灵活运用专用网和互联网VPN

同时使用专用网和互联网VPN,实现带宽扩增,主干系使用专用网,信息系使用互联网VPN

本解决方案是根据数据的种类,通过灵活运用多个网络从而实现带宽扩增。例如,机密性高的主干系使用专用网服务,大容量的信息数据使用互联网VPN。还通过灵活使用QoS功能从而实现带宽的有效利用。

图:先进的VPN促进各种网络的积极运用

总公司主干系路由器

能够只导出下述的设置部分。

ConfigDownload

IP地址的设置
(LAN端)
ip lan1 address 10.0.1.1/24
IP地址的设置
(IP-VPN)
ip lan2 address [总公司 IP-VPN连接IP]
BGP4的设置 bgp use on
bgp autonomous-system [提供商分配的AS号码]
bgp neighbor 1 [提供商端的AS号码] [IP-VPN网端连接点的IP]
bgp import filter 1 include 10.0.1.0/24
bgp import [提供商端的AS号码] static filter 1
bgp export filter 1 include all
bgp export [提供商端的AS号码] filter 1

总公司信息系路由器

能够只导出下述的设置部分。

ConfigDownload

路由设置 ip route 10.1.0.0/24 gateway tunnel 1
ip route 10.2.0.0/24 gateway tunnel 2
ip route [据点A的互联网端固定IP] gateway pp 1
ip route [据点n的互联网端固定IP] gateway pp 1
IP地址的设置
(LAN端)
ip lan1.1 address 10.0.2.1/24
接口的设置
(信息系网络)
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname [总公司信息系的互联网连接帐号] [密码]
ppp lcp mru on 1454
ip pp address [提供商分配的总公司信息系的固定IP]
ip pp mtu 1454
ip pp secure filter in 1001 1002 2000
ip pp secure filter out 1001 1002 2000
pp enable 1
通道接口的设置 tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on
ipsec ike local address 1 [提供商分配的总公司信息系的固定IP]
ipsec ike pre-shared-key 1 text test
ipsec ike remote address 1 [据点A的互联网端固定IP]
ipsec ike hash 1 sha
tunnel enable 1
通道接口的设置 tunnel select 2
ipsec tunnel 2
ipsec sa policy 2 2 esp 3des-cbc sha-hmac
ipsec ike keepalive log 2 off
ipsec ike keepalive use 2 on
ipsec ike local address 2 [提供商分配的总公司信息系的固定IP]
ipsec ike pre-shared-key 2 text test
ipsec ike remote address 2 [据点n的互联网端固定IP]
ipsec ike hash 2 sha
tunnel enable 2
过滤的设置 ip filter 1001 pass * * udp * 500
ip filter 1002 pass * * esp
ip filter 2000 reject * *
使用IPsec时
必须的设置
ipsec auto refresh on

据点1

能够只导出下述的设置部分。

ConfigDownload

路由设置 ip route 10.0.2.0/24 gateway tunnel 1
ip route [总公司信息系路由器的WAN端IP] gateway pp 1
IP地址的设置
(LAN端)
ip lan1 address 10.1.0.1/24
IP地址的设置
(IP-VPN)
ip lan2 address [据点A 至IP-VPN的连接IP]
接口的设置
(信息系网络)
pp select 1
pp always-on on
pppoe use lan3
pp auth accept pap chap
pp auth myname [据点A的互联网连接帐号] [密码]
ppp lcp mru on 1454
ip pp address [提供商分配的据点A的固定IP]
ip pp mtu 1454
ip pp secure filter in 1001 1002 2000
ip pp secure filter out 1001 1002 2000
pp enable 1
通道接口的设置 tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on
ipsec ike local address 1 [提供商分配的据点A的固定IP]
ipsec ike pre-shared-key 1 text test
ipsec ike remote address 1 [总公司信息系路由器的WAN端IP]
ipsec ike hash 1 sha
tunnel enable 1
过滤的设置 ip filter 1001 pass * * udp * 500
ip filter 1002 pass * * esp
ip filter 2000 reject * *
BGP4的设置 bgp use on
bgp autonomous-system [提供商分配的AS号码]
bgp neighbor 1 [提供商端的AS号码] [IP-VPN网端连接点的IP]
bgp import filter 1 include 10.1.0.0/24
bgp import [提供商端的AS号码] static filter 1
bgp export filter 1 include all
bgp export [提供商端的AS号码] filter 1
使用IPsec时的
必要设置
ipsec auto refresh on

据点n

能够只导出下述的设置部分。

ConfigDownload

路由设置 ip route 10.0.2.0/24 gateway tunnel 1
ip route [总公司信息系路由器的WAN端IP] gateway pp 1
IP地址的设置
(LAN端)
ip lan1 address 10.2.0.1/24
设置线路种类 line type bri2 l128
接口的设置
(信息系网络)
pp select 1
pp always-on on
pppoe use lan3
pp auth accept pap chap
pp auth myname [据点n的互联网连接帐号] [密码]
ppp lcp mru on 1454
ip pp address [提供商分配的据点n的固定IP]
ip pp mtu 1454
ip pp secure filter in 1001 1002 2000
ip pp secure filter out 1001 1002 2000
pp enable 1
接口的设置
(主干系网络)
pp select 2
pp bind bri2
ip pp address [据点n 至IP-VPN的连接IP]
ip pp remote address [IP-VPN网端连接点的IP]
pp enable 2
通道接口的设置 tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on
ipsec ike local address 1 [提供商分配的据点A的固定IP]
ipsec ike pre-shared-key 1 text test
ipsec ike remote address 1 [总公司信息系路由器的WAN端IP]
ipsec ike hash 1 sha
tunnel enable 1
过滤的设置 ip filter 1001 pass * * udp * 500
ip filter 1002 pass * * esp
ip filter 2000 reject * *
BGP4的设置 bgp use on
bgp autonomous-system [提供商分配的AS号码]
bgp neighbor 1 [提供商端的AS号码] [IP-VPN网端连接点的IP]
bgp import filter 1 include 10.2.0.0/24
bgp import [提供商端的AS号码] static filter 1
bgp export filter 1 include all
bgp export [提供商端的AS号码] filter 1
使用IPsec时的
必要设置
ipsec auto refresh on

返回顶部