Snap H&M off the keyboard and throw it away. Is that a boycott?

Configuration case

requirements

  • Configure IP addresses, DHCP, routing, and NAT
  • The Intranet can access the Internet 2.2.2.2
  • Configure the GRE VPN
  • PC1 can directly access PC2

The topology

configuration

Basic configuration

Qinghai branch IP address, DHCP, NAT, routing

Sys sys QH DHCP enable ACL 2000 rule permit so 192.168.10.0 0.0.0.255 int G0/0/0 IP add 192.168.10.254 24 DHCP sel int Int g0/0/1 IP add 12.0.0.1 24 NAT outbound 2000 IP route-s 0.0.0.0 0 12.0.0.2Copy the code

Shanghai headquarters IP address, DHCP, NAT, and routing

Sys sys SH DHCP enable acl 2000 rule permit so 192.168.20.0 0.0.0.255 int G0/0/1 IP add 192.168.20.254 24 DHCP sel int Int g0/0/0 IP add 23.0.0.3 24 NAT outbound 2000 IP route-s 0.0.0.0 0 23.0.0.2Copy the code

ISP public

Sys sys ISP int G0/0/0 IP add 12.0.0.2 24 int G0/0/1 IP add 23.0.0.2 24 int LO 2 IP add 2.2.2.2 32Copy the code

PC1

PC2

The GRE VPN configuration

Qinghai branch

Interface tunnel0/0/1 tunnel-protocol GRE source 12.0.0.1 destination 23.0.0.3Copy the code

Shanghai headquarters

Tunnel -protocol gre # Specify protocol source 23.0.0.3 # Specify tunnel source destination 12.0.0.1 # Specify tunnel destinationCopy the code

After the GRE tunnel is configured, PC1 and PC2 cannot ping because there is no route.

Configure the routing

Static route Qinghai branch

IP route-static 192.168.20.0 255.255.255.0 Tunnel0/0/1 IP route-static 192.168.20.0 255.255.255.0 192.168.13.3Copy the code

Shanghai headquarters

IP route-static 192.168.10.0 255.255.255.0 Tunnel0/0/1 IP route-static 192.168.10.0 255.255.255.0 192.168.13.1Copy the code

==PC1 communicates with PC2 and GRE VPN is established successfully ==Dynamic routingThe actual production environment basically uses dynamic routing OSPF Qinghai branch

Ospf 1 Router-id 1.1.1.1 area 0 NET 192.168.10.0 0.0.0.255 NET 192.168.13.0 0.0.0.255Copy the code

Shanghai headquarters

Ospf 1 Router-id 3.3.3.3 area 0 NET 192.168.20.0 0.0.0.255 NET 192.168.13.0 0.0.0.255Copy the code

The OSPF neighbor relationship was established successfully. ProcedurePC1 and PC2 can still communicate.

==GRE Tunnel route declaration Note the following: Do not declare a public interface when using a dynamic routing protocol interface. = =

Example Test the public interface declared in an OSPF process

Ospf 1 Router-id 1.1.1.1 area 0 NET 12.0.0.1 0.0.0.0Copy the code

== The OSPF neighbor went down, and then the OSPF neighbor was rebuilt. The neighbor became full. The process repeats itself. PC1 and PC2 cannot ping each other.

validation

Verify the tunnel and routing table

Qinghai branch

Shanghai headquarters

Keeplive

GRE VPN

GRE: Generic Routing Encapsulation

  • A three-layer VPN encapsulation technology
  • The encapsulation method for transmitting any other network protocol over any network protocol
  • The problem of packet transmission across heterogeneous networks is solved. The channel of heterogeneous packet transmission is called Tunnel.

GRE core functions: Set up tunnels and open private networks

GRE package: Wear vest

GRE VPN packet forwarding process

Description The GRE tunnel port is false

False status of a GRE VPN tunnel: The tunnel is activated as long as there is a route to the tunnel destination

Solution: Enable GRE Keeplive to check whether the peer end of the tunnel is reachable.

Delete tunnel 0/0/1 from R2 in Shanghai headquartersThe OSPF neighbor went down. Procedure== All Tunnel interfaces on the branch router are in up state (Tunnel interfaces are in false state). = =

== After Keeplive is configured on R1, the Tunnel interface on R3 is down. = =

GRE tunnel recovered!!