GRE over IPsec
This kind of thing can be basically NAT and all kinds of encryption Baotou things
R1:!interface ETHERNET0/0 IP Address 192.168.12.1 255.255.255.0 ip OSPF 1 area 0 ---------------- ----------------------------------------------------------------- r2: crypto ISAKMP Policy 10 Authentication Pre-sharecrypto ISAKMP key Cisco address 192.168.34.4 !! Crypto IPSec Transform-set CCNA esp-des esp-md5-hmac mode Transport!!! Crypto map Jiance 1 Ipsec-isakmp set Peer 192.168.34.4 set transform-set CCNA MATCH address!!!!! Interface Tunnel0 ip address 10.0.0.1 255.255.255.0 tunnel source Ethernet0/1 tunnel destination 192.168.34.4 tunnel key 100!interface ethernet0/0 ip address 192.168.12.2 255.255.255.0!interface Ethernet0 /1 IP address 192.168.23.2 255.255.255.0 crypto map jiance!router OSPF 1 network 192.168.23.2 0.0.0.0 Area 0!router OSPF 2 network 10.0.0.1 0.0.0.0 area 0 network 192.168.12.2 0.0.0.0 area 0!ip forward-protocol nd! &NBSp;! IP route 192.168.34.0 255.255.255.0 192.168.23.3!!! Access-list Permit IP host 192.168.23.2 host 192.168.34.4! ------------------------------------- -------------------------------------------- r3:!interface Ethernet0/0 ip Address 192.168.34.3 255.255.255.0!interface Ethernet0/1 ip Address 192.168.23.3 255.255.255.0!! router OSPF 1 network 0.0.0.0 255.255.255.255 area 0! ---------------------------------------------- ----------------------------------- r4: crypto ISAKMP Policy 10 authentication Pre-sharecrypto ISAKMP key Cisco address 192.168.23.2 !! Crypto IPSec Transform-set CCNA esp-des esp-md5-hmac mode Transport!!! Crypto map Jiance 1 Ipsec-isakmp set Peer 192.168.23.2 set transform-set ccna match address 100! &NB Sp !!!! Interface Tunnel0 ip address 10.0.0.2 255.255.255.0 tunnel source Ethernet0/0 tunnel destination 192.168.23.2 tunnel key 100!interface Ethernet0/0 ip address 192.168.34.4 255.255.255.0 crypto map Jiance!interface ETHERNET0/1 IP address 192.168.45.4 255.255.255.0!router OSPF 1 network 192.168.34.4 0.0.0.0 area 0!router OSPF 2 network 10.0.0.2 0.0.0.0 area 0!!! Access-list Permit IP host 192.168.34.4 host 192.168.23.2! ------------------------------------------- -------------------------------------- r5!interface Ethernet0/1 ip Address 192.168.45.5 255.255.255.0 IP OSPF 1 Area 0! ------------------------------------------------------------------ --------------- Experimental results: r1#show IP OSPF neighbor neighbor id Pri state dead time Address interface192.168. 12.2 1 FULL/BDR 00:00:38 192.168.12.2   ; ethernet0/0r1# --------------------------------------------------------------------------------- r2#show IP Routecodes:l-Local, c-connected, S-static, R-rip, M-mobile, b-bgp  D-EIGRP, EX-E IGRP external, O-OSPF, IA-OSPF Inter area  N1-OSPF NSSA external type 1, N2-OSPF NSSA ext Ernal type 2  E1-OSPF external type 1, E2-OSPF external type 2 i- Is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2 ia-is-is Inter area, *-Can Didate default, U-per-user static route  O-ODR, P-periodic downloaded static route, H-NHR P, l-lisp a-application route +-replicated route,%-Next hop O Verride gateway of last resort isn't set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 MA sksc 10.0.0.0/Directly connected, tunnel0l 10.0.0.1/32 is directly connected, tunnel0 &NBS P 192.168.12.0/24 is variably subnetted, 2 subnets, 2 masksc 192.168.12.0/24 are directly connecte D, ethernet0/0l 192.168.12.2/32 is directly connected, ethernet0/0 192.168. 23.0/24 is variably subnetted, 2 subnets, 2 masksc 192.168.23.0/24 are directly connected, ether net0/1l 192.168.23.2/32 is directly connected, ethernet0/1s 192.168.34.0/ [1/0] via 192.168.23.3 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R2#show IP OSPF neighbor neighbor id Pri State &NBSP ;D ead time Address Interface192.168.12.1 1 full/dr 00:00:39 192.168.12.1 ethernet0/0192.168.34.4 0 FULL/ - 00:00:31 10.0.0.2 tunnel0192.168.34.3 1 FULL/DR &NB Sp 00:00:31 192.168.23.3 ethernet0/1 ------------------------------- -------------------------------------------------- r4#show IP OSPF neighbor neighbor ID Pri State dead time Address &NB Sp Interface192.168.12.2 0 FULL/ - 00:0 0:39 10.0.0.1 tunnel0192.168.34.3 1  FULL/DR 00:00:34 192.168.34.3 ethernet0/0 ------- -------------------------------------------------------------------------- r5#show IP routecodes:l-Local, c-connected, S-static, R-rip, M-mobile, B-bgp&nbs P  D-EIGRP, ex-eigrp external, O-OSPF, IA-OSPF Inter area  N1-OSPF NSS A external Type 1, N2-OSPF NSSA external type 2  E1-OSPF external type 1, E2-OSPF external Type 2 i-is-is, Su-is-is Summary, L1-is-is level-1, L2-is-is level-2 ia-is-is Inter area, *-candidate default, U-per-user static route  O-ODR, P-peri Odic downloaded static route, H-NHRP, l-lisp a-application route &NBSP ; +-Replicated route,%-Next hop override gateway of last resort are not set 192.168.45.0 /24 is variably subnetted, 2 subnets, 2 masksc 192.168.45.0/24 are directly connected, Ethernet0 /1l &nbsP 192.168.45.5/32 is directly connected, ethernet0/1
CCIE Learning notes----GRE over IPsec