0x13 HCNP-R&S GRE VPN experiment (Huawei eNSP)

Experimental topology

Experimental requirements

1. Company A and company B connect to the public network through NAT respectively
2. Public network configuration static routing interworking
3. Company A and company B enable gre vpn to communicate with each other

Basic configuration of interface IP

AR1

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys AR1
[AR1]inter g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24
[AR1-GigabitEthernet0/0/0]inter g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 1.1.1.1 24

AR2

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys AR2
[AR2]inter g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 2.2.2.1 24
[AR2-GigabitEthernet0/0/1]inter g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 1.1.1.2 24

AR3

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys AR3
[AR3]inter g0/0/0
[AR3-GigabitEthernet0/0/0]ip add 2.2.2.2 24
[AR3-GigabitEthernet0/0/0]inter g0/0/1
[AR3-GigabitEthernet0/0/1]ip add 3.3.3.1 24

AR4

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys AR4
[AR4]inter g0/0/0
[AR4-GigabitEthernet0/0/0]ip add 3.3.3.2 24
[AR4-GigabitEthernet0/0/0]inter g0/0/2
[AR4-GigabitEthernet0/0/2]qu
[AR4]inter g0/0/1
[AR4-GigabitEthernet0/0/1]ip add 192.168.2.1 24

Public network configuration static route interworking

AR1

[AR1]ip route-static 0.0.0.0 0.0.0.0 1.1.1.2

AR2

[AR2]ip route-static 0.0.0.0 0.0.0.0 2.2.2.2

AR3

[AR3]ip route-static 0.0.0.0 0.0.0.0 2.2.2.1

AR4

[AR4]ip route-static 0.0.0.0 0.0.0.0 3.3.3.1

The test public network has been connected

It is not ideal to use static routing in public network. It is more convenient to use dynamic routing. Here I will use OSPF

AR2

[AR2]ospf
[AR2-ospf-1]area 0	
[AR2-ospf-1-area-0.0.0.0]network 1.1.1.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 2.2.2.0 0.0.0.255

AR3

[AR3]ospf 
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]net 2.2.2.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]net 3.3.3.0 0.0.0.255

AR1

[AR1]ip route-static 0.0.0.0 0.0.0.0 1.1.1.2

AR4 

[AR4]ip route-static 0.0.0.0 0.0.0.0 3.3.3.1

Configure NAT

AR1

[AR1]acl number 2002
[AR1-acl-basic-2002]rule permit source 192.168.1.0 0.0.0
[AR1-acl-basic-2002]q
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]nat outbound 2002
[AR1-GigabitEthernet0/0/1]q

AR4

[AR4]acl number 2002
[AR4-acl-basic-2002]rule permit source 192.168.2.0 0.0.0.255
[AR4-acl-basic-2002]q
[AR4]inter g0/0/0
[AR4-GigabitEthernet0/0/0]nat outbound 2002
[AR4-GigabitEthernet0/0/0]q

PC2 test has access to the public network

Configure GRE VPN

AR1

[AR1]interface Tunnel 0/0/0
[AR1-Tunnel0/0/0]tunnel-protocol gre
[AR1-Tunnel0/0/0]ip add 192.168.3.1 24
[AR1-Tunnel0/0/0]source 1.1.1.1
[AR1-Tunnel0/0/0]destination 3.3.3.2
[AR1-Tunnel0/0/0]qu
[AR1]ip route-static 192.168.2.0 24 tunnel 0/0/0

AR4

[AR4]interface Tunnel0/0/0
[AR4-Tunnel0/0/0]ip add 192.168.3.2 24	
[AR4-Tunnel0/0/0]tunnel-protocol gre 
[AR4-Tunnel0/0/0]source 3.3.3.2 
[AR4-Tunnel0/0/0]destination 1.1.1.1
[AR4-Tunnel0/0/0]q
[AR4]ip route-static 192.168.1.0 24 tunnel 0/0/0

tracert, I can't see it through the public network

This is the end!

 

Tags: network VPN

Posted on Sun, 05 Jan 2020 17:29:55 -0500 by Jaguar83