配置
R1
hostname R1
!
ip cef
!
crypto isakmp policy 1
authentication PRe-share
group 2
crypto isakmp key gdoi address 4.4.4.4
!
crypto gdoi group gdoi
identity address ipv4 4.4.4.4
server address ipv4 4.4.4.4
!
crypto map gdoi 10 gdoi
set group gdoi
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet1/4
ip address 192.168.14.1 255.255.255.0
duplex full
crypto map gdoi
!
router ospf 100
router-id 1.1.1.1
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 192.168.0.0 0.0.255.255 area 0
R2
hostname R2!ip cef! crypto isakmp policy 1 authentication pre-share group 2 crypto isakmp key gdoi address 4.4.4.4! crypto gdoi group gdoi identity address ipv4 4.4.4.4 server address ipv4 4.4.4.4!crypto map gdoi 10 gdoi set group gdoi!interface Loopback0 ip address 2.2.2.2 255.255.255.255! interface Ethernet1/4 ip address 192.168.24.2 255.255.255.0 duplex full crypto map gdoi!router ospf 100 router-id 2.2.2.2 log-adjacency-changes redistribute connected subnets redistribute static subnets network 192.168.0.0 0.0.255.255 area 0
R3
hostname R3!ip cef!crypto isakmp policy 1 authentication pre-share group 2crypto isakmp key gdoi address 4.4.4.4!crypto gdoi group gdoi identity address ipv4 4.4.4.4 server address ipv4 4.4.4.4!crypto map gdoi 10 gdoi set group gdoi!interface Loopback0 ip address 3.3.3.3 255.255.255.255!interface Ethernet1/4 ip address 192.168.34.3 255.255.255.0 duplex full crypto map gdoi!router ospf 100 router-id 3.3.3.3 log-adjacency-changes redistribute connected subnets redistribute static subnets network 192.168.0.0 0.0.255.255 area 0
R4進入討論組討論。hostname R4!ip cef!crypto isakmp policy 1 authentication pre-share group 2crypto isakmp key gdoi address 192.168.14.1crypto isakmp key gdoi address 192.168.24.2crypto isakmp key gdoi address 192.168.34.3!crypto ipsec transform-set gdoi esp-des esp-sha-hmac !crypto ipsec profile gdoi set security-association lifetime seconds 360 set transform-set gdoi !crypto gdoi group gdoi identity address ipv4 4.4.4.4 server local rekey lifetime seconds 300 rekey retransmit 10 number 2 rekey authentication mypubkey rsa gdoi rekey transport unicast sa ipsec 1 profile gdoi match address ipv4 101 replay counter window-size 64 address ipv4 4.4.4.4!interface Loopback0 ip address 4.4.4.4 255.255.255.255 ipv6 address FC00:4::4/128 ipv6 enable!interface Ethernet1/1 ip address 192.168.14.4 255.255.255.0 duplex full!interface Ethernet1/2 ip address 192.168.24.4 255.255.255.0 duplex full!interface Ethernet1/3 ip address 192.168.34.4 255.255.255.0 duplex full!router ospf 100 router-id 4.4.4.4 log-adjacency-changes redistribute connected subnets redistribute static subnets network 192.168.0.0 0.0.255.255 area 0! access-list 101 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255access-list 101 permit ip host 1.1.1.1 host 2.2.2.2access-list 101 permit ip host 1.1.1.1 host 3.3.3.3access-list 101 permit ip host 2.2.2.2 host 1.1.1.1access-list 101 permit ip host 2.2.2.2 host 3.3.3.3access-list 101 permit ip host 3.3.3.3 host 1.1.1.1access-list 101 permit ip host 3.3.3.3 host 2.2.2.2
測試
R1
R1#sho crypto gdoi
Group Information
Group Name : gdoi
Group Identity : 4.4.4.4
Rekeys received : 7
IPSec SA Direction : Both
ACL Received From KS : gdoi_group_gdoi_temp_acl
Active Group Server : 4.4.4.4
Group Server list : 4.4.4.4
R4進入討論組討論。
R4#sho crypto gdoi Group Information Group Name : gdoi Group Identity : 4.4.4.4 Group Members : 3 IPSec SA Direction : Both Active Group Server : Local Group Rekey Lifetime : 300 secs Group Rekey Remaining Lifetime : 95 secs Rekey Retransmit Period : 10 secs Rekey Retransmit Attempts: 2 Group Retransmit Remaining Lifetime : 0 secs IPSec SA Number : 1 IPSec SA Rekey Lifetime: 360 secs Profile Name : gdoi Replay method : Count Based Replay Window Size : 64 SA Rekey Remaining Lifetime : 156 secs ACL Configured : access-list 101 Group Server list : Local
新聞熱點
疑難解答
