收藏
下载资源

IPSec-Failover高可靠性

上传人:206****923 文档编号:91848657 上传时间:2019-07-02 格式:DOC 页数:4 大小:87.52KB
返回 下载 相关 举报
IPSec-Failover高可靠性_第1页
第1页 / 共4页
IPSec-Failover高可靠性_第2页
第2页 / 共4页
IPSec-Failover高可靠性_第3页
第3页 / 共4页
IPSec-Failover高可靠性_第4页
第4页 / 共4页
亲,该文档总共4页,全部预览完了,如果喜欢就下载吧!
资源描述

《IPSec-Failover高可靠性》由会员分享,可在线阅读,更多相关《IPSec-Failover高可靠性(4页珍藏版)》请在金锄头文库上搜索。

1、IPSec Failover高可靠性实验clip_image001.jpg (13.55 KB)2007-9-2 22:19如图所示,HUB1和HUB2互作IPSec failover。注:目前仅有HSRP支持,VRRP暂不支持此功能。配置如下:Spoke路由器:crypto isakmp policy 10encr 3desauthentication pre-sharegroup 2crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0!crypto ipsec transform-set ccsp esp-3des esp-sha-hmac

2、 !crypto map cisco 10 ipsec-isakmp set peer 16.1.1.254set transform-set ccsp match address 101!interface Loopback0ip address 10.1.1.1 255.255.255.0!interface FastEthernet0/0ip address 173.16.1.2 255.255.255.0crypto map cisco!ip route 10.2.2.0 255.255.255.0 173.16.1.1!access-list 101 permit ip 10.1.1

3、.0 0.0.0.255 10.2.2.0 0.0.0.255HUB1路由器:crypto isakmp policy 10encr 3desauthentication pre-sharegroup 2crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0!crypto ipsec transform-set ccsp esp-3des esp-sha-hmac !crypto map cisco 10 ipsec-isakmp set peer 173.1.1.2set transform-set ccsp match address 101

4、!interface FastEthernet0/0ip address 16.1.1.1 255.255.255.0duplex halfstandby 10 ip 16.1.1.254standby 10 priority 101standby 10 preemptstandby 10 name ipsec-publicstandby 10 track FastEthernet1/0crypto map cisco redundancy ipsec-public statefulstandby delay reload 120!interface FastEthernet1/0ip add

5、ress 10.2.2.1 255.255.255.0duplex halfstandby 20 ip 10.2.2.254standby 20 priority 101standby 20 preemptstandby 20 name ipsec-privatestandby 20 track FastEthernet0/0standby delay reload 120!ip route 0.0.0.0 0.0.0.0 16.1.1.3!access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255!redundancy in

6、ter-devicescheme standby ipsec-private!ipc zone defaultassociation 1no shutdownprotocol sctp local-port 5000 local-ip 10.2.2.1 remote-port 5000 remote-ip 10.2.2.2HUB2路由器:crypto isakmp policy 10encr 3desauthentication pre-sharegroup 2crypto isakmp key cisco1234 address 0.0.0.0 0.0.0.0!crypto ipsec tr

7、ansform-set ccsp esp-3des esp-sha-hmac !crypto map cisco 10 ipsec-isakmp set peer 173.1.1.2set transform-set ccsp match address 101!interface FastEthernet0/0ip address 16.1.1.2 255.255.255.0duplex halfstandby 10 ip 16.1.1.254standby 10 priority 101standby 10 preemptstandby 10 name ipsec-publicstandb

8、y 10 track FastEthernet1/0crypto map cisco redundancy ipsec-public statefulstandby delay reload 120!interface FastEthernet1/0ip address 10.2.2.2 255.255.255.0duplex halfstandby 20 ip 10.2.2.254standby 20 priority 101standby 20 preemptstandby 20 name ipsec-privatestandby 20 track FastEthernet0/0standby delay reload 120!ip route 0.0.0.0 0.0.0.0 16.1.1.3!access-list 101 permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255!redundancy inter-devicescheme standby ipsec-private!ipc zone defaultassociation 1no shutdownprotocol sctp local-port 5000 local-ip 10.2.2.2 remote-port 5000 remote-ip 10.2.2.1

展开阅读全文
相关资源
正为您匹配相似的精品文档
相关搜索

最新文档


当前位置:首页 > 中学教育 > 其它中学文档

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号