GET VPN with a single Key Server

配置

R1
hostname R1
!
ip cef
!
crypto isakmp policy 1
authentication PRe-share
group 2
crypto isakmp key gdoi address 4.4.4.4
!
crypto gdoi group gdoi
identity address ipv4 4.4.4.4
server address ipv4 4.4.4.4
!
crypto map gdoi 10 gdoi
set group gdoi
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet1/4
ip address 192.168.14.1 255.255.255.0
duplex full
crypto map gdoi
!
router ospf 100
router-id 1.1.1.1
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 192.168.0.0 0.0.255.255 area 0

R2

hostname R2!ip cef!         crypto isakmp policy 1 authentication pre-share group 2  crypto isakmp key gdoi address 4.4.4.4!         crypto gdoi group gdoi identity address ipv4 4.4.4.4 server address ipv4 4.4.4.4!crypto map gdoi 10 gdoi  set group gdoi!interface Loopback0 ip address 2.2.2.2 255.255.255.255!         interface Ethernet1/4 ip address 192.168.24.2 255.255.255.0 duplex full crypto map gdoi!router ospf 100 router-id 2.2.2.2 log-adjacency-changes redistribute connected subnets redistribute static subnets network 192.168.0.0 0.0.255.255 area 0

R3
hostname R3!ip cef!crypto isakmp policy 1 authentication pre-share group 2crypto isakmp key gdoi address 4.4.4.4!crypto gdoi group gdoi identity address ipv4 4.4.4.4 server address ipv4 4.4.4.4!crypto map gdoi 10 gdoi  set group gdoi!interface Loopback0 ip address 3.3.3.3 255.255.255.255!interface Ethernet1/4 ip address 192.168.34.3 255.255.255.0 duplex full crypto map gdoi!router ospf 100 router-id 3.3.3.3 log-adjacency-changes redistribute connected subnets redistribute static subnets network 192.168.0.0 0.0.255.255 area 0

R4
hostname R4!ip cef!crypto isakmp policy 1 authentication pre-share group 2crypto isakmp key gdoi address 192.168.14.1crypto isakmp key gdoi address 192.168.24.2crypto isakmp key gdoi address 192.168.34.3!crypto ipsec transform-set gdoi esp-des esp-sha-hmac !crypto ipsec profile gdoi set security-association lifetime seconds 360 set transform-set gdoi !crypto gdoi group gdoi identity address ipv4 4.4.4.4 server local  rekey lifetime seconds 300  rekey retransmit 10 number 2  rekey authentication mypubkey rsa gdoi  rekey transport unicast  sa ipsec 1   profile gdoi   match address ipv4 101   replay counter window-size 64  address ipv4 4.4.4.4!interface Loopback0 ip address 4.4.4.4 255.255.255.255 ipv6 address FC00:4::4/128 ipv6 enable!interface Ethernet1/1 ip address 192.168.14.4 255.255.255.0 duplex full!interface Ethernet1/2 ip address 192.168.24.4 255.255.255.0 duplex full!interface Ethernet1/3 ip address 192.168.34.4 255.255.255.0 duplex full!router ospf 100 router-id 4.4.4.4 log-adjacency-changes redistribute connected subnets redistribute static subnets network 192.168.0.0 0.0.255.255 area 0!         access-list 101 deny   ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255access-list 101 permit ip host 1.1.1.1 host 2.2.2.2access-list 101 permit ip host 1.1.1.1 host 3.3.3.3access-list 101 permit ip host 2.2.2.2 host 1.1.1.1access-list 101 permit ip host 2.2.2.2 host 3.3.3.3access-list 101 permit ip host 3.3.3.3 host 1.1.1.1access-list 101 permit ip host 3.3.3.3 host 2.2.2.2

R4
R4#sho crypto gdoi  Group Information    Group Name               : gdoi    Group Identity           : 4.4.4.4    Group Members            : 3    IPSec SA Direction       : Both    Active Group Server      : Local    Group Rekey Lifetime     : 300 secs    Group Rekey        Remaining Lifetime   : 95 secs    Rekey Retransmit Period  : 10 secs    Rekey Retransmit Attempts: 2    Group Retransmit        Remaining Lifetime   : 0 secs      IPSec SA Number        : 1      IPSec SA Rekey Lifetime: 360 secs      Profile Name           : gdoi      Replay method          : Count Based      Replay Window Size     : 64      SA Rekey         Remaining Lifetime  : 156 secs      ACL Configured         : access-list 101    Group Server list        : Local

发表评论 共有条评论 用户名: 密码: 验证码: 匿名发表