Сравнение версий

Старая версия 2

changes.mady.by.user Сервисный центр Ethernet

Сохранено

по сравнению с

Новая версия 3

changes.mady.by.user Сервисный центр Ethernet

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

...

Блок кода
titleHUB config
collapsetrue
hostname HUB

router bgp log-neighbor-changes

router bgp 65000
  router-id 198.51.100.1
  peer-group Cloud1
    remote-as 65000
    route-reflector-client
    update-source 198.51.100.1
    address-family ipv4 unicast
      enable
    exit
  exit
  listen-range 198.51.100.0/25
    peer-group Cloud1
    enable
  exit
  enable
exit

interface gigabitethernet 1/0/21
  ip firewall disable
  ip address 203.0.113.2/30
exit

tunnel gre 1
  key 10
  ttl 255
  mtu 1400
  multipoint
  ip firewall disable
  local address 203.0.113.2
  ip address 198.51.100.1/25
  ip tcp adjust-mss 1340
  ip nhrp ipsec ipsec_for_spokes dynamic
  ip nhrp multicast dynamic
  ip nhrp enable
  enable
exit

security ike proposal ike_proposal
  authentication algorithm sha2-384
  encryption algorithm aes256
  dh-group 21
exit

security ike policy ike_policy
  pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
  proposal ike_proposal
exit

security ike gateway ike_for_spokes
  ike-policy ike_policy
  local address 203.0.113.2
  local network 203.0.113.2/32 protocol gre 
  remote address any
  remote network any protocol gre 
  mode policy-based
exit

security ipsec proposal ipsec_proposal
  authentication algorithm sha2-256
  encryption algorithm aes256
  pfs dh-group 19
exit

security ipsec policy ipsec_policy
  proposal ipsec_proposal
exit

security ipsec vpn ipsec_for_spokes
  type transport
  ike establish-tunnel route
  ike gateway ike_for_spokes
  ike ipsec-policy ipsec_policy
  enable
exit

ip route 0.0.0.0/0 203.0.113.1

...

Блок кода
titleSPOKE-1 config
collapsetrue
hostname SPOKE-1

router bgp log-neighbor-changes

router bgp 65000
  router-id 198.51.100.2
  neighbor 198.51.100.1
    description "Cloud_1"
    remote-as 65000
    address-family ipv4 unicast
      enable
    exit
    enable
  exit
  address-family ipv4 unicast
    network 192.0.2.0/25
  exit
  enable
exit

interface gigabitethernet 1/0/21
  ip firewall disable
  ip address 203.0.113.6/30
exit
interface gigabitethernet 1/0/43
  ip firewall disable
  ip address 192.0.2.1/25
exit

tunnel gre 1
  key 10
  ttl 255
  mtu 1400
  multipoint
  ip firewall disable
  local address 203.0.113.6
  ip address 198.51.100.2/25
  ip tcp adjust-mss 1340
  ip nhrp holding-time 90
  ip nhrp map 198.51.100.1 203.0.113.2
  ip nhrp nhs 198.51.100.1
  ip nhrp ipsec ipsec_for_hub static
  ip nhrp ipsec ipsec_for_spokes dynamic
  ip nhrp multicast nhs
  ip nhrp enable
  enable
exit

security ike proposal ike_proposal
  authentication algorithm sha2-384
  encryption algorithm aes256
  dh-group 21
exit

security ike policy ike_policy
  pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
  proposal ike_proposal
exit

security ike gateway ike_for_hub
  ike-policy ike_policy
  local address 203.0.113.6
  local network 203.0.113.6/32 protocol gre 
  remote address 203.0.113.2
  remote network 203.0.113.2/32 protocol gre 
  mode policy-based
exit
security ike gateway ike_for_spokes
  ike-policy ike_policy
  local address 203.0.113.6
  local network 203.0.113.6/32 protocol gre 
  remote address any
  remote network any protocol gre 
  mode policy-based
exit

security ipsec proposal ipsec_proposal
  authentication algorithm sha2-256
  encryption algorithm aes256
  pfs dh-group 19
exit

security ipsec policy ipsec_policy
  proposal ipsec_proposal
exit

security ipsec vpn ipsec_for_hub
  type transport
  ike establish-tunnel route
  ike gateway ike_for_hub
  ike ipsec-policy ipsec_policy
  enable
exit
security ipsec vpn ipsec_for_spokes
  type transport
  ike establish-tunnel route
  ike gateway ike_for_spokes
  ike ipsec-policy ipsec_policy
  enable
exit

ip route 0.0.0.0/0 203.0.113.5

...