Topology:
650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/09314U356-0.png "title =" 1.PNG" alt = "161150555.png"/>
ISP Configuration:
Int e0/0
Ip add 200.1.1.1 255.255.255.0
No sh
Int e0/1
Ip add 200.1.2.1 255.255.255.0
No sh
Netscreen Cconfiguration:
Set zone name y1 set interface "loopback.1" zone "Home" set interface "loopback.2" zone "Home" set interface "loopback.3" zone "Home" set interface ethernet3 ip 200.1.1.2/24 set interface loopback.1 ip 192.168.1.1/24 set interface loopback.2 ip 192.168.2.1/24 set interface 255.ip 192.168.3.1/24 set int tun.1 zone y1set interface tunnel.1 ip 192.168.100.1/24 set interface ethernet3 ip manageableset interface loopback.1 ip manageableset interface loopback.2 ip manageableset interface specified ip manageableset address "Home" "192.168.1.0" 192.168.1.0 255.255.255.0set address "Home" "192.168.2.0" 192.168.2.0 255.255.255.0set address "Home" "192.168.3.0" 192.168.3.0 255.255.255.0set address "y1" 192.168.4.0 ""192.168.4.0 255.255.255.0set address" y1 "" 192.168.5.0 "192.168.5.0 255.255.255.0set address" y1 "" 192.168.6.0 "192.168.6.0 255.255.255.0set group address" Home "" zongbu "set group address" Home "zongbu" add" 192.168.1.0 "set group address" Home "" zongbu "add" 192.168.2.0 "set group address" Home "" zongbu "add" 192.168.3.0 "set group address" y1 "y1-add" set group address "y1" "y1-add" add "192.168.4.0" set group address "y1" "y1-add" add "192.168.5.0" set group address "y1" y1-add "add" 192.168.6.0 "set ike gateway" to-y1 "address 200.1.2.2 Main outgoing-interface" ethernet3 "preshare" leading/qc9NEA = "proposal" pre-g2-3des-md5 "set vpn" y1 "gateway" to-y1 "no-replay tunnel idletime 0 proposal" g2-esp-3des-md5 "set vpn" y1 "id 0x2 bind interface tunnel.1set policy id 6 from" Home "to" y1 "" zongbu "y1-add" "ANY" permit set policy id 5 from "y1" to "Home" "y1-add" "zongbu" "ANY" permit set router-id 1.1.1.1set route 0.0.0.0/0 gateway 200.1.1.1set interface loopback.1 protocol ospf area 0.0.0.0set interface loopbackproto.1 ospf enableset interface loopback.2 protocol ospf area protocol interface loopback.2 protocol ospf enableset interface loopback.3 protocol ospf area 0.0.0.0set interface loopback.3 protocol ospf enableset interface tunnel.1 protocol ospf area 0.0.0.0set interface tunnel.1 protocol ospf enable
CISCO configuration: crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 200.1.1.2! ! Crypto ipsec transform-set cisco esp-3des esp-md5-hmac! Crypto ipsec profile ipsecprof set transform-set cisco! Interface Loopback0 ip address 192.168.4.1 255.255.255.0 ip ospf 110 area 0! Interface Loopback1 ip address 192.168.5.1 255.255.255.0 ip ospf 110 area 0! Interface Loopback2 ip address 192.168.6.1 255.255.255.0 ip ospf 110 area 0! Interface Tunnel0 ip address 192.168.100.2 255.255.0 ip ospf 110 area 0 tunnel source 200.1.2.2 tunnel destination 200.1.1.2 tunnel mode ipsec ipv4 tunnel protection ipsec profile ipsecprof! Interface Ethernet0/0 ip address 200.1.2.2 255.255.255.0router ospf 110 log-adjacency-changesip route 0.0.0.0 0.0.0.0 200.1.2.1
650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/09314Uc3-1.png "title =" 2.PNG" alt = "161708106.png"/>
650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/09314QD8-2.png "title =" 3.PNG" alt = "161721107.png"/>
This article is from the "Cisco, zhanbo, Huawei" blog, please be sure to keep this source http://rujinfeng.blog.51cto.com/2712746/1303484