灵活运用IP-VPN网络和互联网VPN

  • 主干系网络:IP-VPN网络
  • 信息系网络:互联网VPN
灵活运用IP-VPN网络和互联网VPN

例如,这是在现在使用的IP-VPN网络上新增互联网VPN,同时使用两者构建的网络。
通过在互联网VPN使用信息系数据等,实现带宽扩增。

总公司主干系路由器

能够只导出下述的设置部分。

ConfigDownload

IP地址的设置
(LAN端)
ip lan1 address 10.0.1.1/24
IP地址的设置
(IP-VPN)
ip lan2 address [总公司 IP-VPN连接IP]
BGP4的设置 bgp use on
bgp autonomous-system [提供商所分配的AS号码]
bgp neighbor 1 [提供商端的AS号码] [IP-VPN网络端连接点的IP]
bgp import filter 1 include 10.0.1.0/24
bgp import [提供商端的AS号码] static filter 1
bgp export filter 1 include all
bgp export [提供商端的AS号码] filter 1

总公司信息系路由器

能够只导出下述的设置部分。

ConfigDownload

路由设置 ip route 10.1.0.0/24 gateway tunnel 1
ip route 10.2.0.0/24 gateway tunnel 2
ip route [分公司A的互联网端固定IP] gateway pp 1
ip route [分公司B的互联网端固定IP] gateway pp 1
IP地址的设置
(LAN端)
ip lan1 address 10.0.2.1/24
接口的设置
(信息系网络)
pp select 1
pp always-on on
pppoe use lan2
pp auth accept pap chap
pp auth myname [总公司信息系用于连接互联网的帐号] [密码]
ppp lcp mru on 1454
ip pp address [提供商所分配的总公司信息系的固定IP]
ip pp mtu 1454
ip pp secure filter in 1001 1002 2000
ip pp secure filter out 1001 1002 2000
pp enable 1
通道接口的设置 tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on
ipsec ike local address 1 [提供商所分配的总公司信息系的固定IP]
ipsec ike pre-shared-key 1 text test
ipsec ike remote address 1 [分公司A的互联网端固定IP]
ipsec ike hash 1 sha
tunnel enable 1
通道接口的设置 tunnel select 2
ipsec tunnel 2
ipsec sa policy 2 2 esp 3des-cbc sha-hmac
ipsec ike keepalive log 2 off
ipsec ike keepalive use 2 on
ipsec ike local address 2 [提供商所分配的总公司信息系的固定IP]
ipsec ike pre-shared-key 2 text test
ipsec ike remote address 2 [分公司B的互联网端固定IP]
ipsec ike hash 2 sha
tunnel enable 2
过滤的设置 ip filter 1001 pass * * udp * 500
ip filter 1002 pass * * esp
ip filter 2000 reject * *
使用IPsec时
的必要设置
ipsec auto refresh on

分公司A

能够只导出下述的设置部分。

ConfigDownload

路由设置 ip route 10.0.2.0/24 gateway tunnel 1
ip route [总公司信息系路由器的WAN端IP] gateway pp 1
IP地址的设置
(LAN端)
ip lan1 address 10.1.0.1/24
IP地址的设置
(IP-VPN)
ip lan2 address [分公司A 至IP-VPN的连接IP]
接口的设置
(信息系网络)
pp select 1
pp always-on on
pppoe use lan3
pp auth accept pap chap
pp auth myname [分公司A用于连接互联网的帐号] [密码]
ppp lcp mru on 1454
ip pp address [提供商所分配的分公司A的固定IP]
ip pp mtu 1454
ip pp secure filter in 1001 1002 2000
ip pp secure filter out 1001 1002 2000
pp enable 1
通道接口的设置 tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on
ipsec ike local address 1 [提供商所分配的分公司A的固定IP]
ipsec ike pre-shared-key 1 text test
ipsec ike remote address 1 [总公司信息系路由器的WAN端IP]
ipsec ike hash 1 sha
tunnel enable 1
过滤的设置 ip filter 1001 pass * * udp * 500
ip filter 1002 pass * * esp
ip filter 2000 reject * *
BGP4的设置 bgp use on
bgp autonomous-system [提供商所分配的AS号码]
bgp neighbor 1 [提供商端的AS号码] [IP-VPN网络端连接点的IP]
bgp import filter 1 include 10.1.0.0/24
bgp import [提供商端的AS号码] static filter 1
bgp export filter 1 include all
bgp export [提供商端的AS号码] filter 1
使用IPsec时的
必要设置
ipsec auto refresh on

分公司B

能够只导出下述的设置部分。

ConfigDownload

路由设置 ip route 10.0.2.0/24 gateway tunnel 1
ip route [总公司信息系路由器的WAN端IP] gateway pp 1
IP地址的设置
(LAN端)
ip lan1 address 10.2.0.1/24
设置线路种类 line type bri2 l128
接口的设置
(信息系网络)
pp select 1
pp always-on on
pppoe use lan3
pp auth accept pap chap
pp auth myname [分公司B用于连接互联网的帐号] [密码]
ppp lcp mru on 1454
ip pp address [提供商所分配的分公司B的固定IP]
ip pp mtu 1454
ip pp secure filter in 1001 1002 2000
ip pp secure filter out 1001 1002 2000
pp enable 1
接口的设置
(主干系网络)
pp select 2
pp bind bri2
ip pp address [分公司B至IP-VPN的连接IP]
ip pp remote address [IP-VPN网络端连接点的IP]
pp enable 2
通道接口的设置 tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp 3des-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on
ipsec ike local address 1 [提供商所分配的分公司A的固定IP]
ipsec ike pre-shared-key 1 text test
ipsec ike remote address 1 [总公司信息系路由器的WAN端IP]
ipsec ike hash 1 sha
tunnel enable 1
过滤的设置 ip filter 1001 pass * * udp * 500
ip filter 1002 pass * * esp
ip filter 2000 reject * *
BGP4的设置 bgp use on
bgp autonomous-system [提供商所分配的AS号码]
bgp neighbor 1 [提供商端的AS号码] [IP-VPN网络端连接点的IP]
bgp import filter 1 include 10.2.0.0/24
bgp import [提供商端的AS号码] static filter 1
bgp export filter 1 include all
bgp export [提供商端的AS号码] filter 1
使用IPsec时的
必要设置
ipsec auto refresh on

返回顶部