3分支GRE OVER IPSEC + OSPF

3分支GRE OVER IPSEC + OSPF

在这里插入图片描述注意：ospf宣告不要用0.0.0.0 255.255.255.255 宣告
AR21 与 23之间的ipsce 和 21 与 24、23 与24之间不一样。

AR21
[AR 21]dis cu
[V200R003C00]

sysname AR 21

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

acl number 3000
rule 5 permit ip
acl number 3001
rule 5 permit ip source 100.0.12.1 0 destination 100.0.23.3 0

ipsec proposal huawei
ipsec proposal ospf

ike proposal 10

ike peer ospf v2
pre-shared-key simple 12345678
ike-proposal 10
peer-id-type ip
ike peer r1 v2
pre-shared-key simple 12345678
ike-proposal 10
remote-address 100.0.23.3

ipsec policy huawei 10 isakmp
security acl 3001
ike-peer r1
proposal huawei

ipsec profile ospf
ike-peer ospf
proposal ospf

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %K8m.Nt84DZ}e#<0`8bmE3Uw}%
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 100.0.12.1 255.255.255.0
ipsec policy huawei
nat outbound 3000

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2
ip address 192.168.1.1 255.255.255.0

interface NULL0

interface LoopBack0
ip address 1.1.1.1 255.255.255.255

interface Tunnel0/0/0
ip address 10.1.1.21 255.255.255.0
tunnel-protocol gre
source 100.0.12.1
destination 100.0.23.3

interface Tunnel0/0/1
ip address 10.1.2.21 255.255.255.0
tunnel-protocol gre
source 100.0.12.1
destination 100.0.24.24
ipsec profile ospf

ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 192.168.1.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 100.0.12.2

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

AR23

<AR 23>DIS CU
[V200R003C00]

sysname AR 23

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

acl number 3000
rule 5 permit ip
acl number 3001
rule 5 permit ip source 100.0.23.3 0 destination 100.0.12.1 0

ipsec proposal huawei
ipsec proposal ospf

ike proposal 10

ike peer ospf v2
pre-shared-key simple 12345678
ike-proposal 10
peer-id-type ip
ike peer r3 v2
pre-shared-key simple 12345678
ike-proposal 10
remote-address 100.0.12.1

ipsec policy huawei 10 isakmp
security acl 3001
ike-peer r3
proposal huawei

ipsec profile ospf
ike-peer ospf
proposal ospf

firewall zone Local
priority 15

interface GigabitEthernet0/0/0

interface GigabitEthernet0/0/1
ip address 100.0.23.3 255.255.255.0
ipsec policy huawei
nat outbound 3000

interface GigabitEthernet0/0/2
ip address 192.168.2.1 255.255.255.0

interface NULL0

interface LoopBack0
ip address 2.2.2.2 255.255.255.255

interface Tunnel0/0/0
ip address 10.1.1.23 255.255.255.0
tunnel-protocol gre
source 100.0.23.3
destination 100.0.12.1

interface Tunnel0/0/1
ip address 10.1.2.23 255.255.255.0
tunnel-protocol gre
source 100.0.23.3
destination 100.0.24.24
ipsec profile ospf

ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 100.0.23.2

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

AR24

<AR 24>DIS CU
[V200R003C00]

sysname AR 24

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

acl number 3000
rule 10 permit ip

ipsec proposal ospf

ike proposal 10

ike peer ospf v2
pre-shared-key simple 12345678
ike-proposal 10
peer-id-type ip

ipsec profile ospf
ike-peer ospf
proposal ospf
ipsec profile ospf1
ike-peer ospf
proposal ospf

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 100.0.24.24 255.255.255.0
nat outbound 3000

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2
ip address 192.168.3.1 255.255.255.0

interface NULL0

interface LoopBack0
ip address 24.24.24.24 255.255.255.255

interface Tunnel0/0/0
ip address 10.1.2.25 255.255.255.0
tunnel-protocol gre
source 100.0.24.24
destination 100.0.23.3
ipsec profile ospf1

interface Tunnel0/0/1
ip address 10.1.1.24 255.255.255.0
tunnel-protocol gre
source 100.0.24.24
destination 100.0.12.1
ipsec profile ospf

ospf 1 router-id 24.24.24.24
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 24.24.24.24 0.0.0.0
network 192.168.3.0 0.0.0.255

ip route-static 0.0.0.0 0.0.0.0 100.0.24.22

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

AR 22

dis cu
[V200R003C00]

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load flash:/portalpage.zip

drop illegal-mac alarm

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 100.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1
ip address 100.0.23.2 255.255.255.0

interface GigabitEthernet0/0/2
ip address 100.0.24.22 255.255.255.0

interface NULL0

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

原文链接：https://blog.csdn.net/yayun616/article/details/109161424