一、这个是比较像客户端的方向的配置方式,因为有一个 拨号光纤在,公网IP地址不是固定的。
interface Tunnel33
interface Tunnel33 配置tunnel(GRE隧道)
description TEST
ip address 192.168.11.70 255.255.255.252 虚拟口地址
ip flow ingress ip流入口
ip nhrp authentication LC 启用认证密钥
ip nhrp map 192.168.11.69 1.1.1.1 创建一个逻辑IP地址和NBMA(多路访问网络)地址的静态绑定
ip nhrp network-id 33 指定网络域
ip nhrp holdtime 60 检测对端失效计时器
ip nhrp nhs 192.168.11.69 将Hub的隧道地址作为spoke到下一跳路由的服务器,用于处理spoke的NHRP查询
ip tcp adjust-mss 1412 IP 的TCP调整
tunnel source Dialer1 配置tunnel源地址
tunnel destination 1.1.1.1 配置tunnel目标地址
tunnel key 33 配置KEY值
二、看一下server 端的配置比较:
interface Tunnel33
description for 79XXXXXXXXXXXXXX
bandwidth 5012
ip address 192.168.11.69 255.255.255.252
no ip redirects
ip mtu 1468
ip flow ingress
ip nat inside
ip nhrp authentication LC 认证的密钥
ip nhrp responder Tunnel33
ip nhrp network-id 33
ip nhrp holdtime 60
ip nhrp server-only
ip virtual-reassembly in
rate-limit input 3176000 17940 17940 conform-action transmit exceed-action drop
rate-limit output 3176000 17940 17940 conform-action transmit exceed-action drop
ip tcp adjust-mss 1100
load-interval 30
tunnel source 1.1.1.1 本端是一个固定的IP地址
tunnel mode gre multipoint 对面不是固定IP地址
tunnel key 33 KEY值
这里的是一个简单的拓扑图,左边的PC可以到右边的PC, 相当于两公司之间通讯,下面这个就是总部而已。与IPsec VPN 相比较起来,这个就只需要一个固定IP就OK了。
R5 的配置实例:
interface Tunnel1
description cccbbb
ip address 172.16.1.2 255.255.255.252
no ip redirects
ip nhrp authentication cccbbb
ip nhrp network-id 1
ip nhrp holdtime 60
tunnel source 40.0.0.2
tunnel mode gre multipoint
tunnel key 1
!
interface Tunnel2
description aaabbb
ip address 172.16.1.6 255.255.255.252
no ip redirects
ip nhrp authentication aaabbb
ip nhrp network-id 2
ip nhrp holdtime 60
tunnel source 40.0.0.2
tunnel mode gre multipoint
tunnel key 2
!
interface FastEthernet0/0
ip address 40.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 40.0.0.1 name bbbb
ip route 192.168.1.0 255.255.255.0 172.16.1.1 name ccc
ip route 192.168.99.0 255.255.255.0 172.16.1.5 name aaa
R4的配置实例:
interface Tunnel2
description aaabbb
ip address 172.16.1.5 255.255.255.0
ip nhrp authentication aaabbb
ip nhrp map 172.16.1.6 40.0.0.2
ip nhrp network-id 2
ip nhrp holdtime 60
ip nhrp nhs 172.16.1.6
ip nat inside
ip virtual-reassembly
tunnel source FastEthernet0/0
tunnel destination 40.0.0.2
tunnel key 2
!
interface FastEthernet0/0
ip address 30.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.99.5 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 30.0.0.1 name aaa
ip route 192.168.1.0 255.255.255.0 172.16.1.6 name ccc
R7 的配置实例:
interface Tunnel1
description cccbbb
ip address 172.16.1.1 255.255.255.252
ip nhrp authentication cccbbb
ip nhrp map 172.16.1.2 40.0.0.2
ip nhrp network-id 1
ip nhrp holdtime 60
ip nhrp nhs 172.16.1.2
tunnel source FastEthernet1/0
tunnel destination 40.0.0.2
tunnel key 1
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 20.0.0.1 255.255.255.252
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 20.0.0.2 name cccc
ip route 192.168.99.0 255.255.255.0 172.16.1.2 name bbb
在模拟公网上面,不怕链路断掉。