...
| Блок кода | ||||
|---|---|---|---|---|
| ||||
hostname SPOKE-2
ip access-list extended LOCAL_1
rule 1
action permit
match source-address 203.0.113.14 255.255.255.255
enable
exit
exit
ip access-list extended LOCAL_2
rule 1
action permit
match source-address 203.0.113.10 255.255.255.255
enable
exit
exit
route-map PBR_LOCAL
rule 1
match ip access-group LOCAL_1
action set ip next-hop verify-availability 203.0.113.13 1
exit
rule 2
match ip access-group LOCAL_2
action set ip next-hop verify-availability 203.0.113.9 1
exit
exit
ip local policy route-map PBR_LOCAL
router bgp log-neighbor-changes
router bgp 65000
router-id 198.51.100.3
neighbor 198.51.100.1
description "Cloud_1"
remote-as 65000
weight 10
update-source 198.51.100.3
address-family ipv4 unicast
enable
exit
enable
exit
neighbor 198.51.100.129
description "Cloud_2"
remote-as 65000
update-source 198.51.100.131
address-family ipv4 unicast
enable
exit
enable
exit
address-family ipv4 unicast
network 192.0.2.128/25
exit
enable
exit
interface gigabitethernet 1/0/1
ip firewall disable
ip address 203.0.113.14/30
wan load-balance nexthop 203.0.113.13
wan load-balance enable
exit
interface gigabitethernet 1/0/2
ip firewall disable
ip address 203.0.113.10/30
wan load-balance nexthop 203.0.113.9
wan load-balance enable
exit
interface gigabitethernet 1/0/3
ip firewall disable
ip address 192.0.2.129/25
exit
tunnel gre 1
key 10
ttl 255
mtu 1400
multipoint
ip firewall disable
local address 203.0.113.14
ip address 198.51.100.3/25
ip tcp adjust-mss 1340
ip nhrp holding-time 90
ip nhrp map 198.51.100.1 203.0.113.2
ip nhrp nhs 198.51.100.1
ip nhrp ipsec ipsec_for_hub_cloud1 static
ip nhrp ipsec ipsec_for_spokes_cloud1 dynamic
ip nhrp multicast nhs
ip nhrp enable
enable
exit
tunnel gre 2
key 20
ttl 255
mtu 1400
ip firewall disable
local address 203.0.113.10
remote address 203.0.113.2
ip address 198.51.100.131/25
ip tcp adjust-mss 1340
ip nhrp holding-time 90
ip nhrp map 198.51.100.129 203.0.113.2
ip nhrp nhs 198.51.100.129
ip nhrp ipsec ipsec_for_hub_cloud2 static
ip nhrp multicast nhs
ip nhrp enable
enable
exit
security ike proposal ike_proposal
authentication algorithm sha2-384
encryption algorithm aes256
dh-group 21
exit
security ike policy ike_policy
pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
proposal ike_proposal
exit
security ike gateway ike_for_hub_cloud1
ike-policy ike_policy
local address 203.0.113.14
local network 203.0.113.14/32 protocol gre
remote address 203.0.113.2
remote network 203.0.113.2/32 protocol gre
mode policy-based
exit
security ike gateway ike_for_hub_cloud2
ike-policy ike_policy
local address 203.0.113.10
local network 203.0.113.10/32 protocol gre
remote address 203.0.113.2
remote network 203.0.113.2/32 protocol gre
mode policy-based
exit
security ike gateway ike_for_spokes_cloud1
ike-policy ike_policy
local address 203.0.113.14
local network 203.0.113.14/32 protocol gre
remote address any
remote network any protocol gre
mode policy-based
exit
security ipsec proposal ipsec_proposal
authentication algorithm sha2-256
encryption algorithm aes256
pfs dh-group 19
exit
security ipsec policy ipsec_policy
proposal ipsec_proposal
exit
security ipsec vpn ipsec_for_hub_cloud1
type transport
ike establish-tunnel route
ike gateway ike_for_hub_cloud1
ike ipsec-policy ipsec_policy
enable
exit
security ipsec vpn ipsec_for_hub_cloud2
type transport
ike establish-tunnel route
ike gateway ike_for_hub_cloud2
ike ipsec-policy ipsec_policy
enable
exit
security ipsec vpn ipsec_for_spokes_cloud1
type transport
ike establish-tunnel route
ike gateway ike_for_spokes_cloud1
ike ipsec-policy ipsec_policy
enable
exit
ip route 0.0.0.0/0 wan load-balance rule 1
wan load-balance rule 1
outbound interface gigabitethernet 1/0/1
outbound interface gigabitethernet 1/0/2
enable
exit |
...