case学习：使用VTI解决分支机构动态IP与总部互联问题

case学习：使用VTI解决分支机构动态IP与总部互联问题

需求：分支机构（R1）只有ADSL线路，需要与总部（R3）实现LAN能互访。

===========R3-HQ===============

crypto keyring PSK pre-shared-key address 0.0.0.0 0.0.0.0 key cisco

crypto ipsec transform-set TS esp-3des esp-sha-hmac !crypto ipsec profile VTIset transform-set TS

crypto isakmp profile DVTIkeyring PSKmatch identity address 0.0.0.0 virtual-template 1

interface Virtual-Template1 type tunnelip unnumbered Loopback0tunnel mode ipsec ipv4tunnel protection ipsec profile VTI

interface Loopback0ip address 192.168.1.3 255.255.255.0!!interface Loopback100ip address 10.23.0.3 255.255.255.0

!interface GigabitEthernet0/0ip address 100.23.0.3 255.255.255.0!!router ospf 1network 10.23.0.0 0.0.0.255 area 0network 192.168.1.0 0.0.0.255 area 0

ip route 0.0.0.0 0.0.0.0 100.23.0.2

==========R1-Branch============

crypto keyring PSK pre-shared-key address 0.0.0.0 0.0.0.0 key cisco! !crypto ipsec transform-set TS esp-3des esp-sha-hmac !crypto ipsec profile VTIset transform-set TS !interface Loopback0ip address 192.168.1.1 255.255.255.0!!interface Loopback100ip address 10.12.0.1 255.255.255.0!!interface Tunnel1ip unnumbered Loopback0tunnel source GigabitEthernet0/0tunnel mode ipsec ipv4tunnel destination 100.23.0.3tunnel protection ipsec profile VTI!

interface GigabitEthernet0/0ip address 100.12.0.1 255.255.255.0

!router ospf 1network 10.12.0.0 0.0.0.255 area 0network 192.168.1.0 0.0.0.255 area 0

!ip route 0.0.0.0 0.0.0.0 100.12.0.2

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。