1. This is a configuration method that is more like the direction of the client, because there is a dial-up fiber, and the public network IP address is not fixed.
interface Tunnel33
interface Tunnel33 Configure tunnel (GRE tunnel)
description TEST
ip address 192.168.11.70 255.255.255.252 Virtual port address
ip flow ingress ip flow entry
ip nhrp authentication LC Enable authentication key
ip nhrp map 192.168.11.69 1.1.1.1 Create a logical IP Static binding of address and NBMA (Multiple Access Network) address
ip nhrp network-id 33 Specify network domain
ip nhrp holdtime 60 Detect peer failure timer
ip nhrp nhs 192.168.11.69 Use Hub’s tunnel address as spoke to the next hop The routing server is used to process spoke's NHRP query
ip tcp adjust-mss 1412 IP TCP adjustment
tunnel source Dialer1 Configure the source address of the
tunnel tunnel destination 1.1.1.1 Configure the destination address of the
tunnel tunnel key 33 Configure the KEY value
Second, take a look at the configuration comparison on the server side:
interface Tunnel33
description for 79XXXXXXXXXXXXXX
bandwidth 5012
ip address 192.168.11.69 255.255.255.252
no ip redirects
ip mtu 1468
ip flow ingress
ip nat inside
ip nhrp authentication LC certified key
ip nhrp responder Tunnel33
ip nhrp network-id 33
ip nhrp holdtime 60
ip nhrp server-only
ip virtual-reassembly in
rate-limit input 3176000 17940 17940 conform-action transmit exceed-action drop
rate-limit output 3176000 17940 17940 conform-action transmit exceed-action drop
ip tcp adjust-mss 1100
load-interval 30
tunnel source 1.1.1.1 The local end is a fixed IP address
tunnel mode gre multipoint The opposite is not a fixed IP address
tunnel key 33 KEY value
Here is a simple topology. The PC on the left can be connected to the PC on the right, which is equivalent to the communication between the two companies. The following is the headquarters. Compared with IPsec VPN, this only needs a fixed IP.
R5 的配置实例:
interface Tunnel1
description cccbbb
ip address 172.16.1.2 255.255.255.252
no ip redirects
ip nhrp authentication cccbbb
ip nhrp network-id 1
ip nhrp holdtime 60
tunnel source 40.0.0.2
tunnel mode gre multipoint
tunnel key 1
!
interface Tunnel2
description aaabbb
ip address 172.16.1.6 255.255.255.252
no ip redirects
ip nhrp authentication aaabbb
ip nhrp network-id 2
ip nhrp holdtime 60
tunnel source 40.0.0.2
tunnel mode gre multipoint
tunnel key 2
!
interface FastEthernet0/0
ip address 40.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 40.0.0.1 name bbbb
ip route 192.168.1.0 255.255.255.0 172.16.1.1 name ccc
ip route 192.168.99.0 255.255.255.0 172.16.1.5 name aaa
R4的配置实例:
interface Tunnel2
description aaabbb
ip address 172.16.1.5 255.255.255.0
ip nhrp authentication aaabbb
ip nhrp map 172.16.1.6 40.0.0.2
ip nhrp network-id 2
ip nhrp holdtime 60
ip nhrp nhs 172.16.1.6
ip nat inside
ip virtual-reassembly
tunnel source FastEthernet0/0
tunnel destination 40.0.0.2
tunnel key 2
!
interface FastEthernet0/0
ip address 30.0.0.2 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.168.99.5 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 30.0.0.1 name aaa
ip route 192.168.1.0 255.255.255.0 172.16.1.6 name ccc
R7 的配置实例:
interface Tunnel1
description cccbbb
ip address 172.16.1.1 255.255.255.252
ip nhrp authentication cccbbb
ip nhrp map 172.16.1.2 40.0.0.2
ip nhrp network-id 1
ip nhrp holdtime 60
ip nhrp nhs 172.16.1.2
tunnel source FastEthernet1/0
tunnel destination 40.0.0.2
tunnel key 1
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 20.0.0.1 255.255.255.252
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 20.0.0.2 name cccc
ip route 192.168.99.0 255.255.255.0 172.16.1.2 name bbb
On the analog public network, you are not afraid of the link being broken.