GRE VPN和GRE over ipsec实验配置

实验topo

实验步骤：

1.配置静态路由协议，使tunnel口中源端、目的端接口IP地址实现互通。

2.配置静态路由协议，通信点之间均有去往对端的路由，下一跳为出接口tunnel口。

3.配置tunnel口修改隧道协议为GRE，配置tunnel接口IP地址，配置隧道源端物理接口IP地址、目的端接口IP地址。

4.可在隧道接口下配置keepalive报文检测机制（默认发送周期为5s），检查隧道两端通信情况。

提示：在ensp中必须选择AR系列路由器进行实验，普通路由器不支持GRE VPN和IPsec VPN。

实验步骤配置代码：

实验一 GRE VPN：

AR1:
interface Tunnel0/0/0
 ip address 10.0.0.1 255.255.255.0 
 tunnel-protocol gre
 keepalive period 3 
 source 12.12.12.1
 destination 23.23.23.3
ip route-static 23.23.23.0 255.255.255.0 12.12.12.2

ip route-static 172.16.1.0 255.255.255.0 Tunnel0/0/0
或
ospf 1 router-id 1.1.1.1 
 area 0.0.0.0 
  network 10.0.0.0 0.0.0.255 
  network 192.168.1.0 0.0.0.255 

AR3:
interface Tunnel0/0/0
 ip address 10.0.0.2 255.255.255.0 
 tunnel-protocol gre
 keepalive period 3 
 source 23.23.23.3
 destination 12.12.12.1
ip route-static 12.12.12.0 255.255.255.0 23.23.23.2

ip route-static 192.168.1.0 255.255.255.0 Tunnel0/0/0
或
ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 10.0.0.0 0.0.0.255 
  network 172.16.1.0 0.0.0.255 

GRE over ipsec配置部分：
AR1：
acl number 3000  
 rule 5 permit gre source 12.12.12.0 0.0.0.255 destination 23.23.23.0 0.0.0.255
#
ipsec proposal baode
#
ike proposal 1
#
ike peer abc v2
 pre-shared-key simple 123
 ike-proposal 1
 remote-address 23.23.23.3
#
ipsec policy ipsec-vpn 10 isakmp
 security acl 3000
 ike-peer abc
 proposal baode
#
interface GigabitEthernet0/0/0
 ip address 12.12.12.1 255.255.255.0 
 ipsec policy ipsec-vpn

AR3：
acl number 3000  
 rule 5 permit gre source 23.23.23.0 0.0.0.255 destination 12.12.12.0 0.0.0.255
#
ipsec proposal baode
#
ike proposal 1
#
ike peer abc v2
 pre-shared-key simple 123
 ike-proposal 1
 remote-address 12.12.12.1
#
ipsec policy ipsec-vpn 10 isakmp
 security acl 3000
 ike-peer abc
 proposal baode
#
interface GigabitEthernet0/0/0
 ip address 23.23.23.3 255.255.255.0 
 ipsec policy ipsec-vpn