千家信息网最后更新 2025年01月19日Netscreen与Cisco跑OSPF
拓扑:
ISP Configuration:
int e0/0
ip add 200.1.1.1 255.255.255.0
no sh
int e0/1
ip add 200.1.2.1 255.255.255.0
no sh
Netscreen Cconfiguration:
set zone name y1 set interface "loopback.1" zone "Home"set interface "loopback.2" zone "Home"set interface "loopback.3" zone "Home"set interface ethernet3 ip 200.1.1.2/24set interface loopback.1 ip 192.168.1.1/24set interface loopback.2 ip 192.168.2.1/24set interface loopback.3 ip 192.168.3.1/24set int tun.1 zone y1set interface tunnel.1 ip 192.168.100.1/24set interface ethernet3 ip manageableset interface loopback.1 ip manageableset interface loopback.2 ip manageableset interface loopback.3 ip manageableset address "Home" "192.168.1.0" 192.168.1.0 255.255.255.0set address "Home" "192.168.2.0" 192.168.2.0 255.255.255.0set address "Home" "192.168.3.0" 192.168.3.0 255.255.255.0set address "y1" "192.168.4.0" 192.168.4.0 255.255.255.0set address "y1" "192.168.5.0" 192.168.5.0 255.255.255.0set address "y1" "192.168.6.0" 192.168.6.0 255.255.255.0set group address "Home" "zongbu"set group address "Home" "zongbu" add "192.168.1.0"set group address "Home" "zongbu" add "192.168.2.0"set group address "Home" "zongbu" add "192.168.3.0"set group address "y1" "y1-add"set group address "y1" "y1-add" add "192.168.4.0"set group address "y1" "y1-add" add "192.168.5.0"set group address "y1" "y1-add" add "192.168.6.0"set ike gateway "to-y1" address 200.1.2.2 Main outgoing-interface "ethernet3" preshare "y4KsQRlYNP35xEsFuFCZCauPCCn/qc9NEA==" proposal "pre-g2-3des-md5"set *** "y1" gateway "to-y1" no-replay tunnel idletime 0 proposal "g2-esp-3des-md5" set *** "y1" id 0x2 bind interface tunnel.1set policy id 6 from "Home" to "y1" "zongbu" "y1-add" "ANY" permit set policy id 5 from "y1" to "Home" "y1-add" "zongbu" "ANY" permit set router-id 1.1.1.1set route 0.0.0.0/0 gateway 200.1.1.1set interface loopback.1 protocol ospf area 0.0.0.0set interface loopback.1 protocol ospf enableset interface loopback.2 protocol ospf area 0.0.0.0set interface loopback.2 protocol ospf enableset interface loopback.3 protocol ospf area 0.0.0.0set interface loopback.3 protocol ospf enableset interface tunnel.1 protocol ospf area 0.0.0.0set interface tunnel.1 protocol ospf enable
CISCO configuration:crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 200.1.1.2! ! crypto ipsec transform-set cisco esp-3des esp-md5-hmac ! crypto ipsec profile ipsecprof set transform-set cisco ! interface Loopback0 ip address 192.168.4.1 255.255.255.0 ip ospf 110 area 0! interface Loopback1 ip address 192.168.5.1 255.255.255.0 ip ospf 110 area 0! interface Loopback2 ip address 192.168.6.1 255.255.255.0 ip ospf 110 area 0! interface Tunnel0 ip address 192.168.100.2 255.255.255.0 ip ospf 110 area 0 tunnel source 200.1.2.2 tunnel destination 200.1.1.2 tunnel mode ipsec ipv4 tunnel protection ipsec profile ipsecprof! interface Ethernet0/0 ip address 200.1.2.2 255.255.255.0router ospf 110 log-adjacency-changesip route 0.0.0.0 0.0.0.0 200.1.2.1
