FD.io/VPP — GRE over IPSec

17
四月
2021

目录

文章目录

  • 目录
  • GRE over IPSec
  • VPP1(主动)
    • 配置接口
    • 配置 IPSec IKEv2
    • 配置 GRE 隧道
  • VPP2(被动)
    • 配置接口
    • 配置 IPSec IKEv2
    • 配置 GRE 隧道

GRE over IPSec

在这里插入图片描述

PC1 ping PC2,可以 ping 通。

VPP1(主动)

配置接口

set int state GigabitEthernet2/1/0 up

set int ip address GigabitEthernet2/1/0 20.20.20.1/24

set int state GigabitEthernet2/2/0 up

set int ip address GigabitEthernet2/2/0 30.30.30.1/24

配置 IPSec IKEv2

ikev2 profile add pr1

ikev2 profile set pr1 auth shared-key-mic string Vpp123

ikev2 profile set pr1 id local fqdn vpp1.home
ikev2 profile set pr1 id remote fqdn vpp2.home

ikev2 profile set pr1 responder GigabitEthernet2/1/0 20.20.20.2

ikev2 profile set pr1 ike-crypto-alg aes-cbc 128 ike-integ-alg sha1-96 ike-dh modp-1024
ikev2 profile set pr1 esp-crypto-alg aes-cbc 128 esp-integ-alg sha1-96 esp-dh modp-1024

ikev2 profile set pr1 traffic-selector local ip-range 40.40.40.0 - 40.40.40.254 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 40.40.40.0 - 40.40.40.254 port-range 0 - 65535 protocol 0

ikev2 initiate sa-init pr1

show ikev2 sa

配置 GRE 隧道

  • 使用 IPSec 接口 IP 地址创建 GRE。
set int state ipsec0 up
set int ip address ipsec0 40.40.40.1/24

create gre tunnel src 40.40.40.1 dst 40.40.40.2 instance 0

set int state gre0 up
set int ip address gre0 50.50.50.1/24

ip route 10.10.10.0/24 via gre0

VPP2(被动)

配置接口

set int state GigabitEthernet2/1/0 up

set int ip address GigabitEthernet2/1/0 20.20.20.2/24

set int state GigabitEthernet2/2/0 up

set int ip address GigabitEthernet2/2/0 10.10.10.1/24

配置 IPSec IKEv2

ikev2 profile add pr1

ikev2 profile set pr1 auth shared-key-mic string Vpp123

ikev2 profile set pr1 id local fqdn vpp1.home
ikev2 profile set pr1 id remote fqdn vpp2.home

ikev2 profile set pr1 traffic-selector local ip-range 40.40.40.0 - 40.40.40.254 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 40.40.40.0 - 40.40.40.254 port-range 0 - 65535 protocol 0

show ikev2 sa

配置 GRE 隧道

  • 使用 IPSec 接口 IP 地址创建 GRE。
set int state ipsec0 up
set int ip address ipsec0 40.40.40.2/24

create gre tunnel src 40.40.40.2 dst 40.40.40.1 instance 0

set int state gre0 up
set int ip address gre0 50.50.50.2/24

ip route 30.30.30.0/24 via gre0
TAG

网友评论

共有访客发表了评论
请登录后再发布评论,和谐社会,请文明发言,谢谢合作! 立即登录 注册会员