Cisco IPSec & EIGRP – 傻瓜的日記

host R1
no ip domain lookup
int e0/0
ip address 10.255.255.1 255.255.255.0
no shut
duplex full
int lo0
ip address 1.1.1.1 255.255.255.255

router eigrp 1
network 10.255.255.0 0.0.0.255
network 1.1.1.1 0.0.0.0
no auto

host R2
no ip domain lookup
int e0/0
ip address 10.255.255.2 255.255.255.0
no shut
duplex full
int e0/1
ip address 202.80.1.2 255.255.255.0
no shut
duplex full
int e0/2
ip address 218.80.1.2 255.255.255.0
no shut
duplex full

ip route 202.100.1.0 255.255.255.0 202.80.1.7
ip route 218.100.1.0 255.255.255.0 218.80.1.8

router eigrp 1
network 10.255.255.0 0.0.0.255
no auto

crypto ipsec transform-set VPN-IPSEC esp-aes 256 esp-sha-hmac

crypto ikev2 keyring VPN-IPSEC_HGC_keyring
peer 202.100.1.3
address 202.100.1.3
pre-shared-key 0987654321

crypto ikev2 profile VPN-IPSEC_HGC_profile
match address local interface e0/1
match identity remote address 202.100.1.3 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring local VPN-IPSEC_HGC_keyring

crypto ipsec profile VPN-IPSEC_HGC
set transform-set VPN-IPSEC
set pfs group2
set ikev2-profile VPN-IPSEC_HGC_profile

crypto ikev2 keyring VPN-IPSEC_PCCW_keyring
peer 218.100.1.4
address 218.100.1.4
pre-shared-key 0987654321

crypto ikev2 profile VPN-IPSEC_PCCW_profile
match address local interface e0/2
match identity remote address 218.100.1.4 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring local VPN-IPSEC_PCCW_keyring

crypto ipsec profile VPN-IPSEC_PCCW
set transform-set VPN-IPSEC
set pfs group2
set ikev2-profile VPN-IPSEC_PCCW_profile

int t1
bandwidth 700
ip address 10.255.23.2 255.255.255.0
tunnel source 202.80.1.2
tunnel dest 202.100.1.3
tunnel protection IPsec profile VPN-IPSEC_HGC

int t2
bandwidth 800
ip address 10.255.24.2 255.255.255.0
tunnel source 218.80.1.2
tunnel dest 218.100.1.4
tunnel protection IPsec profile VPN-IPSEC_PCCW

router eigrp 1
network 10.255.23.0 0.0.0.255
network 10.255.24.0 0.0.0.255

host HGC_700M
int e0/0
ip address 202.80.1.7 255.255.255.0
no shut
duplex full
int e0/1
ip address 202.100.1.7 255.255.255.0
no shut
duplex full

host PCCW_800M
int e0/0
ip address 218.80.1.8 255.255.255.0
no shut
duplex full
int e0/1
ip address 218.100.1.8 255.255.255.0
no shut
duplex full

host R3
no ip domain lookup
int e0/0
ip address 202.100.1.3 255.255.255.0
no shut
duplex full
int e0/1
ip address 10.255.254.3 255.255.255.0
no shut
duplex full

ip route 202.80.1.0 255.255.255.0 202.100.1.7

router eigrp 1
network 10.255.254.0 0.0.0.255
no auto

crypto ipsec transform-set VPN-IPSEC esp-aes 256 esp-sha-hmac

crypto ikev2 keyring VPN-IPSEC_HGC_keyring
peer 202.80.1.2
address 202.80.1.2
pre-shared-key 0987654321

crypto ikev2 profile VPN-IPSEC_HGC_profile
match address local interface e0/0
match identity remote address 202.80.1.2 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring local VPN-IPSEC_HGC_keyring

crypto ipsec profile VPN-IPSEC_HGC
set transform-set VPN-IPSEC
set pfs group2
set ikev2-profile VPN-IPSEC_HGC_profile

int t1
bandwidth 700
ip address 10.255.23.3 255.255.255.0
tunnel source 202.100.1.3
tunnel dest 202.80.1.2
tunnel protection IPsec profile VPN-IPSEC_HGC

router eigrp 1
network 10.255.23.0 0.0.0.255

host R4
no ip domain lookup
int e0/0
ip address 218.100.1.4 255.255.255.0
no shut
duplex full
int e0/1
ip address 10.255.254.4 255.255.255.0
no shut
duplex full

ip route 218.80.1.0 255.255.255.0 218.100.1.8

router eigrp 1
network 10.255.254.0 0.0.0.255
no auto

crypto ipsec transform-set VPN-IPSEC esp-aes 256 esp-sha-hmac

crypto ikev2 keyring VPN-IPSEC_PCCW_keyring
peer 218.80.1.2
address 218.80.1.2
pre-shared-key 0987654321

crypto ikev2 profile VPN-IPSEC_PCCW_profile
match address local interface e0/0
match identity remote address 218.80.1.2 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring local VPN-IPSEC_PCCW_keyring

crypto ipsec profile VPN-IPSEC_PCCW
set transform-set VPN-IPSEC
set pfs group2
set ikev2-profile VPN-IPSEC_PCCW_profile

int t2
bandwidth 800
ip address 10.255.24.4 255.255.255.0
tunnel source 218.100.1.4
tunnel dest 218.80.1.2
tunnel protection IPsec profile VPN-IPSEC_PCCW

router eigrp 1
network 10.255.24.0 0.0.0.255

host R5
no ip domain lookup
int e0/0
ip address 10.255.254.5 255.255.255.0
no shut
duplex full
int lo0
ip address 5.5.5.5 255.255.255.255

router eigrp 1
network 10.255.254.0 0.0.0.255
network 5.5.5.5 0.0.0.0
no auto

發佈留言 取消回覆

發佈留言取消回覆