份,然后在另一站点还原备份并dcpromo /adv 进行远程网络安装额外域

模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第6张图片

模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第7张图片

模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第8张图片


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第9张图片


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第10张图片

模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第11张图片


  随后就是两地AD DC服务器便可复制信息


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第12张图片


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第13张图片


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第14张图片


模拟两地公司通过***专用网路远程搭建AD DC额外域的实验_第15张图片


     遗留问题:如果AD DC 是在公网互联的情况下(不是×××点对点网络环境),如何进行多站点复制呢?