好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



MSR绯诲垪璺敱鍣

DVPN鍔熻兘(Full-mesh)鐨勫吀鍨嬮厤缃

鍏抽敭瀛楋細MSR; DVPN; 鍔ㄦ侀毀閬

 

涓銆缁勭綉闇姹

Full-Mesh鐨勭粍缃戞柟寮忎笅锛 VAM Server璐熻矗绠$悊銆佺淮鎶ゅ悇涓妭鐐圭殑淇℃伅锛AAA鏈嶅姟鍣ㄨ礋璐eVAM Client杩涜璁よ瘉鍜岃璐圭鐞嗭紱涓や釜Hub浜掍负澶囦唤锛岃礋璐f暟鎹殑杞彂鍜岃矾鐢变俊鎭殑浜ゆ崲銆SpokeHub寤虹珛姘镐箙闅ч亾杩炴帴銆備换鎰忕殑涓や釜Spoke涔嬮棿鍦ㄦ湁鏁版嵁鏃跺姩鎬佸缓绔嬮毀閬撹繛鎺ャ

璁惧娓呭崟锛MSR绯诲垪璺敱鍣6

浜屻佺粍缃戝浘锛

涓夈侀厤缃楠わ細

閫傜敤璁惧鍜岀増鏈細MSR绯诲垪銆Version 5.20, Release 1508鍚庢墍鏈夌増鏈紙鏍囧噯鐗堬級銆

VAM Server AAA Server 閰嶇疆

#

 sysname VAMSERVER

#

 //鎸囧畾VAM Server涓婄殑鐩戝惉IP鍦板潃

 vam server ip 192.168.1.22

#

//鍒涘缓VPNID1

vam server vpn 1

 server enable

 //棰勫叡浜瘑閽ヤ负123

 pre-shared-key simple 123

 //鎸囧畾VPN 1 鐨勪袱涓Hub鍦板潃

 hub private-ip 10.0.1.1

 hub private-ip 10.0.1.2

#

//鍒涘缓VPNID2

vam server vpn 2

 server enable

 authentication-method pap

 pre-shared-key simple 456

 hub private-ip 10.0.2.1

 hub private-ip 10.0.2.2

#

//鍒涘缓鏈湴鐢ㄦ埛锛岀敤浜庤璇HubSpoke璁惧

local-user dvpn1hub1

 password simple dvpn1hub1

 service-type dvpn

local-user dvpn1hub2

 password simple dvpn1hub2

 service-type dvpn

local-user dvpn1spoke1

 password simple dvpn1spoke1

 service-type dvpn

local-user dvpn1spoke2

 password simple dvpn1spoke2

 service-type dvpn

local-user dvpn2hub1

 password simple dvpn2hub1

 service-type dvpn

local-user dvpn2hub2

 password simple dvpn2hub2

 service-type dvpn

local-user dvpn2spoke2

 password simple dvpn2spoke2

 service-type dvpn

#

interface GigabitEthernet0/0

 port link-mode route

 ip address 192.168.1.22 255.255.255.0

#

HUB 1 閰嶇疆

#

 sysname hub1

#

//閰嶇疆IKE瀵圭瓑浣

ike peer vam

 pre-shared-key abcde

#

//閰嶇疆IPSec瀹夊叏鎻愯

ipsec proposal vam

 esp authentication-algorithm sha1

#

//閰嶇疆IPSec瀹夊叏妗嗘灦

ipsec profile vamp

 pfs dh-group2

 //寮曠敤閰嶇疆濂界殑IKE 瀵圭瓑浣

 ike-peer vam

 //寮曠敤閰嶇疆濂界殑IPSec瀹夊叏鎻愯

 proposal vam

 sa duration traffic-based 600

#

//鍒涘缓VPN1鐨勫鎴风dvpn1hub1

vam client name dvpn1hub1

 client enable

 //閰嶇疆VAM Server IP

 server primary ip-address 192.168.1.22

 user dvpn1hub1 password simple dvpn1hub1

 vpn 1

 //閰嶇疆VAM Client 鐨勯鍏变韩瀵嗛挜

 pre-shared-key simple 123

#

//鍒涘缓VPN2鐨勫鎴风dvpn2hub1

vam client name dvpn2hub1

 client enable

 server primary ip-address 192.168.1.22

 user dvpn2hub1 password simple dvpn2hub1

 vpn 2

 pre-shared-key simple 456

#

interface GigabitEthernet0/0

 port link-mode route

 ip address 192.168.1.1 255.255.255.0

#

//閰嶇疆VPN1鐨勯毀閬撴帴鍙Tunnel1

interface Tunnel1

 ip address 10.0.1.1 255.255.255.0

 tunnel-protocol dvpn udp

 source GigabitEthernet0/0

 ospf network-type broadcast

 vam client dvpn1hub1

 ipsec profile vamp

#

//閰嶇疆VPN2鐨勯毀閬撴帴鍙Tunnel2

interface Tunnel2

 ip address 10.0.2.1 255.255.255.0

 tunnel-protocol dvpn udp

 source GigabitEthernet0/0

 ospf network-type broadcast

 vam client dvpn2hub1

 ipsec profile vamp

#

//閰嶇疆鍏綉璺敱

ospf 100

 area 0.0.0.0

  network 192.168.1.0 0.0.0.255

#

//閰嶇疆绉佺綉璺敱

ospf 200

 area 0.0.0.0

  network 10.0.1.0 0.0.0.255

#

ospf 300

 area 0.0.0.0

  network 10.0.2.0 0.0.0.255

#

HUB 2 閰嶇疆

#

 sysname hub2

#

//閰嶇疆IKE瀵圭瓑浣

ike peer vam

 pre-shared-key abcde

#

//閰嶇疆IPSec瀹夊叏鎻愯

ipsec proposal vam

 esp authentication-algorithm sha1

#

//閰嶇疆IPSec瀹夊叏妗嗘灦

ipsec profile vamp

 pfs dh-group2

 //寮曠敤閰嶇疆濂界殑IKE 瀵圭瓑浣

 ike-peer vam

 //寮曠敤閰嶇疆濂界殑IPSec瀹夊叏鎻愯

 proposal vam

 sa duration traffic-based 600

#

//鍒涘缓VPN1鐨勫鎴风dvpn1hub2

vam client name dvpn1hub2

 client enable

 server primary ip-address 192.168.1.22

 user dvpn1hub2 password simple dvpn1hub2

 vpn 1

 pre-shared-key simple 123

#

//鍒涘缓VPN2鐨勫鎴风dvpn2hub2

vam client name dvpn2hub2

 client enable

 server primary ip-address 192.168.1.22

 user dvpn2hub2 password simple dvpn2hub2

 vpn 2

 pre-shared-key simple 456

#

interface Ethernet0/0

 port link-mode route

 ip address 192.168.1.2 255.255.255.0

#

//閰嶇疆VPN1鐨勯毀閬撴帴鍙Tunnel1

interface Tunnel1

 ip address 10.0.1.2 255.255.255.0

 tunnel-protocol dvpn udp

 source Ethernet0/0

 ospf network-type broadcast

 vam client dvpn1hub2

 ipsec profile vamp

#

//閰嶇疆VPN2鐨勯毀閬撴帴鍙Tunnel2

interface Tunnel2

 ip address 10.0.2.2 255.255.255.0

 tunnel-protocol dvpn udp

 source Ethernet0/0

 ospf network-type broadcast

 vam client dvpn2hub2

 ipsec profile vamp

#

//閰嶇疆鍏綉璺敱

ospf 100

 area 0.0.0.0

  network 192.168.1.0 0.0.0.255

#

//閰嶇疆绉佺綉璺敱

ospf 200

 area 0.0.0.0

  network 10.0.1.0 0.0.0.255

#

ospf 300

 area 0.0.0.0

  network 10.0.2.0 0.0.0.255

#

Spoke 1 閰嶇疆

#

 sysname spoke1

#

//閰嶇疆IKE瀵圭瓑浣

ike peer vam

 pre-shared-key abcde

#

//閰嶇疆IPSec瀹夊叏鎻愯

ipsec proposal vam

 esp authentication-algorithm sha1

#

//閰嶇疆IPSec瀹夊叏妗嗘灦

ipsec profile vamp

 pfs dh-group2

 ike-peer vam

 proposal vam

 sa duration traffic-based 600

#

//鍒涘缓VPN1鐨勫鎴风dvpn1spoke1

vam client name dvpn1spoke1

 client enable

 server primary ip-address 192.168.1.22

 user dvpn1spoke1 password simple dvpn1spoke1

 vpn 1

 pre-shared-key simple 123

#

interface Ethernet0/0

 port link-mode route

 ip address 192.168.1.3 255.255.255.0

#

//閰嶇疆VPN1鐨勯毀閬撴帴鍙Tunnel1

interface Tunnel1

 ip address 10.0.1.3 255.255.255.0

 tunnel-protocol dvpn udp

 source Ethernet0/0

 ospf network-type broadcast

 vam client dvpn1spoke1

 ipsec profile vamp

#

ospf 100

 area 0.0.0.0

  network 192.168.1.0 0.0.0.255

#

ospf 200

 area 0.0.0.0

  network 10.0.1.0 0.0.0.255

#

Spoke 2 閰嶇疆

#

 sysname spoke2

#

//閰嶇疆IKE瀵圭瓑浣

ike peer vam

 pre-shared-key abcde

#

//閰嶇疆IPSec瀹夊叏鎻愯

ipsec proposal vam

 esp authentication-algorithm sha1

#

//閰嶇疆IPSec瀹夊叏妗嗘灦

ipsec profile vamp

 pfs dh-group2

 ike-peer vam

 proposal vam

 sa duration traffic-based 600

#

//鍒涘缓VPN1鐨勫鎴风dvpn1spoke2

vam client name dvpn1spoke2

 client enable

 server primary ip-address 192.168.1.22

 user dvpn1spoke2 password simple dvpn1spoke2

 vpn 1

 pre-shared-key simple 123

#

//鍒涘缓VPN2鐨勫鎴风dvpn2spoke2

vam client name dvpn2spoke2

 client enable

 server primary ip-address 192.168.1.22

 user dvpn2spoke2 password simple dvpn2spoke2

 vpn 2

 pre-shared-key simple 456

#

interface Ethernet0/0

 port link-mode route

 ip address 192.168.1.4 255.255.255.0

#

//閰嶇疆VPN1鐨勯毀閬撴帴鍙Tunnel1

interface Tunnel1

 ip address 10.0.1.4 255.255.255.0

 tunnel-protocol dvpn udp

 source Ethernet0/0

 ospf network-type broadcast

 vam client dvpn1spoke2

 ipsec profile vamp

#

//閰嶇疆VPN2鐨勯毀閬撴帴鍙Tunnel2

interface Tunnel2

 ip address 10.0.2.4 255.255.255.0

 tunnel-protocol dvpn udp

 source Ethernet0/0

 ospf network-type broadcast

 vam client dvpn2spoke2

 ipsec profile vamp

#

ospf 100

 area 0.0.0.0

  network 192.168.1.0 0.0.0.255

#

ospf 200

 area 0.0.0.0

  network 10.0.1.0 0.0.0.255

#

ospf 300

 area 0.0.0.0

  network 10.0.2.0 0.0.0.255

#

 

鍥涖閰嶇疆鍏抽敭鐐

1) DVPNV5骞冲彴涓婄殑瀹炵幇涓V3骞冲彴鏈夋瀬澶х殑鍖哄埆锛岄厤缃懡浠ゆ敼鍙樿緝澶э紝鍦V3骞冲彴涓婃敮鎸佺殑鏄DVPN绗竴鏈燂紝鑰屽湪V5骞冲彴涓婃敮鎸佺殑鏄DVPN绗簩鏈燂紱

2) 鏈緥涓皢AAA ServerVAM闆嗕腑鍦ㄥ悓涓鍙MSR涓婏紝鍦ㄥ疄闄呭簲鐢ㄤ腑鍙互浣跨敤鍗曠嫭鐨勮澶囦綔涓AAA Server锛屽叿浣撻厤缃柟娉曞彲鍙傝冩搷浣滄墜鍐屽畨鍏ㄤ竴绔狅紱

浜斻侀獙璇

1锛夐氳繃鍛戒护dis vam server address-map all鍙互鏌ョ湅娉ㄥ唽鍒VAM Server涓婄殑璁惧淇℃伅锛岀‘淇濇墍鏈夌殑HUBSpoke閮芥甯告敞鍐屽埌VAM Sever

<VAMSERVER>dis vam server address-map all

 VPN name:  1

 Total address-map number:  4

 Private-ip     Public-ip        Type        Holding time

 10.0.1.1       192.168.1.1      Hub         0H 22M  8S

 10.0.1.2       192.168.1.2      Hub         0H 37M  0S

 10.0.1.3       192.168.1.3      Spoke       0H 29M 11S

 10.0.1.4       192.168.1.4      Spoke       0H 22M 51S

 VPN name:  2

 Total address-map number:  3

 Private-ip     Public-ip        Type        Holding time

 10.0.2.1       192.168.1.1      Hub         0H 22M  8S

 10.0.2.2       192.168.1.2      Hub         0H 36M 45S

 10.0.2.4       192.168.1.4      Spoke       0H 22M 50S

2HUB璁惧璁惧浣跨敤鍛戒护dis dvpn session all鍙互鐪嬪埌鎵鏈夊缓绔嬪ソ鐨勯毀閬撲俊鎭

<hub1>dis dvpn session all

 Interface: Tunnel1  VPN name: 1  Total number: 3

  Private IP:     10.0.1.2

  Public IP:      192.168.1.2

  Session type:   Hub-Hub

  State:  SUCCESS

  Holding time: 0h 12m 1s

  Input:  101 packets,  100 data packets,  1 control packets

           87 multicasts,  0 errors

  Output: 106 packets,  99 data packets,  7 control packets

           87 multicasts,  10 errors

  Private IP:     10.0.1.4

  Public IP:      192.168.1.4

  Session type:   Hub-Spoke

  State:  SUCCESS

  Holding time: 0h 22m 39s

  Input:  183 packets,  182 data packets,  1 control packets

           157 multicasts,  0 errors

  Output: 186 packets,  185 data packets,  1 control packets

           155 multicasts,  0 errors

  Private IP:     10.0.1.3

  Public IP:      192.168.1.3

  Session type:   Hub-Spoke

  State:  SUCCESS

  Holding time: 0h 8m 7s

  Input:  164 packets,  163 data packets,  1 control packets

           54 multicasts,  0 errors

  Output: 77 packets,  76 data packets,  1 control packets

           55 multicasts,  0 errors

 Interface: Tunnel2  VPN name: 2  Total number: 2

  Private IP:     10.0.2.2

  Public IP:      192.168.1.2

  Session type:   Hub-Hub

  State:  SUCCESS

  Holding time: 0h 12m 4s

  Input:  97 packets,  96 data packets,  1 control packets

           84 multicasts,  0 errors

  Output: 100 packets,  93 data packets,  7 control packets

           80 multicasts,  10 errors

  Private IP:     10.0.2.4

  Public IP:      192.168.1.4

  Session type:   Hub-Spoke

  State:  SUCCESS

  Holding time: 0h 22m 40s

  Input:  165 packets,  164 data packets,  1 control packets

           151 multicasts,  0 errors

  Output: 162 packets,  161 data packets,  1 control packets

           148 multicasts,  0 errors

3锛夊湪Spoke1璁惧涓婁娇鐢ㄥ懡浠dis dvpn session all鍙互鐪嬪埌鎵鏈夊缓绔嬪ソ鐨勯毀閬撲俊鎭紝杩欐椂鍊欐墍鏈夌殑闅ч亾閮芥槸闈欐侀毀閬擄紝杩樻病鏈夊姩鎬侀毀閬擄紱

<spoke1>dis dvpn session all

 Interface: Tunnel1  VPN name: 1  Total number: 2

  Private IP:     10.0.1.1

  Public IP:      192.168.1.1

  Session type:   Spoke-Hub

  State:  SUCCESS

  Holding time: 0h 9m 57s

  Input:  88 packets,  87 data packets,  1 control packets

           66 multicasts,  0 errors

  Output: 197 packets,  196 data packets,  1 control packets

           65 multicasts,  0 errors

  Private IP:     10.0.1.2

  Public IP:      192.168.1.2

  Session type:   Spoke-Hub

  State:  SUCCESS

  Holding time: 0h 9m 57s

  Input:  78 packets,  77 data packets,  1 control packets

           62 multicasts,  0 errors

  Output: 80 packets,  79 data packets,  1 control packets

           65 multicasts,  0 errors

 濡傛灉Ping Spoke 2tunnle鍦板潃鍚庡湪浣跨敤涓婅堪鍛戒护锛屼細鍙戠幇澶氬嚭涓鏉″姩鎬佺殑闅  閬撲俊鎭紝濡備笅绾㈣壊瀛椾綋閮ㄥ垎锛

<spoke1>ping 10.0.1.4

  PING 10.0.1.4: 56  data bytes, press CTRL_C to break

    Reply from 10.0.1.4: bytes=56 Sequence=1 ttl=254 time=6 ms

    Reply from 10.0.1.4: bytes=56 Sequence=2 ttl=255 time=3 ms

    Reply from 10.0.1.4: bytes=56 Sequence=3 ttl=255 time=3 ms

    Reply from 10.0.1.4: bytes=56 Sequence=4 ttl=255 time=3 ms

    Reply from 10.0.1.4: bytes=56 Sequence=5 ttl=255 time=3 ms

  --- 10.0.1.4 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 3/3/6 ms

<spoke1>dis dvpn session all

 Interface: Tunnel1  VPN name: 1  Total number: 3

  Private IP:     10.0.1.1

  Public IP:      192.168.1.1

  Session type:   Spoke-Hub

  State:  SUCCESS

  Holding time: 0h 17m 57s

  Input:  143 packets,  142 data packets,  1 control packets

           114 multicasts,  0 errors

  Output: 347 packets,  346 data packets,  1 control packets

           113 multicasts,  0 errors

  Private IP:     10.0.1.2

  Public IP:      192.168.1.2

  Session type:   Spoke-Hub

  State:  SUCCESS

  Holding time: 0h 17m 57s

  Input:  131 packets,  130 data packets,  1 control packets

           110 multicasts,  0 errors

  Output: 134 packets,  132 data packets,  2 control packets

           113 multicasts,  0 errors

  Private IP:     10.0.1.4

  Public IP:      192.168.1.4

  Session type:   Spoke-Spoke

  State:  SUCCESS

  Holding time: 0h 0m 3s

  Input:  5 packets,  4 data packets,  1 control packets

           0 multicasts,  0 errors

  Output: 5 packets,  4 data packets,  1 control packets

           0 multicasts,  0 errors

X Close
X Close