Chinaunix首页 | 论坛 | 博客

birdofpreybirdofprey.blog.chinaunix.net

首页 |  博文目录 |  关于我

niao5929

  • 博客访问: 6895903
  • 博文数量: 3857
  • 博客积分: 6409
  • 博客等级: 准将
  • 技术积分: 15948
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-02 16:48
个人简介

迷彩 潜伏 隐蔽 伪装

文章分类

全部博文(3857)

文章存档

2017年(5)

2016年(63)

2015年(927)

2014年(677)

2013年(807)

2012年(1241)

2011年(67)

2010年(7)

2009年(36)

2008年(28)

我的朋友
最近访客
推荐博文
IPSec Failover高可靠性实验

分类:

2012-08-18 23:26:41

原文地址:IPSec Failover高可靠性实验 作者:wfeng

如图所示,HUB1和HUB2互作IPSec failover。
注:目前仅有HSRP支持,VRRP暂不支持此功能。

配置如下:

Spoke路由器:

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0
!
crypto sec transform-set ccsp esp-3des esp-sha-hmac
!
crypto map cisco 10 ipsec-isakmp   
set peer 16.1.1.254
set transform-set ccsp
match address 101
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 173.16.1.2 255.255.255.0
crypto map cisco
!
ip route 10.2.2.0 255.255.255.0 173.16.1.1
!
access-list 101 permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255

HUB1路由器:

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ccsp esp-3des esp-sha-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 173.1.1.2
set transform-set ccsp
match address 101
!
interface FastEthernet0/0
ip address 16.1.1.1 255.255.255.0
duplex half
standby 10 ip 16.1.1.254
standby 10 priority 101
standby 10 preempt
standby 10 name ipsec-public
standby 10 track FastEthernet1/0
crypto map cisco redundancy ipsec-public stateful
standby delay reload 120
!
interface FastEthernet1/0
ip address 10.2.2.1 255.255.255.0
duplex half
standby 20 ip 10.2.2.254
standby 20 priority 101
standby 20 preempt
standby 20 name ipsec-private
standby 20 track FastEthernet0/0
standby delay reload 120
!
ip route 0.0.0.0 0.0.0.0 16.1.1.3
!
access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
!
redundancy inter-device
scheme standby ipsec-private
!
ipc zone default
association 1
   no shutdown
   protocol sctp
    local-port 5000
      local-ip 10.2.2.1
    remote-port 5000
      remote-ip 10.2.2.2

HUB2路由器:

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set ccsp esp-3des esp-sha-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 173.1.1.2
set transform-set ccsp
match address 101
!
interface FastEthernet0/0
ip address 16.1.1.2 255.255.255.0
duplex half
standby 10 ip 16.1.1.254
standby 10 priority 101
standby 10 preempt
standby 10 name ipsec-public
standby 10 track FastEthernet1/0
crypto map cisco redundancy ipsec-public stateful
standby delay reload 120
!
interface FastEthernet1/0
ip address 10.2.2.2 255.255.255.0
duplex half
standby 20 ip 10.2.2.254
standby 20 priority 101
standby 20 preempt
standby 20 name ipsec-private
standby 20 track FastEthernet0/0
standby delay reload 120
!
ip route 0.0.0.0 0.0.0.0 16.1.1.3
!
access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
!
redundancy inter-device
scheme standby ipsec-private
!
ipc zone default
association 1
   no shutdown
   protocol sctp
    local-port 5000
      local-ip 10.2.2.2
    remote-port 5000
      remote-ip 10.2.2.1




阅读(287) | 评论(0) | 转发(0) |
0

上一篇:轻松实现Apache,Tomcat集群和负载均衡

下一篇:java 文件流操作(File)

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6