Skip to main content

moregeek program

静态p2p gre over ipsec ×××实验-多极客编程

 


 


静态p2p gre over ipsec ×××实验_p2p


 


说明:

1.R2模拟为外网路由器.

2.R0,R1和R3,R4分别为异地两个分公司网络.

3.要求:

a.两个内网通过×××能够实现内网地址相互通讯

b.两个内网通过×××能够相互学习各自的网络.

4.使用静态p2p gre over ipsec实现

5.R0定义为10.1.1.0网段,R4定义为192.168.1.0网段

6.模拟外网段定义为100.100.100.0 和200.200.200.0


 


1.基本设置:

R0:

R0(config)#int fa0/0

R0(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

R0(config-if)#ip add 10.1.1.2 255.255.255.0

R0(config-if)#exi

R0(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1  \\开启端口,定义地址,

设置默认下一跳.

R1:

R1(config)#int fa0/0

R1(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R1(config-if)#ip add 10.1.1.1 255.255.255.0

R1(config-if)#exi

R1(config)#int fa0/1

R1(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

R1(config-if)#ip add 100.100.100.2 255.255.255.0

R1(config-if)#exi

R1(config)#ip route 0.0.0.0 0.0.0.0 100.100.100.1

\\开启端口,定义地址,设置默认下一跳.

R2:

R2(config)#int fa0/1

R2(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

R2(config-if)#ip add 100.100.100.1 255.255.255.0

R2(config-if)#int fa0/0

R2(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

R2(config-if)#ip add 200.200.200.1 255.255.255.0

\\R2是模拟外网ROUTER 因此它只需要定义地址即可.

R3:

R3(config)#int fa0/0

R3(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up


R3(config-if)#ip add 200.200.200.2 255.255.255.0

R3(config-if)#int fa0/1

R3(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

R3(config-if)#ip add 192.168.1.1 255.255.255.0

R3(config-if)#exi

R3(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.1

\\开启端口,定义地址,设置默认下一跳.

R4:

R4(config)#int fa0/1

R4(config-if)#no shutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

R4(config-if)#ip add 192.168.1.2 255.255.255.0

R4(config-if)#exi

R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

\\开启端口,定义地址,设置默认下一跳.

2.测试下网络:

R0:

R0>ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 31/35/46 ms


R0>ping 100.100.100.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 100.100.100.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 15/28/32 ms


R0>ping 100.100.100.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)


R0>ping 192.168.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R4:

R4#ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 31/31/32 ms


R4#ping 200.200.200.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 200.200.200.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 31/31/32 ms


R4#ping 200.200.200.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)


R4#ping 10.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R1:

R1>ping 200.200.200.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 200.200.200.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 31/34/47 ms


R3:

R3#ping 100.100.100.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 100.100.100.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 ms


\\从以上测试结果,可以判断已经模拟出内外网.


3.建立GRE隧道

R1:

R1(config)#int tunnel 1


%LINK-5-CHANGED: Interface Tunnel1, changed state to up


R1(config-if)#ip add 1.1.1.1 255.255.255.0

R1(config-if)#tunnel source fa0/1

R1(config-if)#tunnel destination 200.200.200.2


%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up

R3:

R3(config)#int tunnel 2


%LINK-5-CHANGED: Interface Tunnel2, changed state to up


R3(config-if)#ip add 1.1.1.2 255.255.255.0

R3(config-if)#tunnel source fa0/0

R3(config-if)#tunnel destination 100.100.100.2


%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2, changed state to up

测试:

R1#ping 1.1.1.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 ms

R3#ping 1.1.1.1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 ms


4:定义IPSEC参数

R1:

R1(config)#crypto isakmp policy 1

R1(config-isakmp)#encryption 3des

R1(config-isakmp)#hash sha

R1(config-isakmp)#group 2

R1(config-isakmp)#authentication pre-share

R1(config-isakmp)#exi

\\定义加密算法,密钥算法,hash算法,验证方法

R1(config)#crypto isakmp key 123 add 200.200.200.2

\\设置验证密码为 123

R1(config)#crypto ipsec transform-set gre ?

  ah-md5-hmac   AH-HMAC-MD5 transform

  ah-sha-hmac   AH-HMAC-SHA transform

  esp-3des      ESP transform using 3DES(EDE) cipher (168 bits)

  esp-aes       ESP transform using AES cipher

  esp-des       ESP transform using DES cipher (56 bits)

  esp-md5-hmac  ESP transform using HMAC-MD5 auth

  esp-sha-hmac  ESP transform using HMAC-SHA auth

R1(config)#crypto ipsec transform-set gre esp-3des esp-sha-hmac

\\定义 transform-set  gre为名称

R1(config)#access-list 100 permit gre host 100.100.100.2 host 200.200.200.2

\\定义感兴趣流量,,定义的感兴趣流量是双方用来建立GRE隧道的公网IP地址,并且协议为GRE,

而不是内网网段,因为内网网段是要靠路由协议来传递的。

R1(config)#crypto map |2| 1 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer

        and a valid access list have been configured.

R1(config-crypto-map)#set peer 200.200.200.2

R1(config-crypto-map)#set transform-set gre

R1(config-crypto-map)#match address 100

R1(config-crypto-map)#exi

\\定义map

R1(config)#int fa0/1

R1(config-if)#crypto map |2|

*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R1(config-if)#exi

R1(config)#

\\应用crypto map到端口

R3:

R3(config)#crypto isakmp policy 1

R3(config-isakmp)#encryption 3des

R3(config-isakmp)#hash sha

R3(config-isakmp)#group 2

R3(config-isakmp)#authentication pre-share

R3(config-isakmp)#exi

R3(config)#crypto isakmp key 123 add 100.100.100.2

R3(config)#crypto ipsec transform-set gre esp-3des esp-sha-hmac

R3(config)#access-list 100 permit gre host 200.200.200.2 host 100.100.100.2

R3(config)#crypto map |2| 1 ipsec-isakmp

% NOTE: This new crypto map will remain disabled until a peer

        and a valid access list have been configured.

R3(config-crypto-map)#set peer 100.100.100.2

R3(config-crypto-map)#set transform-set gre

R3(config-crypto-map)#match address 100

R3(config-crypto-map)#exi

R3(config)#int fa0/0

R3(config-if)#crypto map |2|

*Jan  3 07:16:26.785: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON

R3(config-if)#exi

 


5.定义OSPF协议,使两个网络可以相互学习

R3:

R3(config)#router ospf 100

R3(config-router)#network 192.168.1.0 255.255.255.0 area 0

R3(config-router)#network 1.1.1.0 255.255.255.0 area 0

R1:

R1(config)#router ospf 110

R1(config-router)#network 10.1.1.0 255.255.255.0 area 0

R1(config-router)#network 1.1.1.0 255.255.255.0 area 0

R1(config-router)#exi

查看route

R1:

R1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route


Gateway of last resort is 100.100.100.1 to network 0.0.0.0


     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, Tunnel1

     10.0.0.0/24 is subnetted, 1 subnets

C       10.1.1.0 is directly connected, FastEthernet0/0

     100.0.0.0/24 is subnetted, 1 subnets

C       100.100.100.0 is directly connected, FastEthernet0/1

O    192.168.1.0/24 [110/1001] via 1.1.1.2, 00:00:14, Tunnel1

S*   0.0.0.0/0 [1/0] via 100.100.100.1


R3:

R3#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       * - candidate default, U - per-user static route, o - ODR

       P - periodic downloaded static route


Gateway of last resort is 200.200.200.1 to network 0.0.0.0


     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, Tunnel2

     10.0.0.0/24 is subnetted, 1 subnets

O       10.1.1.0 [110/1001] via 1.1.1.1, 00:01:48, Tunnel2

C    192.168.1.0/24 is directly connected, FastEthernet0/1

C    200.200.200.0/24 is directly connected, FastEthernet0/0

S*   0.0.0.0/0 [1/0] via 200.200.200.1

R3#

测试:

R4>

R4>ping 10.1.1.1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 78/90/94 ms


R4>ping 10.1.1.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 109/120/125 ms


R0:

R0>ping 192.168.1.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 110/119/125 ms


到此,已经完成此实验.


 


 

©著作权归作者所有:来自51CTO博客作者am2012的原创作品,如需转载,请注明出处,否则将追究法律责任
静态p2p gre over ipsec ×××实验
https://blog.51cto.com/goome/1094121

即时通讯SDK(转)-多极客编程

  即时通讯SDK,也叫Anychat SDK;它是一个终端服务平台,允许两人或多人使用网路在这个平台上即时的传递文字讯息、档案、语音与视频交流。它包含了音视频处理模块(采集、编解码)、流媒体管理模块(丢包重传、抖动平滑、动态缓冲)、流媒体播放模块(多路混音、音视频同步)以及P2P网络模块(NAT穿透、UPnP支持)等多个子模块,封装了底层的硬件操作(音视频采集、播放)、封装了流媒体处理(编解码、

[C# 网络编程系列]专题八:P2P编程-多极客编程

引言: 前面的介绍专题中有朋友向我留言说介绍下关于P2P相关的内容的,首先本人对于C#网络编程也不是什么大牛,因为能力的关系,也只能把自己的一些学习过程和自己的一些学习过程中的理解和大家分享下的,下面就进入正题——P2P(Peer to Peer)编程   一、P2P的介绍 首先,现在大家熟知的BT、电驴、迅雷、QQ、MSN和PPlive等都是基于P2P方式实现的软件,并且对等联网(Pee

rtmfp、p2p聊天工具-多极客编程

自己稍微修改下的聊天工具:package {import flash.display.Sprite;import flash.display.StageScaleMode;import flash.net.NetConnection;import flash.net.NetGroup;import flash.net.GroupSpecifier;import flash.events.NetSt

什么是P2P?有何优势?-多极客编程

 纯点对点网络没有客户端或服务器的概念,只有平等的同级节点,同时对网络上的其它节点充当客户端和服务器。这种网络设计模型不同于客户端-服务器模型,在客户端-服务器模型中通信通常来往于一个中央服务器。 有些网络(如Napster, OpenNAP, 或IRC @find)的一些功能(比如搜索)使用客户端-服务器结构,而使用P2P结构来实现另外一些功能。类似Gnutella 或Freenet的网络则使

详解P2P传输技术与瓶颈的解决-多极客编程

 随着嵌入式技术这几年的迅速发展,在个人电脑平台上正显示出强大市场需求的流媒体技术,目前逐渐有向嵌入式平台转移的趋势。个人便携化、家电化的媒体消费需求,为这次平台的转移提供了市场契机。IPTV正是在这场消费革命中处在风口浪尖的焦点。业内大多认为IPTV蕴含了巨大的商业利益,但至今仍鲜有涉足者,其中原因之一是网络速度问题。本文介绍了对等网络技术,即点对点(P2P)技术,将其应用到IPTV网络传输中,

AnyChat中P2P技术的优势-多极客编程

 在服务器的配置文件“AnyChatCoreServer.ini”中网络配置部分,“RoutingPolicy”字段表示了P2P数据路由传输策略的配置信息,可取值分别表示: 1 服务器转发模式, 所有数据传输均由服务器转发(禁止P2P); 2 P2P直传模式,NAT穿透成功的用户之间互传,穿透失败的用户由服务器转发,该策略适用于局域网使用;(默认) 3 P2P路由模式,P2P网格传输,由服务